Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Identity

Mortgage lenders face jump in fraud costs, attack volumes since pandemic began

A home available for sale is shown on Aug. 12, 202, in Houston, Texas. (Photo by Brandon Bell/Getty Images)

The combination of heightened malicious attacks in the past two years, coupled with low-interest rates that have fueled a hot real estate market, and more financial employees working from home has created a perfect storm for a boom in fraud hitting U.S. mortgage lenders.

The cost of fraud overall for U.S. banks and lenders has leapt between 6.7% and 9.9%, according to a recent report conducted late last year by LexisNexis Risk Solutions in Atlanta. Indeed, both fraud costs and attack volumes have hit mortgage lenders much harder in recent months than before the COVID pandemic began nearly two years ago, per the findings of the 2021 edition of the LexisNexis True Cost of Fraud Study: Financial Services & Lending. The report was based on a survey of more than 500 risk and fraud management executives in the United States and Canada.

Perhaps the central takeaway from the report is that costs are now 23.5% higher for mortgage lenders than they were before the pandemic because of fraud. While fraud costs and attack attempts have jumped in virtually every financial category in the past two years, the report maintains that the costs and volume of attacks the mortgage segment is facing trumps other categories. Bigger mortgage companies are facing the biggest risk, particularly those that have been originating their loans through online and mobile delivery — which, of course, has been much more popular in light of branch shutdowns, more remote work among lenders and their customers alike, and a busy market for loans.

And, arguably mortgage lenders are having a hard time keeping up with the new pace of threats. Cases in point: Several mortgage lenders have been slapped on the wrist by regulators and forced to pay fines for failing to report breaches (or not reporting them quickly enough) and improper cybersecurity practices. Among them, Residential Mortgage Services, Inc. of South Portland Maine had much of their loan applicants’ sensitive personal data compromised in 2019, but failed to report it until a state banking regulator uncovered the breach in July 2020 during a routine safety and soundness audit of the financial firm. Also last year, First American, one of the nation’s largest mortgage lenders, was also charged for “inadequate security practices” by the Securities and Exchange Commission (SEC) for failing failed to protect the personal information of its customers, or inform customers of the extent of a big breach.

Christopher Schnieper, director of fraud and identity at LexisNexis Risk Solutions, said in a press release: “The foreseeable future is unclear about the new normal. With the accelerated movement to online and mobile transactions and payments, financial services and lending firms must continue to build out and enhance the digital customer experience while protecting against fraud."

In fact, cyber thieves are actively targeting U.S. mortgage lenders’ digital channels in recent months, since they are well aware of the growing dependence on mobile and online even for more complex financial transactions, said the LexisNexis report. Bad actors know that even many people lately, working remotely for the first time, have not always practiced thorough cyber hygiene, even in the financial lives. According to the report, every $1 of fraud loss in mortgage lending costs lenders $4.40.

In fact, more than half of respondents who were surveyed for the study pointed out an increase of 10% or greater increase in mobile channel fraud this year. The study’s respondents also claimed to see a jump in malicious bot transactions targeting their lending customers and data.

To combat this rise in fraud costs, Schnieper recommended that mortgage lenders review both their physical and digital identity verification practices, and more carefully consider the potential risks of each transaction. “It is difficult for even the best trained professional to detect the increasingly sophisticated crime occurring in the remote digital channels without the aid of solutions that detect digital behaviors, anomalies, device risk and synthetic identities,” Schnieper said in the release.

“According to the study, the financial services and lending firms doing this — along with fully integrating cybersecurity operations, the digital customer experience and fraud prevention — tend to have a lower cost of fraud and fewer challenges.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.