There's got to be a safer way

Go paperless with eyes wide open to security issues

Editor's note: This is the third in a four-part series about security issues and paperless transaction management platforms. See part one and part two.

The vast majority of real estate transactions close with the principals and real estate professionals obeying the law.

Onward and upward image via Shutterstock.
Onward and upward image via Shutterstock.

The issue occurs when someone makes a stupid decision to sign for a client -- or worse, when someone is attempting to defraud another party.

What steps can you take to limit your risks from these types of behaviors?

In order to best protect yourself from risks on the paperless transaction highway, it's important to know the primary sources of that risk. Four of the most important areas are outlined below.

Risk No. 1: The digital signature company goes out of business

Article continues below

Since litigation can take up to five years to reach court, what happens if your digital document provider goes out of business or is hacked? What if the agent who created the original documents is dead and his brokerage is no longer in business?

Regardless of the digital signature platform agents select, very few agents and companies are opting to use multiple-factor, knowledge-based authentication.

If an e-signature provider using PDF technology (see part two) goes out of business, you could be faced with the nearly impossible task of trying to resurrect the digital paper trail without its assistance.

If you were using the smart form technology, however, all the information you need is embedded within the document. There would be no need to contact the e-signature provider.

Risk No. 2:  Signing for others

Here's what a properly executed dotloop document should look like. Nevertheless, there is a problem. Dotloop verified that someone named Byron signed the document, but there was no additional knowledge-based authentication, or KBA, to see if Byron was really "Michele."

Bernice_Security_3_IMAGE1

This is the exact scenario that can allow an agent to log in to the digital signature platform and sign on his client's behalf, especially if the client decides to share the password with the agent. As mentioned in part two of this series, regardless of the digital signature platform agents select, very few agents and companies are opting to use multiple-factor, knowledge-based authentication.

Risk No. 3: No internal document tracking

To understand this risk, you must first understand how different e-signature companies tracks changes. Smart forms providers such as DocuSign, Instanet and zipLogix lock down their signatures and track changes within the document itself.

In contrast, the Adobe EchoSign, dotloop and HelloSign platforms track changes using the PDF trail on their respective sites, rather than within the document.

Dotloop's "Version Now" also does something unique. When there is a change in any term, Version Now archives the original document and creates a new version that lacks the original signatures. According to Steve Peele, this provides "a higher level of security because each party is signing off on the latest version of the negotiation."

Here's how the dotloop process works:

1. The buyer's agent submits a dotloop-verified offer to a seller.

2. The seller counters the price, closing date, loan amount and down payment. Counteroffer returned to buyer.

3. Buyer receives the seller's counteroffer. "Version Now" has archived the original purchase contract and created a new version without the buyer's initials and signatures. If the buyer elects to accept the seller's counteroffer, the buyer must re-sign the counteroffer plus re-signing the entire purchase contract again.

4. Assume that the buyer wants to make another counteroffer. When the seller receives the buyer's new counteroffer, they too will have to now re-sign the purchase contract and any subsequent counteroffers.

5. The process of re-signing continues until both parties come to an agreement.

The first issue here is practical. Assume that 10 different couples submit an offer on your listing and your sellers counter each offer. (In some states you can counter only one offer at a time.)

All 10 sets of buyers make counteroffers. The sellers make a second counteroffer to all buyers. At this point, each seller would have to re-sign and re-initial a total of 10 signature fields per offer (100 total signature fields).

The risk occurs in what is required of the listing agent to track changes. Specifically, the agent must:

1. First create 10 separate loops -- one for each transaction.

2. Visit the dotloop website to open the PDF tracking for version of the document.

3. Check all 400 signature fields (40 fields for 10 offers).

4. Determine if there were any changes from the previous documents, and, if so, what were those changes and where were they located?

In contrast, agents using smart forms need only to open each document. Changes are tracked within the document independently of the e-signature company's platform.

Dotloop CEO Austin Allison acknowledged that the issue with counteroffers was a "fair point," and said dotloop will be "continuing to innovate based upon the feedback from their users."

Risk No. 4: Locked vs. unlocked signatures

When the signatures are locked, it's difficult to make changes to the document. It can be done with tools such as Photoshop, but it will not happen accidentally. That's not the case with "Version Now." Here's what I experienced:

1. I used dotloop to sign the following document. I sent it to my husband, Byron Van Arsdale, for his signature. Byron made one change to the document and emailed it back to me. Here's the dotloop-verified document as it appeared on Byron's computer:

Bernice_Security3_IMAGE2

2. Dotloop returned the document to me via email for re-signature.

3. Because I had Adobe EchoSign on my computer, when I opened the dotloop email containing the document, Adobe overrode it and noted, "Signature fields detected." Because "Version Now" archived the original document and created a new document without any signatures, I was able to place an Adobe EchoSign signature using knowledge-based Verisign authentication where my original dotloop-verified signature had been before. Here's the screen shot:

Bernice_Security3_IMAGE3

Dotloop's response to this scenario is that its PDF trail would show which document was original.

That's true, but since my EchoSign signature uses multiple-factor, knowledge-based authentication, does that trump dotloop's verification, which lacks such authentication? Furthermore, does the Verisign certification extend to my husband's signature that was certified by dotloop, but not by Verisign?

Allison acknowledged that "because the Adobe EchoSign signature occurred later in the process than the dotloop signature, the Adobe signature would take precedence." Moreover, "the digital paper trail would be more difficult to follow because it would now exist on two different systems."

As you can see from the above examples, tracking what is going on using a PDF paper trail can be complex and extremely time consuming.

The dotloop system, in particular, is vulnerable not only on the issue of multiple-factor, knowledge-based authentication, but especially because Version Now requires repeated re-signing of the contract when there are changes in the terms.

So what if there was a better way? Something designed by agents -- for agents -- that uses multiple-factor, knowledge-based authentication in a totally innovative way? That capitalized on the latest technology, and was faster and easier than any of the current technologies?

See part four of this series to learn more.

Bernice Ross, CEO of RealEstateCoach.com, is a national speaker, trainer and author of the National Association of Realtors' No. 1 best-seller, "Real Estate Dough: Your Recipe for Real Estate Success." Hear Bernice's five-minute daily real estate show, just named "new and notable" by iTunes, at www.RealEstateCoachRadio.com.


Related Articles