Preventing Financial Data Drain

Article excerpt

The mortgage lending industry has encountered the same data breaches as in other parts of the economy, which have resulted primarily from lost tapes and missing and stolen computers rather than outright hacks into data systems.

The potential for data loss is becoming more of a problem as more business turns electronic and moves away from the paper-based system that many baby boomers used when they bought their first homes. The lenders are now under pressure from regulators, business partners (e.g., loan funding sources), and customers to protect customer records.

Protection for a Prime Target

"The financial services industry is a prime target for data thieves and legislators," said Art Tyszka, senior product manager for Wolters Kluwer Financial Services. Financial services firms handle critical elements of a customer's data, including his or her name, address, phone numbers, and other personal data such as account information. With such data constantly under siege from external attacks, financial services providers that store this data also have to protect themselves against internal attacks.

Financial services firms also face overlapping legislation for customer data protection, including the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, the Bank Secrecy Act, Federal Financial Institutions Council (a group that coordinates rules for different banking regulators, including the Federal Deposit Insurance Corp., Credit Union National Association, and others) guidelines, and various state rules. Each has its own minutiae and fines, so financial institutions need to keep pace with the parameters of these overlapping laws. Finding a single process to meet these overlapping requirements is critical, according to Tyszka and Alan Horton-Bentley, director of financial services worldwide marketing for FileNet (a company that manages content and processes for financial services and other firms).

"When you take a siloed approach to databases, it's more difficult to keep all of the data safe," Horton-Bentley said, explaining that multiple data sources increase the chances of having multiple potential weaknesses in data protection. It's also more cumbersome to ensure that multiple data sources comply with pertinent financial regulations for data security.

The Importance of Encryption

Another part of the solution is encrypting data that is in transit and at rest, according to some security experts. However, encryption usage is still in its infancy in financial services as well as in other industries.

According to a Wolters Kluwer Financial Services poll conducted in 3Q 2006, nearly one-fifth of financial institutions (18.75 percent) do not encrypt documents with sensitive data in storage or in transition. One-quarter of survey respondents also said that they didn't know if they actually encrypted sensitive data when it was stored or in transit. The largest percentage of respondents (37.5 percent) use a secure document delivery service, while 12.5 percent use a digital vault and 6.25 percent use a proprietary solution.

Phishing continues to be one of the most prevalent problems for mortgage lenders and financial services providers, according to Tyszka. Consumers who recover some of their losses to phishers are reimbursed by financial institutions about 42 percent of the time, according to Gartner in Stamford, Conn. Gartner predicts that businesses across the board will sustain phishing losses that will increase from $600 million in 2006 to $2.8 billion in 2007.

Phishing for Financial Rewards

Financial institutions are one of the main targets of phishers because of the potential high value to the fraudsters since customer accounts can be drained quickly. …