"I have finally found a worthwhile use for my camera phone!" The article was about settlement employees who were performing signing services outside of the office.
The employees reported using their cell phones to capture a picture of the identification borrowers presented at signing. This practice was initiated in order to satisfy lender requirements to obtain proof of identification in compliance with the Patriot Act. The employees emailed the pictures from their phone to their desktop to print and provide to the lender.
Fast forward to 2013 where we have the same scenario, except the signing agent is a mobile notary and not an employee of the Company. The signing agent meets with the borrowers on a new loan, asks for identification and makes a journal entry. The signing agent snaps a picture of each driver's license, then returns them to the borrowers and proceeds with the signing.
In this case, the borrowers grew concerned about having their identification photographed, and called their escrow officer at Chicago Title Company to find out why the signing agent took a picture of their identification. The escrow officer checked the loan instructions and it did not require a copy of the borrowers' identification at signing.
The escrow officer called the signing agent and asked why photos were taken of the licenses. The signing agent confirmed the licenses were emailed along with an invoice for the signing appointment to the owner of the mobile signing company, which was a standard operating procedure.
The escrow officer then asked the signing agent if any email encryption software was used to protect the identification of the borrowers in the email transaction. The signing agent did not use email encryption software.
The escrow officer asked if the mobile device itself contained encryption software so the pictures and other data could not be accessed in the event the phone was lost or stolen. The signing agent said it did not.
The escrow officer realized the seriousness of the situation. First, the signing agent exposed the borrowers' non–public personal information over the Internet without encryption, so anyone with access to the Internet would have the ability to intercept the message and view its contents.
Second, the signing agent continued to store the photographs on an unencrypted cellular phone that could have been lost or stolen, thereby exposing the non–public personal information of the borrowers to anyone who might pick up the device.
The escrow officer demanded the photos be immediately deleted from the signing agent's phone and Sent items in the email account. She notified the owner of the signing service company of the signing agent's actions and demanded any photographs of the borrowers' licenses also be deleted from the agent's email account.
Then the escrow officer called the borrowers and explained why the signing agent took photos of the licenses, the measures that had been taken, and offered the borrowers a year's worth of CreditCheck® Basic through Experian®.
She also offered them a coupon worth two redemptions of credit monitoring through Experian® so if their identities or their credit are compromised as a result of the signing agent's actions, they will be notified by Experian® and their fraud resolution team will work to resolve any issues.
What if an employee of our Company had been performing the signing and did not have a Company issued cell phone? If the employee is sending photos and other information from a cellular device that is not Company issued, the email encryption likely will not work.
Employees cannot send a photo of an identification card – even to themselves – if the email cannot be encrypted since its contents would potentially be exposed to anyone on the Internet.
If employees have a company issued cell phone, they can send an encrypted email simply by typing the word {encrypt} in the subject line of the email message.
Additionally, unless the device itself contains encryption software, the employee's phone should never contain Company or consumer private information. Company issued cellular phones can be remotely encrypted if they are ever lost or stolen to avoid exposing Company or consumer non–public information.
Comments(0)