Mortgage Applications Lowest Since 2000

 

Apr 30 2014, 7:55AM

 

The week ended April 25 was one of the slowest for mortgage application activity the industry has seen in years.  The Mortgage Bankers Association (MBA) said applications for both purchase mortgages and refinancing decreased and its Market Composite Index, a measure of overall mortgage applications volume, fell to its lowest level in almost 15 years.

 

The Composite decreased 5.9 percent on a seasonally adjusted basis from the week ended April 18 and was down 5 percent on a non-seasonally adjusted basis.  Refinancing activity fell 7 percent and purchase applications were off 4 percent from a week earlier on both a seasonally adjusted and an unadjusted basis and was 21 percent lower than during the same week in 2013.

 

Refinancing fell to exactly half of all mortgage applications from 51 percent the previous week.  This is the lowest share for refinancing since July 2009 and it is 13 percentage points below the level at the beginning of 2014.

 

Refinance Index vs 30 Yr Fixed

 

Purchase Index vs 30 Yr Fixed

 

“Both purchase and refinance application activity fell last week, and the market composite index is at its lowest level since December 2000,” said Mike Fratantoni, MBA’s Chief Economist. “Purchase applications decreased 4 percent over the week, and were 21 percent lower than a year ago. Refinance activity also continued to slide despite a 30-year fixed rate that was unchanged from the previous week. The refinance index dropped 7 percent to the lowest level since 2008, continuing the declining trend that we have seen since May 2013.”

 

Contract interest rates for fixed rate mortgages were lower or unchanged from the previous week while effective rates all decreased.  Interest rates for 5/1 adjustable rate mortgages did increase during the week with the average contract rate rising 10 basis points to 3.26 percent.  Points decreased to 0.35 from 0.36 and the effective rate decreased from the previous week.  Approximately 8 percent of mortgage applications were for the various adjustable rate products, essentially unchanged from the previous week.

 

The average contract interest rate for 30-year fixed-rate mortgages (FRM) with conforming loan balances of $417,000 or less was unchanged at 4.49 percent, with points decreasing to 0.38 from 0.50.  The average contract interest rate for jumbo 30-year fixed-rate mortgages with balances greater than $417,000 decreased to 4.37 percent from 4.41 percent, with points dropping to 0.14 from 0.34.

 

The average contract interest rate for 30-year fixed-rate mortgages backed by the FHA decreased to 4.17 percent from 4.20 percent with points decreasing to 0.10 from 0.41 and the rate for 15-year fixed-rate mortgages decreased to 3.53 percent from 3.55 percent.  Points for the 15-year decreased to 0.31 from 0.33.

 

MBA’s data is derived from its Weekly Mortgage Applications Survey which it has conducted since 1990 and which covers over 75 percent of all U.S. retail residential mortgage applications.  Survey respondents include mortgage bankers, commercial banks and thrifts.  Interest rate information is based on loans with an 80 percent loan-to-value ratio and points include the origination fee.  Base period and value for all indexes is March 16, 1990=100.

 

Types of Short Sale Programs

Repost – Types of Short Sale Programs by Jonathan Katz

Types of Short sale programsThere are different types of short sale programs from which you can choose best suited for you. Choosing a short sale program is really critical because selection of wrong program will not only cause the rejection of short sale, but also will waste your time money and resource. There are a number of short sale programs, but keep in mind that you may not be able to choose the specific programs. The selection of program may depend upon the type of loan and investor.

Different Types of Short Sale Programs:

Some of the most common short sale programs are given here to provide you an understanding of the options available to you.

Traditional Short Sale

A traditional short sale is the most common type of short sale program. Some short sale sellers don’t want the delay that can be inherent in government programs, so even though they might qualify for a Bank of America HAFA short sale, they opt for traditional short sale program just to avoid the delayed processing. For traditional short sale you will need to provide the hardship letter along tax returns and other documents. More and more banks will say, “Yes” to a short sale and “No” to a foreclosure.

VA Short Sale and FHA Short Sale

If your current loan is secured by the VA, then you have VA loan and if it is insured by FHA, you have an FHA loan. The best way to know about your loan plan whether it is VA or FHA, is looking at the percentage of original sale price. In the form of VA, your loan balance is 100% of the original sale price. If the original balance was closed to 97% of the sale price then it is probably an FHA loan.

The main things to know about a VA short sale and FHA short sale:

  • Neither type of loan will qualify for the HAFA short sale program, but you can receive a relocation incentive.
  • Due to the additional layer to the approval, your proposal will take more than the normal time required to close the short sale.
  • The government will pay for a full-blown appraisal (no BPO) and expect market value.

HAFA Short Sale Program

In case you have two or more than two lenders then you will need the participation of all lenders in HAFA short sale program to qualify for HAFA short sale. The HAFA is government short sale program that with few limitations can pay you or your bank up to $3,000 to do the short sale. In the starting of HAFA program guidelines were very strict, but with the passage of time these have been made relaxed. You can do a HAFA short sale on investment property now as well. The biggest benefit of HAFA short sale is that your bank has to release you from the personal liability and you don’t have to face deficiency judgment.

Freddie Mac Short Sale

Freddie Mac is also a government sponsored entity. If the Freddie Mac is an investor, then you will need to do a Freddie Mac short sale. This will be adding an extra layer to the approval of the short sale. Freddie Mac will need a long affidavit to be signed. In the case of Freddie Mac home will be sold at “as is” condition. Unlike many short sale investors, Freddie Mac will allow the seller to rent back for a few months.

Fannie Mae Short Sale

Fannie Mae is a government-sponsored entity. If Fannie Mae is the investor, then you will need to do a Fannie Mae short sale and this will be adding and additional layer of approval to the short sale process.

You might have a problem in that short sale if you have a second loan and that second lender demands more money than Fannie Mae would allow you. It may require dealing with second lender before opening the short sale at Fannie Mae. Fannie Mae normally does not postpone auctions. If you are closer to the trustee’s auction than you are to closing the short sale, Fannie Mae may opt to choose the foreclosure.

Fannie Mae HAFA Short Sale

Fannie Mae HAFA short sale program is considered the most complex short sale program. The government has been trying to make the processing of this program easy. It is possible that short sale would be delayed if your Fannie Mae short sale is through the Bank of America. You may have some relaxation if you are the principal resident of your home, but Fannie Mae no longer requires occupancy as a condition of the short sale. It is also no longer a requirement that your loan be delinquent.

Freddie Mac HAFA Short Sale

A Freddie Mac HAFA short sale needs to be preapproved in advance. This is also one of the complex short sale programs. The preapproval in advance itself is a biggest problem for some banks. Every bank does not seem to understand this preapproval requirement for a Freddie Mac HAFA short sale, but if your short sale program is approved by Freddie Mac and your servicer, it moves really quickly. You can expect to get approval within 30 to 60 days.

Cash for Short Sale Programs

Getting the cash for sale is the wish of every short seller, but there are rare chances that debt is forgiven and sellers are released from the personal liability. Consulting your bank is the better way to find out that if you can get cash for sale or not.  The Bank of America cooperative short sale or the Bank of America HIN Incentive programs are considered the most famous cash for short sale programs. There may be sellers who could qualify for both types of Bank of America programs and get paid.

Types of Short Sale Programs by Jonathan Katz

The Heartbleed Bug

Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What leaks in practice?

We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.


Q&A

What is the CVE-2014-0160?

CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.

Why it is called the Heartbleed Bug?

Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Is this a design flaw in SSL/TLS protocol specification?

No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

What is being leaked?

Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.

What is leaked secondary key material and how to recover?

These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.

What is leaked protected content and how to recover?

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.

What is leaked collateral and how to recover?

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

Recovery sounds laborious, is there a short cut?

After seeing what we saw by “attacking” ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.

How revocation and reissuing of certificates works in practice?

If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.

Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

How widespread is this?

Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

How common are the vulnerable OpenSSL versions?

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

How about operating systems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:

  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:

  • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

How can OpenSSL be fixed?

Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

Should heartbeat be removed to aid in detection of vulnerable services?

Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.

Can I detect if someone has exploited this against me?

Exploitation of this bug leaves no traces of anything abnormal happening to the logs.

Can IDS/IPS detect or block this attack?

Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.

Has this been abused in the wild?

We don’t know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

Can attacker access only 64k of the memory?

There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.

Is this a MITM bug like Apple’s goto fail bug was?

No this doesn’t require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.

Does TLS client certificate authentication mitigate this?

No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.

Does OpenSSL’s FIPS mode mitigate this?

No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.

Does Perfect Forward Secrecy (PFS) mitigate this?

Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please see https://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.

Can heartbeat extension be disabled during the TLS handshake?

No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.

Who found the Heartbleed Bug?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon’s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

What is the Defensics SafeGuard?

The SafeGuard feature of the Codenomicon’s Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the “goto fail;” bug in Apple’s TLS/SSL implementation that was patched in February 2014.

Who coordinates response to this vulnerability?

NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.

Is there a bright side to all this?

For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.

Where to find more information?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

References

Heartbleed logo is free to use, rights waived via CC0. [download logo in SVG format]

Page updated 2014-04-10 19:50 UTC.

‘Heartbleed’ Internet security bug is as bad as it sounds

By Hiawatha Bray

 

The word “Heartbleed” meant nothing at the start of the week. Today it is one of the hottest topics on the Internet — a simple security bug in an obscure piece of software that could compromise the personal information of millions. And while the Internet’s biggest companies scramble to fix the problem, users had better get ready to upgrade their own security practices.

“It’s not an academic exercise,” said Trey Ford, global security strategist at network security firm Rapid7 LLC in Boston. “I think this is a really big deal.”

So big that Ford thinks people should take a time out from online retailers, financial services sites, or online destinations that require entering sensitive information — names, addresses, credit card numbers. “I probably wouldn’t log into those for a couple of days or so,” he said.

To Ford, this isn’t another exaggerated Internet scare. Heartbleed really is that bad. But what is it?

Heartbleed is a bug that was accidentally added to a vital piece of software called OpenSSL, which secures thousands of Internet sites worldwide. OpenSSL software is built into Apache, the server software used by about two-thirds of the world’s websites to deliver Web pages to your computer. It sets up an encrypted data channel between your machine and the remote server. When it’s working properly, data traveling between the two machines looks like gibberish except to the authorized computers, which have keys for decoding the information.

OpenSSL is vital to Internet commerce, making it safe to move financial information online. But in 2012, during a software upgrade, someone wrote a bit of bad code that makes it possible to read unencrypted information from the memory of the remote server. This can include the encryption keys needed to decode the data stream, and e-mails, financial data, phone numbers — pretty much anything.

A security engineer at Google Inc. and a team of researchers at Finnish security company Codenomicon Ltd. uncovered the problem and raised the alarm on Monday. In the process, they kicked off an online panic that is quite justified.

OpenSSL “is at the cornerstone of trust on the Internet,” said Ford. It’s not just buying and selling. For instance, Internet e-mail services such as Yahoo Mail use OpenSSL to ensure the confidentiality of personal messages. So much for that: A security researcher was able to steal a Yahoo username and password from the company’s servers by using the Heartbleed trick.

Yahoo says it has fixed the problem on its servers. Meanwhile, other major Internet companies are also offering reassurances. I pinged Amazon.com, Facebook, tax preparation company Intuit Inc., and the Internal Revenue Service. All replied that their computers are not vulnerable to the Heartbleed problem.

But before you relax, consider that this bug was introduced two years ago. All this time, our “secure” data has been vulnerable. If some criminal gang had exploited the bug, I think we’d recognize them by a trail of emptied bank accounts, so this probably hasn’t happened. But if you worked at a spy shop like the National Security Agency or China’s Ministry of State Security, you’d be dead quiet about this handy little exploit. Instead, you’d use it to quietly scoop up intelligence on carefully selected targets.

Has this happened? Who knows? Exploiting a security flaw will often leave traces behind; you’ll know you’ve been hit, even if you can’t do anything about it.

But Heartbleed doesn’t leave a mark. Our passwords and personal data may already have been leaked out, scooped up, and filed away. Or not. It’s impossible to be sure.

Which is why Ford and other security analysts say there’s only one thing to do — change your passwords. Every last one, or at least every one that logs you onto financial, shopping, or social networking sites, the places where you share sensitive information. It’s also a good idea to delete all cookies from such sites.

But even this won’t protect you unless the sites you visit have upgraded their own software. Log onto a Heartbleed-affected server, and your new password could be as compromised as the old one. So Ford recommends taking your time. “Wait a day or two,” he said, “and then start changing passwords.”

In the early days of the Internet, global security scares came like clockwork; the Melissa virus of 1999, the I Love You virus of 2000 or 2001’s Code Red attack. Today the Internet is less vulnerable to sabotage. But as Heartbleed proves, there will never be a cure for carelessness.

Hiawatha Bray can be reached at hiawatha.bray@globe.com. Follow him on Twitter @GlobeTechLab.

Second Home Market Rebounding Strongly

Apr 7 2014, 11:33AM

Although the second home mortgage market experienced a severe decline during the housing downturn, Americans still aspire to buy second homes and have contributed to the growth of the market consistently since it hit its bottom in 2009 Fannie Mae said today.  While most mortgages are still originated to purchase or refinance owner-occupied primary residences, there is a significant market for mortgages to purchase second homes, those that are neither investment properties nor primary residences.  Fannie Mae’s new report issued today, Second Homes:  Recovery Post Financial Crisis, is part of its Housing Insights series.

Second home mortgages have accounted for an average of 4.76 percent of the purchase mortgage market since 1998 and the government sponsored enterprises (GSEs) Fannie Mae and Freddie Mac have been significant players, acquiring on average about 64 percent of the second home purchase mortgages by volume over that time period.

Fannie Mae uses information from the National Association of Realtors® (NAR) survey of second home buyers released last week to profile a typical second home buyer who is older, has a higher income, and is more likely to use a larger degree of cash to finance his purchase than the typical primary home buyer.  At the time of purchase 70 percent of second home mortgages had loan to value ratios under 80 percent compared with 44 percent of primary residence mortgages.

 

 

Second home mortgage originations have historically moved in tandem with the boom-bust cycle of the real estate market.  The share of second home mortgages more than tripled between the late 1990s and the peak year of 2006 then declined through 2009.  In every year since however the second home share of the purchase-money market (PMM) has increased.  During this period, however, the GSEs share of the market has decreased as the share of whole loans held by banks and other institutions has grown, suggesting that private lenders are becoming more willing to lend to these borrowers.  Between them the GSEs and bank portfolios now hold nearly 100 percent of the market compared to 77 percent in 2006.  Fannie Mae says one of the major reasons for this increase in market share is the exit of private label security (PLS) competitors from the larger playing field after the market collapse.

 

 

The boom years were good for second home mortgages which peaked at more than 15 times their 1998 volume during the housing bubble compared to around a 400 percent increase for other purchase mortgages.  However, the PLS share of second home originations, which was as high as 17 percent in 2006, has not rebounded as second home sales have recovered.

Fannie Mae says that geography played a role in both the decline and resurgence of the second home market.  Since January 1998, just over 1/3 of all second home mortgages have been originated on properties in Florida, California, and Arizona, three of the four states that then entered a multi-year foreclosure epidemic and witnessed huge price declines of over 40 percent each.  The only state with a larger price drop was Nevada, which was not a popular second home destination, accounting for only 2.5 percent of those mortgage originations from 1998 forward.  Those three Sunbelt states did not lose their popularity among second home buyers and accounted again for 34 percent of the second home mortgages originated in 2013.

While second home mortgages bubbled like all other purchase mortgages in the pre-2006 period, they did not perform as poorly as the others when the crisis hit.  While both first home and second home mortgages saw delinquencies trend upward in the years immediately after the bubble the second home purchase series outperformed the all other purchases series, indicating that second home borrowers have been better able to meet their mortgage obligations.

Fannie Mae noted many factors that will affect the future direction of second home purchases and second home mortgage originations.

  • Many buyers are affluent enough to pay cash and according to the NAR, between 2009 and 2013 an average of 38 percent of second home buyers did so. The remaining 62 percent who rely on a mortgage must have adequate income to qualify for those second home mortgage payments.
  • During the recovery housing wealth appreciation has lagged financial wealth. The recovery in financial markets has allowed many second home buyers, who are typically older and more likely to own financial assets, to sell some of their assets to buy second homes or use income from these assets to cover second home mortgage expenses. As shown in Exhibit E, older age cohorts, who are more likely to buy second homes, tend to own more financial assets.

  • The home price recovery rate in the three popular second home sites of Arizona, California, and Florida is another factor. The Federal Housing Finance Agency price indices comparing these three states to national averages show that two of the three have kept up with the national recovery, regaining about one third of their home price peak to trough losses but Florida lags far behind, having reclaimed only about 18 percent since bottoming out. Given this slow recovery and that Florida has accounted for the largest single share of second mortgage originations since 1998 (17 percent), home buyers have an opportunity to invest in Florida at bargain prices. That financial assets have recovered more quickly than home prices further increases this opportunity.
  • Yet another factor is the aging of the American population. The age group most likely to purchase a second home, those between 45 and 64 years of age, will grow at a slower rate than that of the total adult population between 2015 and 2060. Thus, while demand for second homes will continue to grow, it will likely occupy a smaller portion of the total purchase market. However, assuming that Americans continue existing investment patterns as they age and that aspirations of second home ownership do not wane, second homes should still occupy a significant place in the residential real estate market.

Fannie Mae concludes that although the second home mortgage market was also hit hard by the housing downturn, Americans still want to buy second homes and have contributed to the growth of the market consistently since its bottom in 2009.  The GSEs acquired roughly 60 percent of second home mortgage origination volume in 2013 and, barring rapid resurgence in PLS lending, should continue to be major players in the second home mortgage market.  “As the population continues to age, we expect people to continue to use their savings to buy second homes, thereby contributing to a segment of the mortgage market that will continue to grow in the years to come.”

Top 10 Crowdfunding Sites For Fundraising

Forbes.com Entrepreneurs 462,637 views

Unless you’ve been living in a remote island for the last few years, you’ve heard about crowdfunding or stories of people raising thousands or millions of dollars online.

In fact, there’s been so much chatter out there about crowdfunding that people love to throw out the line “yeah, I’ve heard there are something like 500 crowdfunding sites.” While hundreds of sites may be popping up, not all of them have real communities and funding successes under their belt.

Which begs the question… what crowdfunding site is best for you?

As a crowdfunding industry insider, I thought I’d give you an easy guide for which site to go to for your crowdfunding needs.

I’ll start with a tiny overview of the industry, a short primer on the different types of crowdfunding so you know what you’re looking for, and then I’ll get to specific recommendations for you.

The Crowdfunding Industry

Collaboration on the web is an area of exponential growth. Crowdfunding, or collaborative funding via the web, is one of the standouts for growth in this evolving collaborative economy.

The Crowdfunding Industry Report by Massolution put out data showing the overall crowdfunding industry has raised $2.7 billion in 2012, across more than 1 million individual campaigns globally. In 2013 the industry is projected to grow to $5.1 billion.

Some of the most interesting developments in crowdfunding, which are expected to grow in the months and years ahead, include: investment crowdfunding (becoming a shareholder in a company), localization (funding focused on participants in specific cities and neighborhoods), mobile solutions, and group-based approaches.

The JOBS Act that was passed in April of 2012 paved the way to investment crowdfunding, but the JOBS Act Rulings by the SEC have yet to be fully implemented to formally kick the market off. Expect big movement and activity in this area in 2013 and 2014.

Crowdfunding Models

There are 2 main models or types of crowdfunding. The first is what’s called donation-based funding. The birth of crowdfunding has come through this model, where funders donate via a collaborative goal based process in return for products, perks or rewards.

The second and more recent model is investment crowdfunding, where businesses seeking capital sell ownership stakes online in the form of equity or debt. In this model, individuals who fund become owners or shareholders and have a potential for financial return, unlike in the donation model.

Crowdfunding Sites To Choose From

Business owners are using different crowdfunding sites than musicians. Musicians are using different sites from causes and charities. Below is a list of crowdfunding sites that have different models and focuses. This list can help you find the right place for your crowdfunding goals and needs.

1. Kickstarter
Kickstarter is a site where creative projects raise donation-based funding. These projects can range from new creative products, like an art installation, to a cool watch, to pre-selling a music album. It’s not for businesses, causes, charities, or personal financing needs. Kickstarter is one of the earlier platforms, and has experienced strong growth and many break-out large campaigns in the last few years.

2. Indiegogo
While Kickstarter maintains a tighter focus and curates the creative projects approved on its site, Indiegogo approves donation-based fundraising campaigns for most anything — music, hobbyists, personal finance needs, charities and whatever else you could think of (except investment). They have had international growth because of their flexibility, broad approach and their early start in the industry.

3. Crowdfunder

Crowdfunder is the crowdfunding platform for businesses, with a growing social network of investors, tech startups, small businesses, and social enterprises (financially sustainable/profitable businesses with social impact goals).

Crowdfunder offers a blend of donation-based and investment crowdfunding from individuals and angel investors, and was a leading participant in the JOBS Act legislation. The company has localized crowdfunding and investment to help develop entrepreneurial ecosystems and access to capital outside Silicon Valley. Its unique CROWDFUNDx initiative in cities across the US and Mexico connects local investors with local entrepreneurs both online and offline, and does the work to validate top local companies in each city across the US and Mexico.

4. RocketHub
Rockethub powers donation-based funding for a wide variety of creative projects.

What’s unique about RocketHub is their FuelPad and LaunchPad programs that help campaign owners and potential promotion and marketing partners connect and collaborate for the success of a campaign.

5. Crowdrise
Crowdrise is a place for donation-based funding for Causes and Charity. They’ve attracted a community of do-gooders and and fund all kinds of inspiring causes and needs.

A unique Points System on Crowdrise helps track and reveal how much charitable impact members and organizations are making.

6. Somolend
Somolend is a site for lending for small businesses in the US, providing debt-based investment funding to qualified businesses with existing operations and revenue. Somolend has partnered with banks to provide loans, as well as helping small business owners bring their friends and family into the effort.

With their Midwest roots, a strong founder who was a leading participant in the JOBS Act legislation, and their focus and lead in the local small business market, Somolend has begun expanding into multiple cities and markets in the US.

7. appbackr
If you want to build the next new mobile app and are seeking donation-based funding to get things off the ground or growing, then check out appbackr and their niche community for mobile app development.

8. AngelList
If you’re a tech startup with a shiny lead investor already signed on, or looking for for Silicon Valley momentum, then there are angels and institutions finding investments through AngelList. For a long while AngelList didn’t say that they did crowdfunding, which makes sense as they have catered to the investment establishment in tech startups, but now they’re getting into the game. The accredited investors and institutions on AngelList have been funding a growing number of select tech startup deals.

9. Invested.in
You might want to create your own crowdfunding community to support donation-based fundraising for a specific group or niche in the market. Invested.in is a Venice, CA based company that is a top name “white label” software provider, giving you the tools to get started and grow your own.

10. Quirky
If you’re an inventor, maker, or tinkerer of some kind then Quirky is a place to collaborate and crowdfund for donation-based funding with a community of other like-minded folks. Their site digs deeper into helping the process of bringing an invention or product to life, allowing community participation in the process.

These 10 crowdfunding sites cover most campaign types or funding goals you might have. Whether you’re looking to fundraise or not, go check out the sites here that grab your attention and get involved in this collaborative community.

How Crowdfunding Is Shaping A New Economy

Crowdfunding has revitalized the Arts at a time when public programs that support it are steadily dying off.

Crowdfunding is growing a market for impact investing in social enterprises, marrying the worlds of entrepreneurship and philanthropy, and helping a broader base of investors to back companies for both profits and purpose.

Crowdfunding is accelerating angel investing and creating an entirely new market for investment crowdfunding for businesses.

So get involved and join a crowdfunding community today. You’ll make a difference for a project or business owner, and also help build a new and more collaborative economy.

*Disclosure: I’m the CEO of Crowdfunder and have personal relationships with many of the founders and teams at the sites listed, though I stand behind my picks here as guidance of value for people looking for the right site. –

5 best and worst rental return markets | 2014-04-01 | HousingWire

 

 

San Francisco - Bridge

 

Home prices have increased year-over-year for two years straight and do not show any signs of slowing down, the latest CoreLogic report revealed. So how does this impact the rental community and investors?

 

While strong cash-flowing rentals are in many U.S. markets, rising home prices are slowly put a dent in the value.

This follow a strong rise in demand for REO-to-rental securitization.

 

RealtyTrac composed a list of the 5 best and worst markets for rental returns.

 

The list was created by taking the 2014 fair market rent for a three-bedroom home multiplied by 12 months and then dividing that 12-month total by the median sales price of residential properties in the county.

 

Here is what they came up with:

Best:

 

5. Baltimore City County, Md.

 

Media sales price: $85,000

 

The average fair market rent sits at $1,599, and the annual gross yield is 23%.

 

4. Bibb County, Ga.  

 

Median sales price: $50,880

 

On the lower end of the best five, the average fair market rent is $1,008 and the annual gross yield is 24%.

 

3. Washington County, Miss.

 

Median sales price: $42,000

 

The county’s average fair market rent comes in at $862, posting a 25% annual gross yield.

 

2. Clayton County, Ga.

 

Median sales price: $50,750

 

Ranking in at number two, Clayton’s average fair market rent is $1,187, and the annual gross yield is 28%.

 

1. Wayne County, Mich.

 

Median sales price: $44,900

 

As the best rental market for rental returns, Wayne County posts an average fair market rent of $1,124 and an annual gross yield of 30%.

 

skyline
Now for the 5 worst markets for rental returns:

 

5. Marin County, Calif.

 

Median sales price: $745,000

 

The average fair market rent sits at $2,657, while the annual gross yield comes in at 4%.

 

4. Kings County, N.Y.

 

Median sales price: $573,000

 

One of two New York markets on the list, Kings County reported an average fair market rent of $1,852 and an annual gross yield of 4%.

 

3. San Francisco County, Calif.

 

Median sales price: $573,000

 

Significant above number 4, the average fair market rent hit $2,657, with a 4% annual gross yield.

 

2. Eagle County, Colo.

 

Median sales price: $525,000

 

This Colorado market recorded a $1,545 average fair market rent and a 4% annual gross yield.

 

1. New York, N.Y.

 

home

 

Median sales price: $887,000

 

Holding the spot for the worst market for rental returns, New York posted a $1,852 average fair market rent and a 3% annual gross yield.