Your Cookies are Disabled! NationalNotary.org sets cookies on your computer to help improve performance and provide a more engaging user experience. By using this site, you accept the terms of our cookie policy. Learn more.

Protecting Borrowers’ Privacy Is ‘Not An Option’ For Signing Agents

NNA2016 Signing Agents Must Protect Borrower Privacy

Updated 8-12-16. For Notary Signing Agents, there is growing pressure to do more to protect borrowers’ sensitive personal and financial information — often called Non-Public Personal Information (NPPI).

With the mortgage industry improving its ability to protect consumer information, cyber criminals are looking for the weak link, according to title industry executives. In many cases that means targeting the generic email accounts — such as Gmail or Yahoo — that NSAs and others use because the accounts often lack strong security measures.

Common Email Scams
 

It’s fairly easy for cyber criminals to hack into email chains about real estate transactions through these email accounts. Once in, the hackers will insert a bogus email into the chain, said Bill Burding, Executive Vice President and General Counsel of Orange Coast Title Company, during the mortgage industry panel discussion at NNA 2016 Conference.

The bogus emails often look like they were sent by real individuals from real email addresses. NSAs are most likely to see an email, purportedly from the borrower, asking for copies of documents in the loan package that contain financial information. “If you see that request in an email chain, it should raise a red flag,” said co-panelist Brian Hughes, Chief Operating Officer of Title Source.

Even if NSAs do not see a fake email, hackers could get into the email chain for a mortgage transaction through their accounts. “If you are in an email thread, and the consumer loses their money, count on being a defendant in any court case,” Burding cautioned.

Report All Breaches
 

To a one, the panelists urged NSAs to report any breach or threat immediately. Government regulators can impose hefty fines on entities that fail to report a breach in a timely manner. “Call your settlement agent or call the title company or whoever gave you the assignment,” Hughes said.

Marcy Tiberio, a signing service owner and NSA from Rochester, New York, offered a number of tips in the Conference workshop , “What Lenders Say You Must Know About Protecting Signers’ Privacy.” At the top of the list were straightforward recommendations, such as using strong firewall and encryption protection for all their mobile and computing devices; using strong passwords that are not shared; and avoiding public wireless networks.

She also encouraged NSAs to activate or download security features on their smartphones that would allow them to lock their phones or wipe the data if it is lost or stolen.

Low-Tech Guidance
 

The title industry panelists had several low-tech recommendations:

  • Maintain a “clean desk” policy by keeping all sensitive information you’re not using locked safely away; a lockable file cabinet is good to store sensitive documents.
  • Use screen protectors for your laptop to keep people from looking over your shoulder.
  • Make sure any documents in your car are locked in the trunk or hidden out of sight to cut down on “smash and grab” incidents.
  • Periodically review your security precautions to make sure you haven’t left any gaps. The NNA has a Self-Assessment tool available.
  • Make sure family members and others in your home cannot access your data, including client information, loan documents and other records.
  • Shred every document you don’t need.
  • Never put loan packages into a FedEx or UPS drop box. Instead, take the packages inside and get a receipt. This was the third consecutive year that an industry panel gave this advice.

Good cyber security measures will act as a strong deterrent to hackers. Because there are so many people who can be breached, if a hacker comes across a good firewall or encrypted communication, they will move on to the next target.

Michael Lewis is Managing Editor of member publications for the National Notary Association.

Related Articles:

The Identity Protection Crisis

Notarization And Technology: Dealing With Unusual Requests

Additional Resources:

Privacy Tips For Notary Signing Agents

Common Data Security Terms

3 Comments

Add your comment

Thomas Rothrock

15 Jun 2016

The best way to avoid these situations is to ignore and delete those kinds of emails. We need to remember the data sent to us is entrusted to us by the Title companies we work with and if there is any instructions that are testy, I usually call the number I have to clarify and not one that is given to me thru an email that is sketchy at best.

Jay Schankman

18 Jun 2016

Yet still it is common practice for Title companies and Signing Services to send PII through unencrypted email with no policy in place to instruct the NSA on how to keep this information that they have been entrusted with secure from these identity theft. The NSA's MUST bear the responsibility of securing and safely deleting all PII. There should be a standard in place. If the CFPB hasn't stepped in, we should be taking this seriously anyway and policing ourselves.

Margaret Paddock

20 Sep 2016

I found one of the most secure methods is to use one computer with its own e mail for notary work only. I do no other work on it. It may seem expensive but then no one else has my e mail hence no junk mail. I use Avast or AVG and I also use Google e mail which scans for viruses before my protection does and I use Thunderbird browser and Mozilla Firefox. I also scan into Adobe pdf which can be encrypted to secure any fax back documents. I refuse to put any pictures or documents on a phone.

Leave a Comment

Required *

All comments are reviewed and if approved, will display.