If you’re reading this, you’re using technology. Things change fast, and it’s tough for the average lender to stay up on advances in mortgages, tech in general, or what tech companies are doing in the credit industry. For example, sources say Apple and Goldman Sachs are preparing to bring to market a credit card branded as an Apple Pay card. The card reportedly could be offered to customers in 2019.
From Richey May JT Gaietto put together some information about new security features released by Microsoft intended to reduce ransomware. “Rob, I wanted to let your readers know about new security features recently announced by Microsoft that are designed to reduce ransomware, a type of malware that encrypts data, rendering a company unable to conduct business until a ransom is paid to the attacker. In the past three years, the costs associated with ransomware have increased more than tenfold, reaching an estimated $5 billion globally last year.
“This new set of enhanced features is intended to improve the security of Microsoft’s Office 365 suite and to reduce the risk of ransomware. Starting on April 6th, Microsoft Office 365 customers can recover files stored in OneDrive within the last 30 days. This feature allows customers to recover data that has been lost due to accidental deletion, file corruption or ransomware. Microsoft has also enabled a new ransomware detection and recovery feature that is designed to identify malware and alert customers prior to them being negatively impacted by ransomware. Office 365 also now includes new content control functionality that enables users to set passwords on file sharing links, as well as prevent the links from being forwarded beyond the intended recipients. All of these features can be quite useful in protecting data and helping companies gain an upper hand in the ongoing fight against malicious cyber activity.”
Peter Liebert, California’s chief information security officer, has emphasized that cybersecurity must be central to all activities at the California Department of Technology, a point that is echoed in Vision 2020, the strategic plan for technological development at all levels in the state. Liebert said that cybersecurity is essential as technology becomes increasingly integral to everyday life.
Phishing? I know of companies where the IT department regularly sends out “fake” phishing emails to employees to guide them in recognizing them. Intermedia’s 2017 Data Vulnerability Report finds roughly 20% of office workers certainly have been stressed due to becoming a victim of a phishing email. These types of attacks are on the rise, so lenders and banks need to know what to look for and how to respond.
One recent phishing scam targets a company’s payroll. There are several versions of this scam, but the upshot is that thieves are using information they obtain from employees to access payroll and steal paychecks. Law firm Ogletree, Deakins, Nash, Smoak & Stewart lays out one possible scenario. The scam begins with an employee receiving an email that appears to come from within his or her company. It might be an e-signature request or a survey response request. Employees are directed to click a link, access a website or possibly answer a few questions. Then, employees are asked to confirm their identity by providing their log-in credentials. Once thieves have this information, they can cause all sorts of havoc by accessing payroll portals, rerouting direct deposits to other accounts and more.
The thieves are clever in their efforts and have even come up with a workaround for skeptical employees who attempt to determine their legitimacy by responding to the sender. Those who try this route receive a prompt response “verifying” that the employee should follow the link’s instructions.
One of the major problems with phishing emails is that they seem authentic and even savvy employees familiar with the idea of phishing attempts can easily be duped. CEOs that I speak with discuss the need to familiarize employees about these types of scams and proactively train them how to react when there are doubts about an email’s legitimacy.
What are IT staffs at banks and large lenders doing? Education is key. This may seem obvious, but it is nonetheless important. Be sure to remind employees frequently never to click on an unfamiliar link in an email, even if it seems legitimate. If employees have any questions, they should pick up the phone and call human resources or the IT department. Employees should never hit reply to one of these emails or call a phone number given in the email.
Testing and training should never stop. As I mentioned above, I know of banks and lenders that regularly send their own version of phishing emails to staff members. The logic is simple. Any employee who takes the bait and clicks on the link receives extra training. Banks reason that it’s better to be proactive than to risk employees inadvertently clicking on a real scam. If you are trying this approach, the trick is to make the phishing emails seem believable. The reason so many people are ensnared by phishing emails is that they are highly believable. If you make your test messages obviously fake, you’re wasting your time.
IT chiefs find it is important to remind employees frequently that you will never ask them to share passwords or provide sensitive information over email. Repeat this message often and hopefully it will cause everyone to think twice. As phishing scams get more and more sophisticated, it becomes even more incumbent on banks and lenders to be proactive.
White House technology adviser Michael Kratsios has told a gathering of tech firms the Trump administration will take a free market approach to the development of artificial intelligence and will not let regulators get in the way. While acknowledging job displacement is inevitable, Kratsios noted the government “didn’t regulate flight before the Wright Brothers took off at Kitty Hawk.” Really? Is that the best analogy?
The Federal Reserve is considering whether to change its regulatory approach to include “more specialized responses” to use of artificial intelligence and machine learning in the financial sector, says Randal Quarles, vice chairman for supervision. “To the extent you have a machine learning tool that is interacting with customers, we want to make sure that the traditional protections are being complied with,” Quarles says.
Traders of mortgage-backed securities are eyeing blockchain. Standardizing trade reporting by using a blockchain-based format could make filing multiple reports in real time to central banks more efficient and could cut costs, data experts say. “Vast troves of regulatory information are legally public but cannot be considered fully available — because the information is trapped within unstructured documents and cannot be systematically extracted,” Data Coalition Executive Director Hudson Hollister says.
Rick Geary sent, “In case the ‘blockchain’s potential impact in housing’ discussion grows, thought I’d pass along some collective thoughts from a few recent impromptu discussions I’ve led among peers for ‘what the future may hold’ if you’d like to offer them up when appropriate. Blockchain’s first and most likely entry point into the lending industry would appear to be the escrow/title/closing attorney domain. In simple terms, ‘blockchain’ is a way to make sure everything gets done before money is exchanged (or each party to a contract is given what’s due them once the contract’s components are fulfilled). This is the role of escrow (in dry states) and title and/or closing attorneys (in wet states). Once perfected in the closing space, it will potentially migrate to handle entire mortgage transactions with the help of advanced AI.
“Its current challenge is the speed at which blockchain executes and confirms required steps were completed, and then logs those steps correctly, before moving on to the next step. Speed is improving as the platform(s) improve, but it is presently too slow to handle millions of transactions across the country daily. It won’t stay this way, of course.
“Once the speed/execution of blockchain (and/or any next generation platform(s)) improves, and as AI is improving, the underwriting domain will be threatened. Imagine a computer is “taught” through AI to recognize ‘conditions’ and ‘clear’ them. Once all are cleared, the computers print the electronic docs and get them e-signed and distributed. The executed ‘docs’ are pushed to respective lenders for collateral and county recorders for ‘recording’. It is the recording step which is already within the scope/power of blockchain (it can function in microseconds and has more true integrity than a stamp and a scan of a paper document done in human real time). The notary function as used in the USA (i.e., only to verify identity of the signer, not the validity of the document) is reduced, if not eventually eliminated.
“Servicing is also a natural target for blockchain to take hold. Receive payment = apply calculation, update figures and inform the involved parties. All “automatable”. No payment received by X date = issue notice to borrower and begin steps to protect the servicing lender. Basic if/then programming mostly.
“The most industrywide influence is this: the blockchain ensures integrity, ensures back-up records are maintained, and if implemented correctly it supplies the same audit trail for both business and regulators to review. Fraud is reduced to near, if not actual, zero.
“How long consumers will want someone (read: MLOs) to hold their hand and advise them about programs, rates, locking strategy/timing, and down payment options will largely depend upon the progress and sophistication of AI, and largely the willingness of humans to fully ‘trust’ technology alone versus someone they can look in the eye. Technology allows efficiency, and often helps cost reductions, but does it provide true accountability? (Hint: If it already did, offshore call centers handling millions of customer service calls daily wouldn’t exist.) It should be a very interesting next five years.”
Vince Furey at OpenClose addressed a recent opening paragraph in my commentary on sales expenses. “Rob, regarding Jeff Babcock’s summation of expense reduction. Given that sales are driving the revenue opportunity, without identifying the associated loan officer/broker commission expense, it’s impossible to determine if Sales cost is the ‘real opportunity for achieving meaningful expense reductions.’ It is safe to forecast that a 10% reduction in loan officer/broker commission expense will result in a greater than 10% reduction in production; causing lost revenue. A critical area missing from this equation is the non-commission Sales expense. Considering the average loan amount in 2017 was $244,000 and average LO and broker compensation exceeded 125bps, achieving a 10% cost reduction, without negatively impacting production, would require a balanced approach of both fulfillment expense and non-commission sales expense reduction.”
On the topic of selling leads, or protecting clients, from Georgia I received this. “If you want to eliminate trigger leads, fill in the phone number and email incorrectly before you pull credit and the credit agencies that sell the trigger leads will be providing incorrect information. In a short period of time the buyers will realize that the information that they are buying isn’t worth it and that problem will be solved- why try to legislate solutions when common sense works just fine. And what does it say about the quality of Loan Originators out there that lose clients to trigger leads?
“Just last month I had a client whose current lender contact my client when we ordered a payoff for a refinance and offered him a 5-year ARM FHA that was at a lower interest rate than the conventional loan that I was putting him into. Of course, he called me (as he should have), and within a few minutes I was easily able to explain to him how my deal was significantly better than what they were offering, I always end with ‘… and why did they wait until now to offer you a better deal than what they are currently charging you?’ Thus, planting the seed that they aren’t concerned with making an obscene profit off you for as long as they can.”
(Warning: Rated PG for sexual situations.)
A father buys a lie detector robot that slaps people when they lie.
He decides to test it out at dinner one night. The father asks his son what he did that afternoon.
The son says, “I did some schoolwork.”
The robot slaps the son.
The son says, “Ok, Ok. I was at a friend’s house watching movies.”
Dad asks, “What movie did you watch?”
Son says, “Toy Story.”
The robot slaps the son.
Son says, “Ok, Ok, we were watching Stormy Daniels movies.”
Dad says,” What? At your age I didn’t even know what dirty movies were.”
The robot slaps the father.
Mom laughs and says, “Well, he certainly is your son.”
The robot slaps the mother.
Robot for sale.
Visit www.robchrisman.com for more information on our industry partners, access archived commentaries, or to subscribe to the Daily Mortgage News and Commentary. If you’re interested, visit my periodic blog at the STRATMOR Group web site. The current blog is, “Amazon in the Mortgage Jungle.” If you have both the time and inclination, make a comment on what I have written, or on other comments so that folks can learn what’s going on out there from the other readers.
(Market data provided in partnership with MBS Live. For free job postings and to view candidate resumes visit LenderNews. Currently there are over 300 mortgage professionals looking for operations, secondary and management roles. For up-to-date mortgage news visit Mortgage News Daily. For archived commentaries, or to subscribe, go to www.robchrisman.com. Copyright 2018 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)
- Dec. 31: Rates, the Fed, world economies, affordability, and the shutdown – all tied together - December 31, 2018
- Dec. 29: FEMA reverses flood ruling; cybersecurity notes; observations on general housing trends - December 29, 2018
- Dec. 28: Doc automation product; FHA & VA changes around our biz; Agency deals continue to share risk - December 28, 2018