email encryption

Is Email Encryption Enough?

It is essential in the mortgage industry to protect non-public personal information (NPPI).

If someone’s NPI gets hacked in an email, the customer’s identity could be stolen or their account emptied. Also, the CFPB can fine whoever didn’t encrypt that email. One example of why protecting NPI is important is the “wire fraud scheme.”

Wire Fraud Scheme Scenario

The Intercepted Email

For example, Michele the borrower needs to send $20,000 to Fred the title agent’s escrow account for the down payment on her new house. Fred sends Michele the wiring instructions; however, a hacker intercepts the email and changes the information before Michele receives it.

Tampered Wire Instructions

When Michele gets the email, she follows the instructions perfectly and sends the money directly to the hacker’s account. After never receiving the money, Fred contacts Michele. It is then that they realize the wiring instructions had been tampered with. Neither was to blame; however, because they were not up to date with evolving cyber threats, they were both taken advantage of.

Some businesses are now offering email encryption to title agents. While this is better than simply emailing unencrypted information, ATS Secured would like to pose a question to the mortgage industry:

Email Encryption Isn’t Enough

Email is just one of the methods used in the mortgage process to exchange information. Faxing hardcopies are also used. There are also several different versions of the same official documents, which lead to confusion, duplication of efforts, errors and fraud.

The problem isn’t just emails. The problem is sharing confidential information in an insecure manner.

Making slight improvements to an existing solution in order to provide something “new and improved” has its merits. But just as virtual communication replaced “snail mail,” or sometimes the better solution needs to look vastly different from its predecessor.

What if confidential information was protected behind firewalls, and stored in a system where every action was logged and auditable?

To take it even farther, what if the only people that could access the information were vetted and verified?

Not only would this system protect against fraud and help with compliance regulations, it would be intuitive and easy to use for everyone in the mortgage process.

ATS Secured believes in thinking outside the email inbox. What do other industry leaders think about this?

If you like our blogs, sign up for our newsletter to get monthly updates delivered to your inbox!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply