idBUSINESS for Mortgage Professionals

495 views
430 views

Published on

In this slidecast, we look at information security through the unique lens of the mortgage industry, to understand the increased risk - and greater opportunity - that a strong Red Flag Rules program has for your mortgage business. Also a great primer for anyone thinking about buying a home, to learn how the mortgage industry uses your PII, and how you can protect it, through the application process.

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
495
On SlideShare
0
From Embeds
0
Number of Embeds
37
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

idBUSINESS for Mortgage Professionals

  1. 1. Mortgage Industry Overview July 10, 2009 1
  2. 2. Our goals today 2
  3. 3. Our goals today ‣ To give you the WHAT… 2
  4. 4. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules 2
  5. 5. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… 2
  6. 6. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module 2
  7. 7. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module ‣ but also give you the WHY 2
  8. 8. Our goals today ‣ To give you the WHAT… ‣ The FTC’s Red Flag Rules ‣ ...review the HOW… ‣ demo the idBUSINESS Red Flag Compliance Module ‣ but also give you the WHY ‣ Why information security is an OPPORTUNITY, not a burden 2
  9. 9. FILE CABINETS??? 3
  10. 10. The PII Lifecycle - MORTGAGE 4
  11. 11. The PII Lifecycle - MORTGAGE 4
  12. 12. The PII Lifecycle - MORTGAGE 4
  13. 13. The PII Lifecycle - MORTGAGE 4
  14. 14. The PII Lifecycle - MORTGAGE 4
  15. 15. The PII Lifecycle - MORTGAGE 4
  16. 16. The PII Lifecycle - MORTGAGE 4
  17. 17. The PII Lifecycle - MORTGAGE 4
  18. 18. The Opportunity ‣ There is a unique opportunity to grow a mortgage business by leveraging strong information security policy and sharing it with borrowers ‣ Build trust with borrowers ‣ Strengthen employee relationships ‣ Tighten lender/broker operations 5
  19. 19. The Risk ‣ The mortgage industry has a unique burden to protect borrower information ‣ Government mandate for regulation ‣ Financial industry scrutiny ‣ The Consumer’s Age of Transparency 6
  20. 20. The facts 30% 40% 60% 70% Business has suffered breach Thief is employee or knows employee Business has yet to incur a breach Thief is unknown • Since 2/15/05, over 251,000,000 Americans have had identities or other personal information compromised 7
  21. 21. The facts The average breach and its impact on customer confidence is growing. 58% of customers will lose confidence in your business after a breach. 31% of your customers will immediately cease doing business with you following a breach. Source: Ponemon Institute, 2008. 8
  22. 22. The Red Flag Rules 9
  23. 23. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act 9
  24. 24. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: 9
  25. 25. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: ‣ you hold “covered accounts” 9
  26. 26. The Red Flag Rules ‣ Sections 114 & 315 of the Fair and Accurate Credit Transactions Act ‣ Applies to you if: ‣ you hold “covered accounts” ‣ your customer records present a “reasonably foreseeable risk of identity theft” 9
  27. 27. Why are mortgage cos. COVERED ENTITIES? ‣ Deferring payment ‣ The mortgage process is by definition a deferred payment and credit-granting process ‣ Reasonably foreseeable risk ‣ Borrower files are a treasure trove ‣ Each record worth between $80-300 each* * Source: Black Market Identity Auction attended by Net Reaction mole, 2008. 10
  28. 28. Red Flag REQUIREMENTS 11
  29. 29. Red Flag REQUIREMENTS 1. A Written Information Security Program 11
  30. 30. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 11
  31. 31. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 11
  32. 32. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 11
  33. 33. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 11
  34. 34. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 6. Must contain an incident response capability 11
  35. 35. Red Flag REQUIREMENTS 1. A Written Information Security Program 2. Controls to prevent and mitigate the risks associated with identity theft 3. Must be administered by a board of directors or a member of senior management 4. Must deliver compliance report on at least an annual basis 5. Must contain mechanism to train employees 6. Must contain an incident response capability 7. Must ensure that vendors and suppliers are also compliant 11
  36. 36. “What happens if I don’t comply?” • Legal liability – Civil lawsuits, class-action litigation • Government penalties – FTC & State enforcement • Damage to brand reputation and borrower trust 12
  37. 37. The solution ‣ The idBUSINESS Red Flag Compliance Module ‣ Built on real-world forensic fieldwork ‣ Includes tools & benefits that actively involve employees in your compliance efforts ‣ Transitions information security from a compliance issue into a competitive advantage 13
  38. 38. The Red Flag Compliance Module ‣ Secure online interface 14
  39. 39. The Red Flag Compliance Module ‣ Learning tools available as text or video webinar 15
  40. 40. The Red Flag Compliance Module ‣ Risk Assessment tool provides ranking of your company in 12 key focus areas 16
  41. 41. The Red Flag Compliance Module ‣ Customizable checklist of 26 Red Flags to meet requirements of FACT Act 17
  42. 42. The Red Flag Compliance Module ‣ Employee training automated & easy, integrates automatically with your compliance report 18
  43. 43. The Red Flag Compliance Module ‣ Ability to evaluate supplier compliance practices using our proprietary Vendor Integrity Assessment 19
  44. 44. The Red Flag Compliance Module ‣ Access individual identity recovery protection using FraudStop and Restore from ID Experts ‣ Available as employee benefit, cafeteria-style add-on, customer blanket, or new revenue stream ‣ In the event of a breach, one-click access to best-in- breed data breach services and forensic services 20
  45. 45. Mortgage Industry BENEFITS ‣ NAMB Preferred Provider ‣ www.majesticsecurityidsafe.com ‣ Because We Care ‣ www.mortgagedashboard.com ‣ Mortgage Insurance Agency ‣ www.mtgins.com 21
  46. 46. “Can’t I do this myself?” • A self-written policy meets the letter of the law, but leaves gaps: – No vendor integrity assessment – No employee training, just signature line – No mitigation of damages in the event of an incident • Who will you call when you have a question? • No context of how Red Flag Policy fits into your business – What’s worth doing is worth doing right. – Missing an opportunity to GROW your business 22
  47. 47. So I’m compliant... ‣ NOW WHAT? ‣ Don’t let it sit on a shelf ‣ Talk to your employees ‣ Talk to your borrowers ‣ Use your policy as a business-building tool 23
  48. 48. The file cabinets? 24
  49. 49. Thank you! 25

×