From design specifications to physical location, security is a top priority. We protect all data being passed through our system, and can delete lender defined sensitive data after being passed to the vendor. There is a direct correlation between the amount of sensitive data you store, and risk. Certain information would have no value should it fall into the wrong hands, like a name or address, but sensitive information like a social security number would. We simply do not keep any sensitive information on our site that is not necessary for the functional operation of the service. The lender controls what information is sent to a vendor and we take steps to ensure that information is protected or removed, eliminating any potential risk.

All Internet connections are forced SSL, using 128-bit encryption, and anonymous access to the site is never permitted. Once authenticated, security level one, the user is redirected to the data-store defined in their profile. A second level of authentication takes place as the user is validated against the Access Control List (ACL) for that data-store. Users are assigned “roles”, providing third and fourth level security. Roles control access to individual documents and fields within the data-store, allowing multiple users to have access to different document sets. Field level access provides the lender with control over what data on the document is visible to the users. Different users within the same organization can have different roles, thus allowing access to different sets of documents and the data that is displayed.

Our security model provides you with great flexibility when configuring your environment. A lender data-store could allow multiple branches to only see orders specific to their branch; but a supervisor or auditor could see all the orders regardless of where they originated from. This provides granular access control, a key security feature, while changes are simple and immediate.

One of the many advantages to utilizing a portal based solution is that a lender does not need to qualify or test every vendor they do business with for web based security. Since communication between the lender is now restricted to a single point of access, only vmcSelect needs to be assessed or certified. A lender no longer needs to be concerned with storing sensitive customer information on several different web sites, just one. This alone can lead to significant cost and resource savings, eliminating redundant annual security reviews and audits, and most importantly limiting your risk.