Keeping Home Loan Documents Safe from Hacking


Your clients provide tons of personal financial data to mortgage companies during a real estate transaction. So how do you know your clients’ preapproval and home loan documents are protected, and what safeguards do their lenders take? Many mortgage lenders have systems in place to keep sensitive financial data safe from hackers.

One of the best ways to help prevent personal data theft is continuous communication and education. Mortgage companies work to ensure their customers are aware of the prevalence and risk of online hacking and theft. The first step is to make sure home buyers know where cyber criminals are lurking and how to avoid them. Some companies send emails to customers reminding them to never wire funds without double-checking all information with their loan processors over the phone. And loan processors often have a disclaimer in their email signatures that serves as another reminder. Additionally, companies may send loan applicants videos throughout the transaction process educating them about loan document safety.

Mortgage lenders also have many electronic safeguards in place to protect sensitive customer data. For instance, they may use secure mail for collecting any non-public personal information, encrypted internal portals with password protection where clients can apply and upload their documents online, or a rigorous employee logon and password verification process with two-factor authentication. Mortgage lenders may have a clean desk policy stating that all file cabinets must be locked, and documents must not be left out where they could be read or stolen. Mortgage companies may also employ data protection policies with encrypted computers and phones, or even add their company logo to programs like Office 365 so employees know they are accessing correct, secure information. Many also have cyber incident management policies in place to protect clients in the event of a security breach.

Lastly, many mortgage lenders require their employees to attend annual training where they learn to recognize phishing scams and understand the importance of cyber security. Employees are also asked to forward all suspicious emails to their company’s IT department for investigation. Some companies’ IT departments even periodically send employees training emails disguised as phishing attempts. The goal, of course, is for the employee to spot the red flags and report the email to IT. If an employee believes the training email is legitimate and responds to it, the employee is notified of their error and sent to additional cyber security training. Mortgage lenders know the importance of informing employees whenever something new happens in the world of data hacking and cybercrime, so they may send information to keep them up to date on any new security issues.

Advise your clients to talk to their mortgage lenders about their data security practices. A good lender should have strong systems in place to ensure the privacy and safety of all customers.

Learn more about keeping your clients safe from scammers.

Want more great content like this? Sign up for our newsletter.