Most active commenters

    ←back to thread

    Show HN: Free mortgage analysis tool to avoid getting screwed by closing costs

    (closingwtf.com)
    273 points aaln | 18 comments | 15 Nov 24 17:38 UTC | HN request time: 0.001s | source | bottom
    Show context
    kojeovo ◴[15 Nov 24 19:03 UTC] No.42149815[source]
    The privacy and security part is not inspiring confidence. Scrolling to the next section got me thinking "Don't get scammed at closing, get scammed before closing after uploading your mortgage documents to a random website."

    Cool idea though.

    replies(2): >>42150061 #>>42150121 #
    aaln ◴[15 Nov 24 19:31 UTC] No.42150061[source]
    Hey, Aaron the builder here.

    The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.

    The tool has already helped many people negotiate and get a better deal on their mortgage. Please before judging understand that 70% of buyers overpay in their mortgage 1-3% in closing costs and bad rates. It's mind boggling how much lenders get away with profiting in junk fees from stressed out homebuyers.

    replies(15): >>42150103 #>>42150132 #>>42150169 #>>42150219 #>>42150406 #>>42151085 #>>42151198 #>>42151240 #>>42151281 #>>42151328 #>>42151929 #>>42152370 #>>42153139 #>>42154561 #>>42164650 #
    WaitWaitWha ◴[15 Nov 24 19:48 UTC] No.42150219[source]
    Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.

    A business is not just about the product.

    Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.

    > We collect the following types of information:

    > Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.

    Okay, but

    > 4. Data Security

    > We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

    This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?

    Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.

    You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.

    replies(3): >>42150822 #>>42150852 #>>42150889 #
    adamtaylor_13 ◴[15 Nov 24 20:49 UTC] No.42150852[source]
    Legitimately curious, what’s the worst they could do with this data?
    replies(2): >>42150989 #>>42151079 #
    1. AntiRush ◴[15 Nov 24 21:08 UTC] No.42151079[source]
    The most common scams around home buying are wire fraud - contact the buyer pretending to be the title company and steal their money. The data in a mortgage is exactly what you need to enable these scams and you're getting people to hand it to you and at the same time tell you they are about to wire money.
    replies(3): >>42151215 #>>42152057 #>>42152237 #
    2. SoftTalker ◴[15 Nov 24 21:19 UTC] No.42151215[source]
    I have never done a wire transfer at a residential closing. I come to the closing at the title company office with a cashier's check from my bank for the amount they told me to bring.
    replies(3): >>42151734 #>>42151756 #>>42152686 #
    3. takeda ◴[15 Nov 24 22:06 UTC] No.42151734[source]
    Did you bought enough houses to assume that's always the case?

    My experience was that I was told to send the cashier's check using overnight FedEx because they did not have office in my area.

    replies(1): >>42151888 #
    4. jvanderbot ◴[15 Nov 24 22:08 UTC] No.42151756[source]
    The only method available to me at closing was a wire transfer. It is dumb.
    5. SoftTalker ◴[15 Nov 24 22:21 UTC] No.42151888{3}[source]
    No, fair enough. I would not close anywhere other than a local title company though. I've had a few odd things surface at the last minute that were resolvable because everyone was sitting around the same table.
    6. zie ◴[15 Nov 24 22:38 UTC] No.42152057[source]
    Wire Transfers are not undoable and instant, much like Zelle. So I always recommend people send $10 first, and confirm everything works, before sending real money. When doing the confirmation, try using a different channel of communication, to ensure you are getting the right person. i.e. call them directly from known good phone numbers or something.

    Yes many banks charge $30 or more for a wire transfer, but I'd rather just pay the $60 than have a large sum wire transfer lost, stolen, etc.

    Some banks/Brokerages are sane and do not charge extra for wire transfers. Fidelity is one such. BOA also(if you have enough assets there, $100k will do it).

    replies(1): >>42154509 #
    7. lolinder ◴[15 Nov 24 22:58 UTC] No.42152237[source]
    Yep. When we closed on our house we got a whole lecture from the title company about how frequently data breaches lead to wire fraud and to not trust anyone. Mortgage originators are constantly under attack to try to get at the information that OP is asking people to just casually upload.

    Their aggressive dismissal of the concern is not a good look.

    replies(1): >>42152835 #
    8. nijave ◴[15 Nov 24 23:50 UTC] No.42152686[source]
    Cashier's check was only accepted for amounts less than $10k at our closing by our title company. This seems common to require wire. The title company contracted with a 3rd party escrow service so the money was required into the title company's account at the escrow service. I assume a cashier's check would need to be mailed to the escrow company
    replies(2): >>42154712 #>>42156948 #
    9. aaln ◴[16 Nov 24 00:08 UTC] No.42152835[source]
    I am not dismissing the concern, I was stating the tool solves an even larger concern. I'm doing everything I can to setup it up to be secure, private, and worthy of trust and addressing the feedback points.

    If you have suggestions more than "don't trust this random internet tool even if it gives you free advice, regardless of the value it offers", please let me know [thanks emoji]

    replies(2): >>42154977 #>>42156281 #
    10. davchana ◴[16 Nov 24 05:18 UTC] No.42154509[source]
    Is it too paranoid that even for first time Zelle (with people I know in real life) I send a $ and ask them to see if they received it, before sending anything else?
    replies(2): >>42155655 #>>42156591 #
    11. ◴[16 Nov 24 06:04 UTC] No.42154712{3}[source]
    12. stouset ◴[16 Nov 24 07:07 UTC] No.42154977{3}[source]
    With all due respect, that is the fundamental problem here. Your tool may provide value to your users but uploading mortgage documents to random third parties is de facto dangerous and encouraging users to act irresponsibly.

    A great analogy would be a website that asks users to provide their usernames and passwords for sites to see if it’s a strong password or if it’s been compromised. “Sorry, the credentials stouset / hunter2 were found in our database for Hacker News.”

    Sure maybe you’re a saint and don’t store or misuse this data. But such a site would in the best case be training users to do a very wrong and dangerous thing. In the worst case you get breached by attackers who do use the collected data to do evil.

    replies(1): >>42156489 #
    13. blitzar ◴[16 Nov 24 10:22 UTC] No.42155655{3}[source]
    I do / did this between my own bank accounts when entering details the first time.
    14. taxcoder ◴[16 Nov 24 13:25 UTC] No.42156281{3}[source]
    On a per individual basis, I think most individuals would prefer to overpay mortgage fees slightly rather than lose the entirety of the money they wire.
    15. lolinder ◴[16 Nov 24 14:03 UTC] No.42156489{4}[source]
    > A great analogy would be a website that asks users to provide their usernames and passwords for sites to see if it’s a strong password or if it’s been compromised. “Sorry, the credentials stouset / hunter2 were found in our database for Hacker News.”

    This is actually a really good analogy because it does illustrate that it's not a completely crazy ask—people do trust Troy Hunt to run such a site. But OP should be much more understanding of how dangerous the concept is and offer options to resolve concerns (Troy allows downloading the passwords list to check locally), especially while they're not Troy Hunt-level famous and still are trying to build up trust.

    replies(1): >>42157437 #
    16. zie ◴[16 Nov 24 14:25 UTC] No.42156591{3}[source]
    100% not paranoid. I do this for basically all payments.
    17. telgareith ◴[16 Nov 24 15:43 UTC] No.42156948{3}[source]
    3rd party. ROFLMAO.
    18. vel0city ◴[16 Nov 24 17:03 UTC] No.42157437{5}[source]
    Troy's site isn't actually handling the user's real password to check, its doing a lookup of hashes to see if a similar hash is there. The password and final hash checks never leave the client side. Still a lot of trust involved in a site like that, and yeah he encourages you use the API to do the comparisons yourself.

    This is actually uploading all the information to the backend and storing it in a database. Like a page that is asking for a service URL, a username, a password, a TOTP secret, sending it all to the server, and having the server check if the credentials have been pwned and saving it all.