A recent report indicates that fraud cost mortgage lenders one third more in January 2022 than it did in 2019. For every dollar lost through fraud, lenders actually lose $4.40, a higher expense than the $3.30 number in 2019. But fraud costs lenders in more than just lost funds. Lenders lose valuable time recouping losses, and can lose customer trust as well.
Several types of fraud are on the rise including synthetic identity fraud (where someone combines real and fake information to create a new identity) and credit washing whereby a fraudster makes a false identity theft claim to “recoup” assets that were never theirs.
With many phases of the mortgage process moving online — from loan applications to closings — lenders are starting to consider new measures of protection they need to manage fraud. Fraud can happen at any level, from individual borrowers to high level executives within a financial institution. In order to safeguard against all forms of fraud, lenders need to approach security measures from a holistic point of view.
The most common online mortgage fraud fall into two buckets:
Fraud for profit: This is often fraud committed by professional criminals or by employees within a credit union, bank or real estate company with insider information. In this form of fraud, someone (internal or external) might be looking to create a fake loan to embezzle funds from a mortgage transaction, or worse — steal millions from a financial institution.
Additionally, fraud for profit online increasingly includes identity and data fraud. The sensitive information that lenders have about their customers is highly valuable to cybercriminals who try to hack into computer systems to access databases of personally identifiable information that they can steal to use themselves or resell on the black market.
Fraud for housing: There is, unfortunately, a subset of borrowers willing to commit fraud to gain free housing or dramatically reduced housing costs. Others may be willing to commit fraud in order to gain control of real estate illegally, either from an estranged spouse or family member, or within a real estate company.
In any of these cases, preventing online mortgage fraud needs to start before fraud happens, with a strong plan that can both detect potential fraud and deter fraudsters before they get too far.
Many common mortgage fraud scams like identity theft and falsification can be stopped with strong security practices like identity authentication. With robust identity authentication as a first step, lenders can ensure the veracity of everyone involved in an online transaction.
One of the most important elements of identity authentication is making sure that every step in the process is password protected. Passwords must be unique, not easily guessed, and should require additional security measures to “double check” that the person inputting the password is authenticated. One approach to this is with multi-factor authentication. This form of security will provide a second layer of verification, either in the form of a pin or a link sent to a different device or channel (such as mobile or email), making sure that the person has access to a secondary personal account in order to confirm their identity.
In addition to ensuring a secure access point, additional safety measures need to be put into place for sensitive transactions. For example, uploading forms of identity, sharing sensitive account information, or e-signing or notarizing documents should require additional authentication and ID verification. With the right technology, lenders can avoid online mortgage fraud and be sure that documents and signatures are accurate before a transaction closes.
For lenders, banks and credit unions the best way to implement better security protocols is to mandate it from the top and provide a clear explanation as to the benefits of implementing better authentication and verification measures. When everyone understands why their organization is putting in new fraud prevention measures in place, and that they are not being singled out, they are more likely to adhere to the new approach.
Another approach is to adopt a “zero trust” security protocol, which assumes that anyone — employee, client or otherwise — could be a potential security threat. This does not actually mean that no one is trustworthy, but rather that security is most effective when safety protocols are equally implemented across all parties.
In addition, lenders should make sure that they themselves are using authentication best practices. Every employee and partner should be required to use multi-factor authentication, all documents should be verified and the same goes for all borrowers and partners. Ensuring security best practices at every level not only stops fraud, it increases customer trust and will help the long term growth of online mortgage lending.