Security

From the beginning design specifications of the portal to our physical facility, security has and always will be a top priority. The multiple layers of security used to protect the data being passed through our system and our ability to delete lender defined sensitive data after being passed to the vendor, sets us apart from any other service. There is a direct correlation between the amount of sensitive data you store, and the risk you assume, as such we minimize the data we store. Certain information would have no value should it fall into the wrong hands, like a name or address, but sensitive information like a social security certainly could. We simply do not store any sensitive information on our site that is not necessary for the functional operation of the service. The lender controls what information is sent to a vendor and we take steps to ensure that information is protected, encrypted or removed, eliminating any potential risk.

All Internet connections are forced SSL, using 128-bit encryption, and anonymous access to the site is never permitted. Once authenticated, security layer one, the user is redirected to the datastore defined in their profile. A second layer of security takes place as the user is validated against the Access Control List (ACL) for the client specific datastore (client's do not share datastores). Users are assigned "roles", providing third and fourth layer security at the document and field level. Roles control access to individual documents within the datastore and field level access controls what data on the document is visible to the end user. Different users within the same organization can have different roles, thus allowing access to different sets of documents and the data that is displayed.

Our security model provides a lender with great flexibility when configuring their environment. A lender could allow multiple branches to only see orders specific to their branch; but a supervisor or auditor could see all the orders regardless of where they originated from providing granular access control, a key security feature exclusive to our system.

One of the many advantages to utilizing a portal based solution is that a lender does not need to qualify or test all their vendors for web-based security. Since communication between the lender is now restricted to a single point of access, only vmcSelect needs to be assessed or certified. A lender no longer needs to be concerned with storing sensitive customer information on several different web sites, just one. This alone can lead to significant cost and resource savings, eliminating redundant annual security reviews and audits, and most importantly limiting their risk.