Jan. 13: Notes about 2018 & conferences; site for reporting cybercrime, and a tale of fraud from the closing table

Yes, it’s Saturday of a holiday weekend, but the business doesn’t stop.

Conference & 2018 thoughts

Conference organizers everywhere are concerned about LTV ratios in 2018. No, not the loan-to-value, but the lender-to-vendor ratio at various events.

From The Mortgage Collaborative, COO Rich Swerbinsky weighed in with his thoughts on 2018’s lending and conference environment. “Think about volumes: 2017 down 20% from 2016. 2018 likely to be down 20% from 2017. Forecasters are projecting 23% refi business (more profitable) in 2018. And the vast majority of lenders between $2B-$15B a year in annual production are growing aggressively through branch acquisitions, or the addition/growth of consumer direct or third-party origination channels. The cost to originate is already sky high. And there isn’t a lender in America that isn’t sifting through expensive technology enhancements that are costly/complex to integrate with other systems.

“Roll it all up and what do you have? 80-90% of the mortgage lenders in America will be forced to make some tough decisions in 2018. And 100% of lenders are looking to cut fat. Unfortunately, one of the easiest ways to cut fat is to eliminate or reduce travel and conferences. In addition, the explosion of companies that have entered the mortgage tech space has changed the dynamic of mortgage conferences to the point where vendors & non-lenders may account for 75% of attendees.

“The industry is changing so quickly, lenders are placing a high premium on networking with other lenders that are forced to deal with the same tough decisions on running a business in an industry that its increasingly difficult to be profitable in. We saw this coming over a year ago, and have changed The Mortgage Collaborative’s entire conference experience around it.”

Debora Aydelotte, COO at Altavera, anticipates some changes ahead for 2018 with waves of deregulation on our doorstep, potentially pushing the industry past the $1.6 trillion volume forecasts for next year, “The dis-arming of the CFPB will result in less enforcement, less focus on advocacy and consumer education,” said Debora. “The roll-back of precise parts of DFA, such as loosening of qualified mortgage rules, will in turn open up the credit market and counter the effects of interest rate increases.”

“There are potentially broader impacts due to the new administration’s turnover in leadership over the past months at the SEC, Federal Reserve, CFPB, Treasury, FSOC and the House Financial Services Committee (Banking Committee). There is a philosophical alignment occurring which isn’t unusual after the arrival of a new administration, but this is playing into and may magnify the deregulation cycle in our industry. This is nothing we haven’t seen coming, however, the larger concern comes when we recognize the US banking industry has not cured all of its issues since the global financial crisis—for example, the systemic risk of too big to fail.”

Computers & crime? Say it isn’t so!

Is bitcoin a Ponzi scheme… or the exact opposite? Here’s one piece supporting the latter idea. Bitcoin has hit the “mania” phase—with some people reportedly borrowing money to buy into the new craze. In an interview with Joseph Borg, President of the North American Securities Administrators Association, he told CNBC, “We’ve seen mortgages being taken out to buy bitcoin.”

Intermedia research finds 31% of office workers surveyed say they are not familiar with ransomware. They’re not? That is scary when you consider an estimated 75 million phishing emails are sent every day and cyber experts indicate about 90% of those are ransomware. Continue to train your teams and your customers to protect your company!

The Financial Crimes Enforcement Network (FinCEN) announced a new forum that will facilitate public and private sector information sharing on financial crimes data. The goal is to better coordinate with law enforcement and to provide regular briefings for financial institutions on threats.

ABC News indicates a report by cybersecurity firm IB-Group finds hackers have allegedly stolen at least $10mm from at least 15 banks in UT, NY and CA. This group of hackers reportedly targeted US community banks mostly through card payment systems as long ago as May 2016. Hackers reportedly opened accounts, removed withdrawal limits on legitimate cards and then hit ATM machines to withdraw money.

Michael D. submits this tale from a title company in the Northeast/Mid-Atlantic region where one of their buyers was taken for $54,000 in a wire fraud scam. “Unfortunately, wire fraud has happened to one of our clients in our sister company in —–.  The Buyer’s Gmail account was hacked.  The fraudsters then sent a spoofed email from the Selling Agent telling the Buyer that the title company required a wire and would not accept a cashier’s check and that a specific employee from the title company would be in touch. The fraudsters then followed up with an email from our sister company’s employee (they added an extra “t” in the word settlement in the email it was sent from, i.e. wrsetttlement.com) with fake wiring instructions and a fake phone number!


“The Buyer was savvy enough to know to call and ask the title company to verify the wiring instructions; however, they called the fake number on the fake wiring instructions instead of calling into the office. As you can guess, the phone call was answered by someone impersonating the title company employee and confirmed the wire instructions. The Buyer then proceeded to wire $54,000 to the fraudsters. The fraudsters immediately removed the $54,000 from the fake account into another account. The Buyers now have the police, FBI and CFPB involved in trying to retrieve their money that was stolen from them.


The wire fraud happened two days before closing…would your clients have another $54,000 to go to settlement in two days or would settlement be delayed/cancelled? We all know what happens then…


“Please, please, please be diligent with your email and the client’s email security. We have used encrypted email for several years, much to the dismay of some clients; however, I hope you all understand why we must send encrypted emails with sensitive information.


“Our encrypted emails do not always require a login, it depends on the level of encryption based on keywords and attachments. There are a few types of email accounts that will always require a password: Gmail, Yahoo, Google, Comcast, Go Daddy and Verizon, just to name a few.”

Cyberthreats are everywhere… in your computer, your laptop, your toaster. Do you have detection measures in place, procedures to follow when breaches are detected, strive to keep your fraud avoidance systems current? It aint enough.

There are difficulties in managing the risk of fraud in general, and cyber fraud more specifically, as customer usage in that area continues to expand. A recent March Networks survey of US bank customers found that 60% of those who experienced fraudulent activity in their accounts discovered the problem before their banks told them about it. That isn’t great, but it is admittedly a problem the goes back eons. The survey also found about 15% of customers reported fraudulent bank account activity in 2016.

Lenders and banks may be doing a better job of spotting and responding to cyber break-ins than customers realize, for instance. The fact that so many customers discovered that their accounts had been compromised before their banks notified them, however, suggests there is always more room to improve.

Keeping customers informed and updated on cyber breaches has become an important task for banks in this age of burgeoning cybercrime. Customers are bombarded with news on data breaches, which can make them jittery about the security of their bank account too. Continuing to emphasize with customer facing teams that communication is a priority will help with that.

The survey also finds that once banks get involved, customers approve of the results. The survey found 85% of customers said they were satisfied with how their bank handled incidents. That is nothing short of a rousing endorsement of how banks deal with customer account fraud or security issues and is an exceptional way to keep loyal customers.

Fraud detection will always be a critical area of concern for lenders and banks, so while things are probably ok now, there can always be more improvement. It doesn’t hurt to periodically review processes and procedures to ensure there are no gaps.

While this survey finds there is still work to do with fraud detection customer notification, at the end of the day, banks are doing their best to keep customers safe, and they seem to be responding well.

Regulators and customers alike expect banks to respond quickly to fraud issues as they surface. Some quick links to share with your teams can be the FBI field office, the Anti Phishing Working Group, the postal inspector, the Federal Trade Commission or the internet crime complaint center. In the meantime, keep speaking with your customers to help them understand the language of how your bank protects them.

Did you know that research finds 85% of successful data breaches target the top 10 known vulnerabilities? That isn’t the news here though. What is news, is that all those breaches could have been prevented because patches were available. The companies impacted had not updated their patches. Now you know why regulators are focused on something as mundane as asking about patch updates during IT exams.

Educating employees and customers about the myriad common cybersecurity threats that community banks increasingly face is critical. According to Chicago Fed research, there are 7 cyber threats or cyber-related risks that are most common in community banks and lenders.

Malware: This one is perhaps the best known and most widely discussed. It represents any software that is used to disrupt computers or networks, gather information or access private systems. As you likely know, malware typically works by breaching a bank’s network through vulnerabilities or weak points of attack, and can infect storage media like USB sticks, mobile phones or tablets. These are often connected to computers, and through malware, hackers deliver computer viruses, ransomware, spyware and botnets. Since malware is often distributed via drive-by downloads, email attachments, file sharing or phishing, it is the most common cyber risk. Prevention is about educating your employees and doing regular IT updates.

DDoS: Distributed denial of service attacks have been on the rise over the past 5 years as a main attack type on US banks. Here, cybercriminals utilize millions of computers to send simultaneous requests to a single bank computer or website. This floods the system, so the bank’s network is shut down or disrupted. While IT teams are distracted dealing with this issue, cyber criminals attack elsewhere and try to slip through defenses. Prevention here includes limiting router flows, adding filters, layering defenses, timing out open connections and increasing network scale.

Takeover: Corporate account takeover happens when cybercriminals essentially steal the identity of a business. They take control of a business customer’s bank account, steal legitimate online banking credentials and then use those to process a money transfer to an offshore account. Prevention here includes setting more safeguards and closely monitoring suspicious activity (business), as well as following proper procedures to the letter and alerting clients of oddities (banks). Leakage: Data leakage is the unauthorized transfer of confidential data without permission from the bank. This can happen either electronically or through storage devices such as USB drives. These incidents can also be intentional or unintentional, and, according to SANS Institute, nearly 75% of data leakage incidents involve customer data. Prevention includes disabling thumb drives and installing software that tracks, quarantines, notifies and blocks such attempts.

Vulnerabilities: Mobile and web application vulnerabilities are essentially flaws within the applications that sit on smart phones or at a bank’s website. These flaws are discovered by hackers and exploited to gain access to your mobile or online platform. Once inside, hackers steal data, take over customer accounts or even take control of a bank’s internal network. Unfortunately, the more mobile banking continues to grow, the greater this risk. Prevention includes improving server controls, improving authentications/authorizations and adding encryption.

Changes: Weaknesses in project or change management commonly occur because of poor documentation and risk analysis. These can expose a bank’s systems and important data. Since banks use project management to manage changes in their IT infrastructure, support new business processes or integrate new technologies and products, vulnerabilities in these processes can be exploited by cybercriminals to gain access. The best thing to do here is to review your change management processes and beef them up as needed to ensure a quality structure.

Recall that regulators view cyber risk as a national security issue that goes well beyond residential lending and banking, so take proactive, strong and continual steps to protect yourself and your data. And keeping your yellow sticky note with your passwords inside your desk drawer instead of on your computer probably isn’t good enough.

The wife left a note on the fridge…

“It’s not working; I can’t take it anymore; I’ve gone to stay at my Mom’s!”

I opened the fridge, the light came on and the beer was still cold. What the heck is she talking about?

Visit www.robchrisman.com for more information on our industry partners, access archived commentaries, or to subscribe to the Daily Mortgage News and Commentary. If you’re interested, visit my periodic blog at the STRATMOR Group web site. The current blog is, “Servicing: All It’s Cracked Up to Be?” If you have both the time and inclination, make a comment on what I have written, or on other comments so that folks can learn what’s going on out there from the other readers.


(Market data provided in partnership with MBS Live. For free job postings and to view candidate resumes visit LenderNews. Currently there are over 300 mortgage professionals looking for operations, secondary and management roles. For up-to-date mortgage news visit Mortgage News Daily. For archived commentaries, or to subscribe, go to www.robchrisman.com. Copyright 2018 Chrisman LLC. All rights reserved. Occasional paid job listings do appear. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent of Rob Chrisman.)

Rob Chrisman