NPI and Data Insecurity

Posted by CourthouseDirect.com Team - 16 April, 2015

header-picture

NPI and Data InsecurityDoes a day go by when a major corporation doesn’t announce that its defenses have failed and that its store of customer information is now in unknown hands? If you’re in the title industry, the question of data insecurity can lead to sleepless nights.

It certainly feels like data insecurity is a problem that just won’t quit, and it seems that everything is at risk. Every kind of information is vulnerable, whether the information consists of user names, passwords, credit card information, photos, social security numbers, health data or anything else that’s purportedly “private.” Every business, regardless of industry or size, seems like an attractive target for hackers. It could be a big retailer. It could just as easily be your health insurer or the restaurant where you used your credit card. It could, heaven forbid, be your title company or your mortgage lender.

Sometimes, the consequences of data insecurity are obscure. There’s been a breach, but no one seems to be doing much with the stolen information. You’re left with an uneasy feeling, but there’s no immediate harm. Perhaps you change a few passwords, but you go about your business, fingers crossed and hoping for the best.

At other times, the consequences are devastatingly clear. Bank accounts are emptied, credit scores are ruined and identities have to be rebuilt from the ground up, a rebuilding that can take months or years.

For the title industry, the problem is especially serious because the information at stake is so sensitive. The industry hasn’t turned a blind eye to the problem. Security requirements have tightened, especially for banks, but there are problems yet to be solved. 

One problem could be called the “embarrassment of riches” problem: There are too many different solutions. Yes, banks have stepped up security, but they’ve all done it in different ways. Security vendors, and there are many, each have their own tools. Banks choose as they see fit, based on cost, effectiveness or some combination of the two, and they happily put systems in place. Meanwhile, the companies that interface with those systems, including, of course, title companies, have to adapt. If you’re working with a dozen lenders, you have a dozen distinct systems to navigate. As a simple matter of efficiency, it’s an enormous burden. At the bank, there’s one system to learn. At the title company, employees are scrambling to keep up with the full dozen.

A second problem stems from the way some bank systems operate. One widespread approach involves the submission of closing packages to a single secure email address. The right protocols are in place, and you can’t log in without the right credentials. This all makes perfect sense – until you start to count the people who need to login to that address to retrieve documents for closing. Each of them needs those credentials. People come and go, in a perfect world requiring a password change each time.  It’s all too easy to lose track, and that’s not the best path to effective security.

We don’t claim to be experts in designing secured systems, but as part of an industry that has to make security a top priority, we’d welcome security improvements with open arms. The biggest improvement would be a consolidation or standardization of security methods used to transmit private data. The variety of methods currently used create inefficiency and actually create new potential security issues when title companies need to manage so many login credentials. The normal route to a common technology starts with a variety of solutions that either consolidate, or slowly die from or live in obscurity until only one or two main competitors are left. This can take years though, leaving the current security and efficiency predicament open indefinitely.

Two entities influence the title industry the most, the government and the mortgage lending industry. Out of those two, the lending industry can move more rapidly. What would happen if the largest banks came to an agreement on which technology to use? Combined with backing from the state and national Mortgage Bankers Associations, a best practice could be put in place to help organize and streamline secure communications throughout the entire mortgage and title industries.  Hopefully this solution or something similar is enacted in the near future.

Tell us how you feel about Data Insecurity in the comments below or tweet us @CHDirect.

Topics: Title


Recent Posts

What are the Features of a Title Plant?

read more

What You Need to Know About Texas Public Records

read more

How to Eliminate Issues Locating Child Support Liens

read more