One of the ways homeowners use to obtain the best mortgage deal is to use online mortgage forms to get multiple lenders to offer their best rates. While this may be a good start, there are some pitfalls that could prove very costly.
One of the problems with shopping around is getting caught up in the lowest rate and fees game, which can prove costly in of itself. But that is not what I want to talk about here. Instead, I want to talk about the potential for Identity Theft to occur to those unsuspecting folks out there shopping around.
Has It Happened Before?
Some of you already know I am an Identity Theft specialist as well, having obtained the Certified Identity Theft Risk Management Specialist (CITRMS) designation as part of my commitment to my own clients and as many others as I can. One of the best ways to protect yourself is minimizing your exposure to the risks associated. Sounds simple enough, but using online mortgage forms to gain multiple lender offerings can, and has, proven to be a risky method.
Lending Tree was found to have had a breach of security of their database a week or so ago, highlighting the problem. Of course, they downplayed this, saying that the information was used by one or more mortgage companies to compete for borrowers loans. They provided only a minimalistic view of the impact that could have occurred, mitigating their exposure to liability.
Just How Bad Could It Be?
If you believe that this data breach couldn’t end up in a much worse case than harassing phone calls, you could be sorely mistaken. Many mortgage companies have been caught using such data for fraudulent means, including Identity Theft. Several companies in Florida had employees, even owners, taking the data and using it to secure new loans in the unsuspecting homeowners name.
The data breach included everything needed to get a loan; name, address, phone, social security number, even employment information such as salaries. Even a secure online transaction cannot be guaranteed to protect your identity unless you know the company and trust them to se that information properly. If you feel the need to complete an online application to get one or more offers, I suggest you go directly to the company’s website after ensuring they are not being brought up on charges themselves.
Using online forms to gain multiple offers is a gamble that is not worth taking. The end result could cost you much more, even destroying you financially. Take a good look at the FTC’s wording and you will see the following statement in their Identity Theft regulations (you can download the document here):
If an identity thief changed the address on your account and you didn’t receive the bill, your dispute letter still must reach the creditor within 60 days of when the creditor would have mailed the bill. (Failure to do so results in you being liable for the entire amount).
There are plenty of instances where this has held true in courts, forcing the victims to declare bankruptcy and/or lose their homes. Since most of us only check our credit report once every four months at best, you could find out you are a victim way too late.
What Should You Do?
The next time you feel the urge to shop around in your efforts to get the best deal on a mortgage, think again. At least be extremely cautious about who you give your information to or you could suffer severe consequences. Make sure you do enough research on the company to be certain your information is not going to be compromised. Every mortgage company should have safeguard procedures which is not limited to just a privacy notice, but insludes procedures for securing and properly disposing of non-public information (NPI).
June 2, 2008 at 8:59 am
Robert – you make a great point that few people stop to think about. We were victims of someone who hacked our Visa company at christmas and drained $44,000 out of our bank account – luckily it all got returned and I spotted it immediately because of online banking however it meant closing ALL our accounts at Christmas – what a nightmare. Luckily all our money wasn’t in one place. Your clients will certainly benefit from your skill and knowledge.
Jennifer in Louisville
June 2, 2008 at 9:30 am
Great advice. Buyer beware definitely applies. Making a mortgage application furnishes a lot of personal information – and there are a lot of bad people out there that would love to get their hands on it. Getting good references can help. That will at least provide some means of identifying if this particular mortgage provider has been around for a little while, and what their reputation is within the community.
June 2, 2008 at 9:47 am
Excellent, timely advice. If only you’d been around with this a couple of years ago, during all of the re-fi boom. Perhaps some who lost their digitial identity (uh, who am I?) using those on-line mortgage services may have been spared the nightmare.
All of this further supports my posture with buyers – work with a local lender. Nothing can replace the ability to go pound on a desk when the lender is not working in your best interests.
June 2, 2008 at 11:19 am
Identity theft sucks. It’s a crime that should be at the top of the list of the Treasury Department. Has any one used LifeLoc?
June 2, 2008 at 1:25 pm
Great information. This is just another reason not to work with these types of sites. Like Vance I believe that clients are better served by local lenders.
Mack in Atlanta
June 3, 2008 at 7:21 am
Thanks for sharing this insight Robert. Identity theft should be a capitol offense.
Robert D. Ashby
June 5, 2008 at 10:20 am
I am glad everyone liked the information. I felt the need to ensure you all were aware of the problems with these type of mortgage applications after the Lending Tree mishap.
Most people do not realize that the FTC is actually in charge of handling ID Theft and its enforcement. They also do not realize that the wording of the law favors the creditors in that you are responsible even if you never knew it occurred in many cases.
Another problem with companies throughout the real estate industry, especially mortgage companies, is the lack of knowledge on what is required by them to mitigate misuse of NPI data. The fines for their lack of knowledge can reach astronomical proportions, so if you own a business, read up on your requirements.
As for ID Theft protection, I have not used LifeLoc, so I cannot say anything about them. I personally use (and offer as part of my services) the Identity Theft Shield from Pre-Paid Legal. I can tell you I have not encountered any problems and have seen activity reports come to me within one or two days of adding credit card accounts and even changing addresses (very important and often overlooked aspect of protection).
Everyone should have something in place, but do your research to determine which one is best for you as there are many worthless ones out there as well. Credit monitoring alone is not adequate protection.
June 6, 2008 at 2:58 pm
What really blows my mind is that a home buyer goes to the trouble to give me a bogus email on a listing posted on the web, and yet they will cough up everything for an online lender website. Go figure…