Quicken Loans Inc. - Security, Analysis and Planning

SECURITY ANALYSIS AND PLANNING

Information Environment At Quicken Loans

Quicken Loans Inc. is a mortgage lending company headquartered in downtown Detroit, Michigan. It offers mortgage services to its clients for buying or refinancing a home. These services are offered through different channels such as online or mobile. As a part of providing these services, QL collects different kinds of information from its clients and customers, which has the following classifications: Confidential, and Personally Identifiable Information (PII). Within PII exists a separate sub-category: Personally Identifiable Financial Information (PIFI). PII includes name, date of birth, home address, email, mobile number, driver’s license, employer name, employer address, employment history, geolocation and medical information. PIFI includes paystubs, bank statements, Social security number, Credit card number, Debit card number and bank accounts number. Confidential information includes project plans, business planning documents, acquisition information etc. Considering the importance and sensitivity of this information, information security plays a vital role in our organization that we take on when we collect such information from our clients to build relationships and maintain their trust. Also, we have an ethical obligation and increasingly, a legal one to do just that.

The customer provides this information through online web application called AMP (Amazing Mortgage Platform), which includes filling up different mortgage related forms and uploading the financial and personal documents within the application. Once the customer submits his mortgage application, the information gets stored in the company’s storage systems and made available to the Bankers to work on the mortgage process. Each application gets a unique identification number and is made available to the assigned banker. Apart from the bankers, the relevant information is accessible only to the team members working on the data analytics and data science projects in the company for prioritization of loan applications and predictive analytics. Company has established Information Security Policies & Standards and invested significantly in security infrastructure to protect customer’s data. Some of the policies include: Information Data Classification Policy to classify data based on sensitivity; Confidential Data Policy; Physical Security Policy and Acceptable Use Policy.  

To assess which vendors and third parties may directly create a risk (cyber, business impact and legal) and become the source of a data breach, we work with experts that can help assess and manage the risk across the supply chain and build better defense-in-depth to prevent a breach; use tools and analytics that are specially designed to monitor and assess the security posture of vendors in real-time, as well as improve contractual provisions that result in greater security performance. Recently, our company is shifting to Big Data approach to help reduce the risk in mortgage lending. The use of big data analytics for mortgages drives better institutional profitability—more loans that are closed in less time, and that perform better overall and have a reduced risk of loss. The company has build teams of in-house Big Data talent while leaving the technologies to cloud-based firms.