Four Billing, Payment Security Tips For Cyber Safety

Next Article

NAVIGATING A SEA OF CHANGE IN THE MORTGAGE INDUSTRY

Four Billing, Payment Security Tips For Cyber Safety

BY BRENDA MAGRI | SPECIAL TO NATIONAL MORTGAGE PROFESSIONAL

Home sales this year are up by eye-popping percentages – and so are the accompanying mortgages. This boom in home sales and refinancing in response to record low mortgage rates creates new opportunities, but also new threats.

The pandemic has seismically shifted consumer preferences to online platforms and technology in place of in-person interactions, and the real estate and mortgage industries are moving quickly to expand the availability of remote closings, including virtual appraisals and remote online notarizations (RONs). As more states move to accommodate these digital-first models, mortgage professionals are adapting to new ways of working.

And at every digital touchpoint, the stakes are higher for mortgage companies, brokers and other industry professionals as they guard against new cybersecurity threats.

While online and mobile technologyhas helped keep life, business – andmortgages – moving forward, thereare inevitably bad actors looking toexploit this crisis to commit wirefraud and other cybercrimes. Now,mortgage bankers and brokers, likeother professionals who handlesensitive consumer data, need toheighten security around financial,billing and payment systems.

Here is more on the currentcybersecurity landscape and four tipsfor mortgage professionals to bettermanage billing and payment securityin the age of COVID-19.

NEW OPPORTUNITIES FOR CYBERATTACKS

Across all business sectors, there is a threat of new cyberattacks linked to the COVID-19 crisis. This presents new financial risks for mortgage professionals and their clients, as both might be at higher risk for fraudulent activity.

Mortgage professionals should raise their defensive game – informing buyers and sellers of the increased risks of fraudulent online money and information transfers and taking proper precautions to ensure that all transactions are safe and secure.

One of the most popular types of cyberattack is “phishing” with a fake email or “smishing,” which is essentially phishing via text message. These attacks include phony but legitimate-looking messages enticing the recipient to click on a link for more information. This often takes the form of an urgent warning that, unless a specific action is taken immediately, access to financial accounts (for example), will be discontinued.

Clicking on the link or action button can expose that desktop or mobile device to the risk of a cyberattack. And that breach could lead to data theft of the individuals involved in the transaction or the introduction of ransomware to a mortgage professional’s entire database of sensitive client information. Wire fraud in particular remains a threat and is responsible for more than $200 million in losses in the real estate and rental sectors last year according to the Federal Bureau of Investigation’s Internet Crime Complaint Center.

The new reality of working from home has, in some cases, contributed to these types of threats not being as readily detected. From the challenges of juggling complete work-life integration and having an “out of sight, out of mind” mentality when it comes to engaging IT, to having less secure Internet connections at home, these factors all open up new risks. Cybercriminals are watching for these opportunities with the hope that other demands and stresses from COVID-19will cause usually vigilant mortgage professionals to miss the subtle signs that an incoming message is a phishing attack.

LOCKING THE DOORS AGAINST CYBERCRIME

Fortunately, mortgage professionalsand other industry pros can takeproactive measures to defendthemselves, their employees andtheir clients against this new wave ofcyberattacks.

· First, tune data loss tools,including email spam filters, forenhanced sensitivity to COVID-19-related threats. Keep watchfor not only “COVID-19” as a keyterm, but also related words andphrases, and commonly misspelledwords similar to the key terms.

· Second, create a regular cadenceof COVID-19 communications, andconvey that schedule to employeesso they know what (and when) toexpect. It could be, for example,the biweekly summary of businessupdates that’s sent every otherMonday. Communicate what theofficial emails look like, so anyphishing emails will be more likelyto raise red flags.

· Third, educate employees on what to look for to better detect phishing and smishing attempts. Warning signs include spelling and grammatical errors and frenzied sounding communications urging the recipient to take a specific action without delay. Instruct employees to never click on links from unknown senders, ideally with an automated warning at the top of any external emails advising to“think before you click.”

· Last, but certainlynot least, helpprotect clients bycollecting only thedata you need, ratherthan the data youwant. Providing themwith a more personalizedexperience can require arobust data profile, but italso comes with the additionalresponsibility of protecting thatdata.

In the quest to enhance clientinteractions and raise satisfactionscores, be wary of collecting andstoring more data than is reasonablyneeded. As the volume of data goesup, so do the chances of a securitybreach, which can lead to leaked data,customer exposure to payment andbilling scams, and official scrutiny ofmortgage companies’ practices.

Cyberattacks aren’t new butthey are heightened now morethan ever because of the pandemic.Protecting data and financial systemsis paramount – and it’s possiblethrough thorough routine trainingand education, as well as consistent,and comprehensive communications.In today’s rapidly evolving COVID-19landscape, defending againstcyberattacks will help keep financialsystems running, loan originationshappening, billing processes movingand revenue coming in.