Technology & Security
YSG operates with an application processing system that operates like a financial institution’s Loan Operating System and CRM. Along with sophisticated call center technology, these integrated systems ensure accurate and secure tracking, analysis, and transfer of all consumer credit information, application data, and loan structure data. For credit union Lenders, YSG typically transfers application data through CUDL. For other Lenders, data is transferred directly between YSG’s system and the Lender’s origination system or other designated method.
Specific functions of YSG’s systems include, for example:
- Prescreening leads according to a variety of Lender-defined criteria
- Tie a code provided to the consumer in a marketing document to a specific Lender campaign to ensure that prescreened leads are assigned to the appropriate Lender
- Automatically gather soft pull credit report and credit bureau data from consumer inquiries that have not already been prescreened for a specific marketing campaign
- Interface with website contact form and integrates consumer reported data with credit bureau soft pull data
- Evaluate soft pull credit bureau data and consumer-provided application data against Lender criteria for pre-qualification
- For leads that are not generated through a specific Lender campaign, identify the best lending program for which the consumer is likely to qualify
- Maintain all private consumer data in a secure, regulatory-compliant manner
- Record/store phone conversations and other communications with consumers
- Interface with CUDL and other loan origination systems used by Lenders
- Transfer application data to the Lender
- Receive stips from consumers through a third-party secure portal
- Populate consumer data into Lender loan documents
- Receive an electronic decision from the Lender
- Track and securely maintain all inquiry, application, and Lender approval data as well as imaged application documents
- Maintain appropriate data backup, data security, system redundancy, and disaster recovery methods
Data Management and Security
Data security is managed through procedures such as, but not limited to:
- Data in the operating system is backed up and stored in AWS, a cloud-based, secure, encrypted system.
- All consumer, application and loan document data is backed up and stored in a manner that has the appropriate levels of security for the type of data (NPI, other consumer data.)
- Restricted access, 24/7 video, and other measures ensure physical security.
- Data loss prevention measures include secure, scanned emails, access to data/systems limited to YSG-configured computers and YSG network, policy against cell phones in lending areas, and controlled access to white-listed websites.
- Computers require passwords for access and have time-out programmed when not in use.
- Authority levels are established by management to ensure appropriate access to private consumer information.
- YSG uses IP restrictions and passwords to restrict access to systems that contain consumer data.
- Regular internal and external vulnerability scans and remediation, encryption of data at rest and in transit, and other measures ensure data security.
- Remote workers are required to follow the same data management and security policies and procedures, including but not limited to using specially configured YSG hardware and software.
YSG maintains appropriate policies and procedures related to Data, Physical, and Administrative Security. Other Data Loss Management policies are also in effect. Staff members are trained on data security policies and procedures on a regular basis. YSG performs regular service provider reviews to ensure they provide the appropriate levels of security for the services they perform and data to which they have access