July/Aug. 2021 Issue

Cyberfraud: A Problem The Industry Must Share

It seems like we’ve been talking about cyberfraud risk mitigation and dealing with cyberfraud in the home finance industry for decades. Despite all of the time we’ve spent hardening our systems and protecting our borrowers’ sensitive financial information, cyberfraud hasn’t gone away. Based on every credible source, it’s a problem that continues to grow unchecked.

The other thing that keeps growing is the cost of guarding against it.

Financial institutions paid $219.3 billion in 2020 to guard against financial crimes. That’s an increase of over $30 billion from 2019, according to published reports.

Are these investments solving the problem? Not according to Corporate Finance Institute, a national training firm that teaches fraud risk mitigation, which estimated that losses from identity theft in the United States alone totaled nearly $2 billion in 2019. California, with over 73,000 cases of identity theft reported, was the state whose citizens suffered the most from the crime – Florida was a very distant second with 37,000 reported cases, the company reports.

So, what’s the problem? Why can’t we put a lid on cyberfraud in home finance? Identifying this problem is the first step in solving it. I can tell you three places you won’t find the answer.

The wrong answers to stopping fraud

Sometimes, the best way to find a solution to a problem is through the process of elimination. If you know what’s not causing the problem, you can get a head start on what is.

As a software developer and product manager, I can tell you that the industry has  great software to guard against all types of fraud. Our financial services encryption protocols follow the most rigorous industry practices and standards. We can tell who is in the network, how long they were there, what they touched, and what they changed. Getting around our security systems has never been more difficult.  Not having enough great technology is not the problem.

Some have argued that we need more regulation or new and tougher laws against cyberfraud, but we already have everything on the books we need to punish the criminals we catch. We have entire government agencies that only exist to pursue, capture and punish perpetrators of cybercrimes. They have the power of every law enforcement agency behind them. Not having the law on our side is not the problem.

When I’m out in the industry talking to lenders, settlement services providers and title company executives, I often hear them tell me that they’ve done their job of fraud risk mitigation. They’ve got the right hardware and software installed, they’ve trained their people, they’ve got the right procedures in place to stop fraud before the criminals get away with the cash.

I’ve looked into it and they’re right. They have their data privacy policies in place, they have their people trained up and management knows what procedures are required to keep their clients safe from cyberfraudsters. Not having the policies, procedures and people in place to stop cyberfraud is not the problem.

In fact, I’ve been told many times by conscientious, hard-working executives in our industry that they’ve done their part and cyberfraud isn’t a problem their company can solve.

And that’s the problem.

The real problem that leads to cyberfraud in mortgage

We take cyberfraud very seriously in this industry and we have many great people working on the problem. The reason it doesn’t get solved is that not everyone in our industry has taken shared ownership. The industry doesn’t collectively agree on whose problem cyberfraud really is, let alone what to do about it.

Fraudsters are smart criminals. If they can’t get in one door, they’ll find another, or a window. When they get in through someone else’s system or due to someone else’s mistake, it’s easy to claim that it’s not our problem to fix. This is especially true for larger companies that have invested a great deal in cyberfraud risk mitigation.

But that’s a losing game.

I’m not suggesting that someone should step up and take all the responsibility for stamping out cyberfraud, as no single party is solely responsible. This is a shared problem that belongs to us all. No one can solve it on their own.

That’s why the best software solutions haven’t been completely effective. It’s why not even the best trained employees or rigorous policies can’t stop cyberfraud. It’s also why just doing our part is never going to be enough to keep our clients safe.

We have to work together.

The job ahead of us now

I know, it sounds really hard to get everyone on the same page and working together to solve a multi-billion-dollar industry problem, but I assure you it can be done.

Look at how hard and long the MISMO team had to work to develop their standards. But they got the job done. Not so long ago when it became abundantly clear to the big tech firms that Hypertext Transfer Protocol (HTTP) was not secure enough, everyone got together and established the Secure Socket Layer, giving us all SSL encryption for better protection.

Working together gets results. But that starts with a conversation about the problem that doesn’t start with, “We’ve already done our part.”

It’s time to have a new conversation about cyberfraud in the mortgage industry and everyone is invited.