The world is changing rapidly. As it does, fraudsters are ever vigilant for the opportunity to strike. And few targets are as rich for them as the home finance transaction, where a single set of false wire transfer instructions can net criminals hundreds of thousands of dollars. Each additional player in the transaction — such as an independent mortgage originator or correspondent lender — only adds another opportunity for fraud.
Now, some of the changes in the mortgage industry are getting these ne’er-do- wells quite excited. If the industry doesn’t take action soon, it will be more vulnerable than ever before. What’s worse is that many in the industry believe that they are being protected by modern technology. This is not the case.
Mortgage professionals need to understand what’s really happening. They can then comprehend why it’s increasing risk for wholesale lenders, mortgage brokers, correspondent lenders and consumers, and what new technology will be required to mitigate these risks going forward.
Until relatively recently, the mortgage industry was still a paper-driven business in which regulatory efforts were typically aimed at making sure the right information appeared on the printed form used to disclose information to the consumer. Much has changed.
At the turn of this century, the federal government enacted legislation that made it legal to transact business electronically. Since then, the mortgage industry has been slowly moving in this direction. While the many advantages of paperless lending have been discussed ad nauseum over the years, there has always been some reason to delay. Chief among these reasons was the question of legal enforceability of the electronic mortgage note.
What would happen if the borrower defaulted? Would the judge look upon a sequence of binary data as a bona fide security instrument and award the property to the trustee through foreclosure? Without a good answer to this question, the industry’s progress toward the e-mortgage slowed to a crawl.
Then COVID-19 struck. Faced with the prospect of losing business that couldn’t be closed in a face-to-face ceremony to digital lenders that could close electronically, the industry suddenly got religion. Overnight, lenders embraced paperless loan origination, electronic closings and remote online notarization. Wholesale lenders, which were already adept at working with third-party originator partners over online networks, were arguably better prepared for this. Many others are still catching up to them.
It’s true that the industry is still in transition, but it’s already clear that there will be no going back. The industry is now operating in the age of the e-mortgage, even if the majority of loans require hybrid e-closings and many of the notes traded in the secondary market are still printed on paper. Still, the future is now clearly visible.
As the industry continues to cut its path through the jungle in search of the digital mortgage, the concept of a closing ceremony where buyers, sellers, lenders, real estate agents and loan officers all get together in a room to close the deal is already an outdated concept.
Consumers now realize that they have the power to complete the transaction from wherever they want at a time that is most convenient for them. This genie cannot be shoved back into the bottle.
All the industry can do now is meet the borrower’s expectations or get comfortable with low borrower-satisfaction scores. Naturally, lenders will work toward achieving the former.
As they do, more people will come together online during the homebuying process. Because you can see every party on a screen, and a remote notary has inspected and approved their state-issued identification document, mortgage companies trust that the transaction is protected and fully legal. But this may not be true.
Business email compromise schemes — which reportedly rose by 1,100% from 2015 to 2017, according to the FBI — work because people see a name they recognize and lower their defenses.
The mortgage industry takes pride in the technology it has developed to enable the paperless, online loan origination process enjoyed today — and with good reason. Many have worked hard to create these mission-critical systems and they should be proud of these powerful tools.
At the same time, criminal elements have been hard at work in creating their own technologies that can now be brought to bear on mortgage transactions. So-called “deepfake” technology that fabricates real images and sounds is now so good that it takes expert computer systems to uncover it. Many chuckle when former presidents seem to say silly things via deepfake multimedia. They won’t be laughing when these same tools are used to drain hundreds of thousands of dollars from their bank accounts.
Part of the reason these tools are so effective is that they are extremely difficult to detect, but the other part is that they play to emotions and take advantage of human psychology. When you see and hear someone you think you know, your defenses fall.
This occurs all the time with business email. Business email compromise schemes — which reportedly rose by 1,100% from 2015 to 2017, according to the FBI — work because people see a name they recognize and lower their defenses. Imagine how much better this works with a deepfake of their face and voice.
Lenders need to be concerned with more than just wire fraud (although with 47% of major financial institutions seeing an increase in this threat in 2020, it should be enough). The current regulatory environment also is a dangerous place for industry sales and marketing people who say the wrong things to U.S. consumers.
What if criminals used deepfake technology to make it look like a company’s loan officers or brokers were making noncompliant statements to consumers? How would the industry defend against that?
Fortunately, authentication technology is available. But it’s a double-edged sword. These tools are great when they work, but when they fail, they increase risk. One good example is knowledge-based authentication (KBA).
This is a method of authenticating a person’s identity by determining whether they know things that only the actual person would know. Proponents say that this method is becoming more sophisticated as the technology finds ways to know things that the person being authenticated should know.
Unfortunately, KBA is no longer dependable. It’s simply too easy for outside parties to gain access to knowledge or data that should be private to the person involved. From spoofed emails to social media scams, fraudsters have a wealth of opportunities to access private information from the intended victims themselves. Additionally, people don’t always remember the proper answer to their own authentication questions. Who can rattle off the specifics of an auto loan they took out 20 years ago?
Even if the technology could uncover a deepfake, which it cannot, failure to comply with its rigid requirements could lock the user out of the system. This would delay the closing and cause all manner of problems for the buyer, the seller, the real estate agent, the closing company and the lender.
KBA is not the tool needed to move forward into the digital age, especially as the industry moves closer to fully online transactions in which the identities of all parties must be determined. But there are tools that can work.
The way to tell one person from another is not what they know but what makes them who they are.
What the industry needs today is a reliable way to make absolutely sure that the people whom mortgage professionals are interacting with digitally are actually the people they want to transact with. The way to tell one person from another is not what they know but what makes them who they are.
For this, the mortgage industry needs biometrics. Biometric technologies are tools that identify people based on some aspect of their biology. It could be fingerprints, retinal scans, DNA or facial-recognition software. Some experts claim that the science of modern biometrics actually dates back to ideas that originated in the Babylonian empire around 500 B.C. But working examples didn’t truly exist until the 1800s, when French criminologist Alphonse Bertillon created a method for classifying and comparing criminals based on their body measurements.
It’s ironic that after working through the unique lines of a person’s fingerprints, the blood vessels in their eyes and the genes in their DNA, security experts have come full circle back to physical measurements. Today, one of the best tools for online authentication is facial recognition, in which sophisticated computers take hundreds of individual measurements of a person’s image and compare them to huge databases to come up with a positive identification.
Today’s tools are so good that they can quickly distinguish a person from among millions of others. They can even tell if the image being measured is a living person or is simply a still image stolen by a fraudster. With modern biometric technology, anyone with a smartphone, tablet or desktop computer can look into a webcam, and a lender on the other side of the country can know instantly whether the person on screen is the actual person they intend to do business with.
At the same time, a wholesale lender sitting in a conference with the Consumer Financial Protection Bureau could analyze a video and say with complete certainty that the loan officer who appears to be making noncompliant statements is not, in fact, one of its brokers. Fortunately, this technology is available today. It has been tested in a number of industries and is now being applied in the mortgage business by lenders intent on mitigating the very real risk of not knowing. ●