You won’t find the words “prevent” or “stop” in the lexicon of credit-monitoring identity theft protection companies. That’s because they are limited in scope and mostly reactive to data after it has been posted to the consumer’s credit file. With the massive data breaches, just about everyone’s personally identifiable information is in the hands of identity thieves. The U.S. Office of Personnel Management  lost data on 21.5 million people, some of which included digital images of fingerprints. Equifax lost data on 145.5 million consumers. Based on these numbers alone, you might think you are completely helpless to fight identity theft. And you are right. It is just a matter of time before you become a victim.
There are two common ways consumers can be victimized by identity theft relating to mortgage banking. The first usually involves an elaborate scheme to collect personal data, after which the identity thieves take out new loans on the consumer’s property. Often, the consumer is not aware of this until they are served an eviction notice. The second involves unauthorized account openings or credit card charges using the consumer’s identity. The consumer usually discovers these issues when the lender pulls a credit report during the loan origination process. This type of discovery takes time to clean up and can cause a delay in the loan process or may lead to a more expensive loan (i.e., higher interest rate).
Although consumers are rarely responsible for the cost of identity theft, they must endure the long and painful process to restore their identities. Identity theft victims are considered guilty until proven innocent. This restoration process often involves filing a police report, signing affidavits, and sending more PII through the mail to clear up the victim’s case. It can take months to resolve the problems.
Mortgage lenders and investors are also adversely affected by identity theft. They absorb the true cost of identity theft. These costs include delays to the origination process, fraudulent loan amounts, increased internal controls, and anti-fraud tools.
There are some tools available to consumers to combat identity theft. Banks are allowing consumers to turn off their debit cards and set credit card rules. Credit bureaus have fraud alerts and credit freezes along with new online tools to lock credit reports. Unfortunately, these tools are limited in scope and/or involve recurring monthly or transactional fees.
It’s time to empower consumers with more advanced controls. Consumers should be easily allowed to control how and when their identities can be used. Consumers should have a centralized solution that allows them to control all aspects of their identity without recurring monthly or transactional fees. Consumers should be able to block the most sophisticated forms of identity theft, which includes tax refund fraud, account take over fraud, medical insurance fraud, and more complex types of fraud. All of this should be able to be fully executed by the consumer with a secure login to a centralized database that houses all of their controls—and they should be able to log in and turn everything on and off with the simple click of a mouse or swipe of a finger.
Consumers are not actively looking to open any new accounts or loans throughout most of their lifetime. Consumers should have access to a single button that blocks all transactions from occurring using their identity. When they are ready to open a new banking account or apply for a new mortgage, they should be able to open a very specific rule to authorize that type of transaction. For example, if a consumer wanted to apply for a new home equity line of credit (HELOC), they could specifically authorize that type of transaction by selecting “Yes” in response to the HELOC question below:
Then, when a consumer applies for a loan, the mortgage lender would immediately request authorization from the centralized service to validate that the transaction is allowed by the consumer. The service would verify the type of transaction with the associated rule and either approve or deny the transaction. The consumer would be immediately notified of the transaction request. If the request was denied, the consumer could then take action to authorize the request if it is okay to proceed.
The consumer would also have similar controls for opening different types of new accounts. Most of the time consumers are not looking to open new accounts, so they would have their controls locked down. Once they are ready to open a new account, they would update their controls to authorize the specific type of account. The bank or credit card issuer would request authorization from the centralized service before opening the new account. If authorized, they would proceed with the new account. This approach would prevent any new account openings that could later adversely affect the consumer’s credit and delay the loan-origination process.
Authorizing transactions based on consumer-defined rules is another form of multi-factor authentication. It is a new source of data, only known to the consumer, which is used to explicitly authorize the requested transaction. This solution actually stops identity theft from happening before the transaction occurs. This approach can be used to stop all forms of identity theft.
Everyone needs to help prevent identity theft. Mortgage lenders can do their share by simply requesting an authorization at the beginning of the origination process. Fannie Mae and Freddie Mac could also add the verification as part of their automated underwriting process. FHA, VA, and USDA could also add the verification into their workflow. Moving forward, there is no reason why a consumer should ever have an unwanted loan mysteriously show up under their name.
The mortgage industry can take a leadership role in solving the identity theft problem by adopting this new technology and offering the service to their customers for free, for life. Identity theft is preventable. The banks, credit card companies, and credit bureaus just have to decide that enough is enough.