Those who aren’t really familiar with the settlement services industry tend to think of a title agency as, more or less, the business that makes the closing happen and delivers a title insurance policy. But those who live and breathe title know there’s something even more fundamental with which they are charged.
A title agency’s existence, in so many ways, depends upon information. Collecting it. Entering it into its production system and workflow. Protecting it from cyber criminals or from being used to propagate fraud. And distributing it, in the right form, at the right time to the right people.
Yet, after decades of going about this complex and multi-faceted process, we still see far too many title professionals managing data by hand.
They’re collecting missing borrower/buyer information such as social security numbers via email, phone, text and then keying it into their production system. Some use their inbox as de facto storage for such information until the time is right to enter it into the proper documents.
And, unfortunately, still others fail to implement effective measures to thwart cybercrime or fraud.
Although most title and settlement firms have made a great deal of progress in the way they collect, store, process and protect sensitive data, there is still a long way to go for the industry. The potential consequences of failing to do so could prove to be catastrophic.
The continued struggle to collect and store data
A title agency is charged with a good portion of populating and accurately preparing the vast majority of the documentation required for a legal closing. In so doing, they are generally responsible for collecting a great deal of sensitive information such as birthdates or Social Security numbers. They’re also intricately involved in managing the escrow process and even wire instructions.
But there is no universally adopted method in which all of this data comes into the title agency. It could come via phone; text message; email; any number of online portals or even word of mouth (such as via the Realtor).
The title agency isn’t receiving all of this information in one or two universally accepted methods. Far from it. The result of this hodge-podge of communication and data exchange channels inevitably results in manual data entry, with all of the inefficiencies and opportunities for error that come with it.
And when such information comes into the title agency, depending on how its workflow and technology are arranged, there’s no guarantee that this sensitive data will be securely stored. If a consumer’s bank account number, for example, comes into an employee’s email, and that email is not deleted, what happens if that employee is allowed to take that laptop home? Or if it’s accidentally left in a parked car in a large parking lot or forgotten and left behind in a public place?
Securely storing NPI isn’t just a matter of practicality. It’s also a matter of compliance and, potentially, survival for the business. And it takes a combination of technology, policy, management practice and overlapping layers of protection to do it. Not a one-time, all-hands email from management.
Although there are a number of great technological tools available to title agents, and more coming into the market every day, it’s critical that these tools work together as seamlessly as possible. Because, almost always, where there are gaps where data travels through the workflow, you can bet that’s where manual data entry is the solution.
Those locations aren’t simply chokepoints to efficiency. They’re pathways to error and even fraud or cyberattack.
Securely storing and protecting sensitive data
By now, the vast majority of the title industry is aware that cybercrime and fraud are a) real threats, b) growing in frequency and worst of all, c) getting more sophisticated all the time. The new challenge to securing data is no longer, for most, the result of denying or ignoring the threat. Instead, it’s failing to understand or learn how to safely secure data from bad actors.
In the majority of fraud cases impacting the title industry, cybercriminals are most often able to acquire the virtual keys to a firm’s sensitive data or access to that business’ systems at the very same chokepoints where technologies fail to meet: where manual data input or simplistic data storage is the norm.
Phishing, for example, exploits employee email to procure some of the sensitive data (email addresses, social security numbers, bank account numbers) needed to falsely authenticate the fraudsters portraying an involved bank or real estate agent. Phishing is also used to initiate the infiltration of malware into a business’ system.
Yet, even a simple process like mandating two-factor authentication company-wide remains heavily resisted at all levels—even though it has proven to be a robust deterrent in a comprehensive cyber defense.
It starts at the top
Perhaps the largest contributor to poor data storage and cyber defense is a lack of comprehensive strategy.
It’s true that investing in technology or qualified third-party consultants experienced in such matters is much more an expense than a revenue producer. But this overlooks the potential, and very possible, results of failing to install a robust system. At the very least E&O or cyber insurance providers have dramatically raised the bar on who they will, and won’t, insure, and the cost to do so based on the risk.
Regulators and enforcement agencies at the state and federal levels are increasingly requiring more rigid standards. And there’s the genuine possibility that sloppy or unplanned security can lead to lawsuits, canceled partner and underwriter relationships and even the very end of the business should something like a ransomware attack occur.
A title agency’s role in taking in, inputting, processing and disseminating information is not to be taken lightly. A lack of consistency in how that data is collected and procured, brought about by the sheer number of different professionals and businesses are involved in the process as well as a lack of connectivity between more than a few technologies, makes the task that much more difficult.
It starts with planning, consultation and research. There are technologies that can simply be parts of the process that do interact with other technologies in the tech stack. There are proven practices, strategies and methodologies that make the process dramatically more efficient as well as safer.
And while transitioning a title business away from unsafe data handling methods (like relying on email or phone for more than what they were meant to be used for) is a real challenge, that challenge pales in comparison to the potential consequences.
Hoyt Mann is a co-founder and president of alanna.ai, a conversational AI assistant aiming to elevate title agents’ operational efficiencies while upgrading their customer service.