Mortgage Web Success
System
Security, GLB & Patriot Act Compliance

Last Revised November 25th, 2007

At Mortgage Web Success, LLC, we take the job of protecting your data and that of your customers very seriously.  We have implemented systems and policies to ensure that your data is safe and compliant.  Mortgage Web Success Sites fully comply with the FTC regulations regarding the Gramm-Leach-Bliley Act.  The following document describes the areas affected and falling under the Act along with a description of how we safeguard data and maintain compliance.

 
Protection from unauthorized access during the application entry process

Loan applications submitted by borrowers using the Mortgage Web Success Sites Application Form are protected by a 128bit SSL connection on the page that loads the loan application program.
 
Protection from unauthorized access while in our custody

Once in our custody, electronic access to the data is restricted to key personnel who develop and maintain the systems. We implement a hardware firewall solution that prevents direct access to any of the database servers from outside the building.
 
Use of loan application data by Mortgage Web Success, LLC

Under no circumstances does Mortgage Web Success, LLC, sell, convey, share or disseminate in any way, any data associated with your site or clients' loan applications.
 
As part of Mortgage Web Success, LLC's process of continued enhancements and upgrades to the Mortgage Web Success Sites products, we monitor and compile various statistics on the habits of consumers filling out the loan application.  These statistics such as which fields are left blank, most common stopping points, most common data entry formats and various other user habits, don't contain any confidential consumer information but provide us with a wealth of information we need to improve the product.  In addition we reserve the right to aggregate certain data points for the purposes of measuring the level of growth of our products and tracking trends industry wide in the habits of consumers.
 
 
Protecting data from power failure and disaster

Mortgage Web Success Sites are hosted in state-of-the-art data centers. Each of the data centers employs backup generators, multiple hard drives, dual routers, cooling systems and gel battery power banks give us real redundancy so our high-end servers will continue to operate regardless of external conditions. In the event the grid is down, five huge 16-cylinder diesel generators supply constant, reliable power for all systems. In the event of a disaster affecting the physical location of the data center, Mortgage Web Success, LLC is capable of becoming fully functional by employing a combination of alternate data centers.

USA PATRIOT Act Compliance
Although Mortgage Brokers do not specifically or officially fall under the guidelines of the USA PATRIOT Act, upstream lenders and other financial institutions involved in the mortgage transaction do and as the origination point of the loan, the mortgage broker will be expected to assist in gathering the necessary information from consumers for upstream lenders and institutions to be compliant.  Unlike other compliance requirements, there are no disclosure forms to distribute to the borrower.  Rather, section 326 of the Act provides that institutions implement a customer identification program (CIP) in order to verify the identity of borrowers prior to engaging in a financial transaction.  In this case, that means opening a new mortgage loan. Mortgage Web Success Sites provide mortgage brokers with the tools for implementing a CIP.  Specifically, the online loan application has fields and other tools for gathering all the required information from a borrower including (name, date of birth, address and taxpayer identification number).  In the event the borrower is not a U.S. resident, a passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard is required. 

 
Definitions

Gramm-Leach-Bliley
The Gramm-Leach Bliley (i.e., GLB) Act requires financial institutions to take steps to ensure the security and confidentiality of "customer" records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The GLB Act broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services. GLBA requires government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The regulations required all covered businesses to be in full compliance by July 1, 2001.
 

(Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol, developed by Netscape, built into browsers, that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is the use of Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.)
 
Secure Sockets Layer. Used by most commerce servers on the World Wide Web, this high-level security protocol protects the confidentiality and security of data while it is being transmitted through the internet. Based on RSA Data Security's public-key cryptography, SSL is an open protocol that has been submitted to several industry groups as the industry security standard. Denoted by the letters HTTPS in the URL.

USA PATRIOT Act
Enacted by the U.S. Congress in response to the September 11, 2001 terrorist attacks on the World Trade Centers in New York, the act enhances the authority of U.S. law enforcement for the purported intention of investigating and preempting potential terrorism. 

& Mortgage Web Success, LLC (All Rights Reserved)