Aside from Social Security numbers and addresses, which are key pieces of information that an identity thief needs, you’re also handing out detailed financial statements, work history, tax information, a driver’s license, and your address history. It’s an overwhelming amount of personal information to give to someone you’ve probably just met.
“The mortgage application process and real estate transactions pose great identity theft risks,” says Henry Bagdasarian, founder of Identity Management Institute.
Most of the risk lies on the side of buyers as they apply for mortgages and put offers on homes.
Help better protect against identity theft: Find a reputable mortgage lender
One of the first steps you can take to help protect your identity is to choose a reputable mortgage lender. There are a number of rules—namely, the Secure and Fair Enforcement for Mortgage Licensing Act (the SAFE Act) and the Red Flags Rule—that govern how lenders must handle and protect information, and reputable lenders will abide by these rules. This can lessen the chances that the information you provide will fall into the wrong hands.
You may want to ask family members or friends for recommendations, and you should interview a few lenders before making your decision.
After you’ve narrowed down your list of potential lenders, check each lenders’ ratings online. Check with the Better Business Bureau (BBB) for reviews and complaints against the mortgage company, and verify that the lender is authorized to conduct business in your state. You can do this through the NMLS Consumer Access database, which allows you to search for licensing and registration information.
Even when you’re dealing with a reputable lender, there are identity theft risks to consider. A lot of information is sent via email, and real estate agents collect a lot of information in a physical form during the process.
So, what happens to that information?
“Personally, I shred all personal data once the transaction has completed, and I do not keep that data in file cabinets or on my desk where it can easily be stolen,” says Jill Chodorov , an associate broker with Long & Foster Real Estate in Bethesda, Maryland. Chodorov is also a contributor to the Washington Post real estate section, for which she wrote an exhaustive article on how to protect your personal data in a real estate transaction.
She and Bagdasarian urge everyone involved in the exchange to be mindful of their information—what they’re sharing, how much they’re sharing, how they’re sharing it, and what happens to it after the transaction is done.
“Businesses should also know that as they collect and retain personal documents, they can become targets of a highly publicized data breach and face lawsuits and financial losses,” Bagdasarian says. “They should collect the minimum required documentation to complete a transaction.”
He says that businesses have a tendency to become what he calls “identity obese,” over-collecting information they may not really need.
How you can protect your information
Even if your real estate transaction took place long ago, before data breaches were common, it’s a good idea to shred whatever you don’t need and completely erase from your inbox, sent files and trash any emails that contain personal information. If you retain a thin file of information, keep it under lock and key, Bagdasarian says.
Don’t be afraid to reach out to your former mortgage broker or real estate agent to inquire about where your information is kept and what measures are taken to secure it. Request to have your information shredded where possible.
“I recommend [consumers] ask what protocol is set up to ensure that data is not stolen,” Chodorov says.
Most real estate agents and brokerages should have a protocol for dealing with personal information. In 2011, the National Association of Realtors published its Data Security and Privacy Toolkit for members, and last year it began offering an online training course on best practices, according to Chodorov.
Additionally, new legislation recently introduced in Congress, called the Data Accountability and Trust Act, would require any business that possesses customers’ personal information to implement policies and procedures to protect that information.
“Unfortunately, there are no guarantees,” Chodorov says. “And there is really no choice by buyers and sellers—particularly buyers. They have no choice but to provide personal data if they hope to get a mortgage.”
As you apply for a mortgage, be especially careful what you send over email. You may want to ask your lender and real estate agent if there is another, more secure option for handling your information.
Michelle Stoffel Huffman is a researcher and staff writer for Think Glink Media. Michelle previously worked for the Chicago Tribune as a daily news reporter and community manager, covering local government, business, tax issues, and crime.