The Consumer Financial Protection Bureau is amassing mortgage and card data of bank customers across the country. From the standpoint of reducing banks’ mortgage compliance burden, the bureau’s project has the potential to help banks. However, the bureau may be increasing banks’ and bank customers’ risk to cyber thieves stealing customer financial data, according to Representative Ed Royce (R- Calif.) who questioned CFPB Director Richard Cordray during the bureau’s semi-annual report to the House Committee on Financial Services on Jan. 28.
CFPB officials are working with the Federal Housing Finance Agency to collect data on 53 million residential mortgages originated between 1998 and 2014. Among the data collected is the date the mortgage was taken out, the amount of the loan and census tract data. “It is easy to reverse engineer and identify the people in our data base,” said Bob Avery, project director for the national mortgage database at the FHFA. A video recording of an interview with Avery was played at the hearing. Privacy is the number one challenge with this kind of database, Avery said.
The CFPB also has contracted Argus Information and Advisory Services to obtain credit card data from nine card issuers. The data obtained from these issuers represents about 90 percent of all outstanding card balances, according to previous testimony of CFPB Deputy Director Steven Antonakes before the committee. The bureau’s contract with the company requires Argus to collect 96 data points which include the unique card-account identification reference number, ZIP code, monthly ending balance, borrower’s income, FICO score, credit limit, monthly payment amount, and days past due.
Royce pointed out that the U.S. Government sustained 22,000 data breaches in 2012, according to the U.S. Government Accountability Office. That was an increase of 42 percent over 2011, and a 100 percent increase over 2010. More than just Republicans are concerned about collecting credit information of U.S. citizens in one database, he said. Given the recent cyber attacks on national retailers like Target and Michaels, “from a privacy standpoint, I do not believe the project should move forward until these issues are adequately addressed,” Royce said.
Cordray agreed that the security of consumer information within the bureau’s database is a concern. But he also said that the information is necessary to gauge the effectiveness of the CFPB mortgage rules which went into effect on Jan. 17. “I am getting questions about what [the bureau] should be doing in the mortgage market. Have we drawn the box too tightly around QM?” Cordray said. “In order to get [the mortgage rules] right we must have information about the market.”