The Internet is being hailed as a way to help make mortgage operations more efficient, but safeguards must be taken to prevent information from being misused, an industry expert says.
"There are several security problems," said Marc Mandel, manager in the information practice of Ernst & Young, New York, at a technology conference sponsored by the Mortgage Bankers Association of America.
Despite efforts to keep data secure, "you're going into an environment that's pretty much totally open," Mr. Mandel said. Information such as a Social Security number on a mortgage application becomes readily available once it hits the Internet, he said. This makes customers, whose relationships mortgage bankers want to protect, particularly vulnerable.
"I think you need to worry about it," Mr. Mandel said.
In addition to gathering information from the Internet, unauthorized users can sabotage data that have been placed on-line, mortgage experts say.
When using the Internet to facilitate mortgage business, "educate your users to be a little paranoid," Mr. Mandel said. "You're trying to protect assets."
Mortgage companies, because they deal with so much confidential consumer information, "must establish network security from the beginning," Mr. Mandel said.
Workers should immediately respond to suspect use, like the appearance of activity in a seemingly secure file, analysts said.
In cases where something appears to have gone awry, "shut down segments that you think are being penetrated," Mr. Mandel said. Users can then bring up the system piece by piece, checking it out systematically to see where the trouble lies, he said.
Mortgage companies must decide beforehand who will use the system, analysts said, and they must keep tabs through strict user policies.
"You should be answering these questions before you hook into the Internet," Mr. Mandel said.
Instead of relying on traditional identification procedures, mortgage bankers were urged to log on with smart cards or passwords that change daily.
"If you use a password more than once, someone can grab it," Mr. Mandel said.
Employees are also urged to be on the lookout for people who, by phone, pose as high-level managers or information administrators and demand access to the system.
And, if they see a small discrepancy in a program, they should look into it with an eye toward possibly weeding out someone with unauthorized access.
"Don't just hook things up and let it flow," Mr. Mandel said.
