If you’ve applied for a mortgage recently, you’ve probably also received a dozen cold calls from brokers trying to get you to apply for a mortgage with them. For the past few years, mortgage brokers have been paying credit bureaus to give them instant notifications — known as “trigger leads” — when people with a certain minimum credit score apply for a home loan. Then they barrage the applicants with phone calls in an attempt to get their business.
Consumer advocacy groups and bank lobbyists alike have been pushing for limitations on trigger leads for some time now. In April, legislators introduced a bill to curb these aggressive solicitations. Passed unanimously by both the Senate and the House in June, the bipartisan Homebuyers Privacy Protection Act, would prohibit any company from purchasing credit reports unless the consumer has a current account with that company or the consumer gives explicit authorization to access the report. Essentially, the bill would make trigger leads illegal.
At first glance, the bill seems like a naked attempt by banks to forcibly limit competition from non-traditional lenders who might be able to undercut their interest rates. And while that may be one motivation why bank lobbyists support it, trigger leads do in fact represent a major threat to consumer privacy. By allowing brokers to purchase any report they want, anytime they want, credit bureaus are disseminating highly sensitive financial information to hundreds of different companies. This puts consumers’ private information at risk, all without their consent.
Of course, trigger leads do offer some real benefits. For example, they give the consumer the opportunity to learn about potentially better rates before they invest too much time and energy finishing their application with another lender. It’s not only great for the individual borrower, but it’s good for the economy too. The more borrowers can save on their mortgage, the more they can spend purchasing other products. More competition in the mortgage industry also helps to spur innovation and incentivizes firms to improve customer service.
But it comes at a cost. After applying for a mortgage, consumers report being instantly bombarded with phone calls, almost always from companies they’ve never heard of. Some applicants say they’ve received hundreds of calls.
Trigger leads aren’t just a nuisance — they’re real threats to privacy. After getting a flood of unwanted phone calls, consumers are left wondering: How did these mortgage brokers obtain my phone number? How do they know that I’m buying a house? How much of my personal financial information is out there? Who else are they sharing my information with?
These aren’t just idle concerns. Even with the sophisticated cybersecurity measures employed by financial institutions, data breaches still occur. Banks, credit unions, and even major credit bureaus like Equifax have suffered devastating cyber attacks in recent years.
Mortgage companies — the typical buyers for trigger leads — also face cyber attacks. But unlike traditional banks, they’re not as equipped to defend against them. Many mortgage companies are comparatively small firms that simply don’t see themselves as potential targets for hackers.
Late last year, National Mortgage Professional interviewed Jordan Bingham, an expert on financial cybersecurity and founder of LendSafe, “a firm that helps mostly mom-and-pop mortgage companies implement cybersecurity protections and comply with new regulations.”
In the interview, Bingham revealed that small mortgage companies often choose to ignore cybersecurity risks, even as their peers suffer massive data breaches. Sometimes the issue is simply covered up. According to Bingham, 90% of breaches at small mortgage companies go unreported, leaving law enforcement and borrowers in the dark about the safety of their data.
The most concerning issue with trigger leads is the lack of consumer consent. When an individual applies for a mortgage with their chosen lender, they aren’t consenting to have their information transmitted to countless other companies, especially companies that may be ill-equipped to protect their data.
With losses from fraud skyrocketing in recent years, we should be extra cautious about who is allowed to access consumers’ sensitive information. As the Homebuyers Privacy Protection Act heads to Congressional reconciliation, legislators have the opportunity to eliminate trigger leads, safeguarding consumers’ privacy and giving them more sovereignty over their own data.
