By MAUREEN WILKEY
Think no one is watching you when you share passwords or security tokens to allow others to access your multiple listing service? Think again.
While many real estate companies are monitoring online clicks and cursor time as helpful metrics tools to gauge which listings are most popular or which neighborhoods might be taking off, some technologies are taking aim at unauthorized use of MLS accounts.
AdmitOne Security has developed a technology that cues in on a user’s unique typing "signature," based on that user’s keystroke rhythm. The technology can detect an interloper if the typing patterns don’t synch with the user ID.
"You and I typing the same thing will do it in a different rhythm," said Matt Shanahan, senior vice president of marketing and strategy with AdmitOne. "So we can tell if more than one person is on the account, even if they’re accessing it from the same computer."
The company also has more basic security tools that automatically flag instances in which an account is accessed in two different places at the same time or roughly the same time, for example.
"If the same MLS was accessed by the same user hundreds of miles apart within five minutes, it’s obviously not the same person using it," Shanahan said.
AdmitOne recently announced that Mountain Central Association of Realtors is using its Security Scout product to monitor its service. Security Scout also uses location as a determiner of who might be sharing.
In December, AdmitOne announced a deal with Paragon Online, an MLS data and services division of Fidelity National Real Estate Solutions, to bring Security Scout to Paragon users.
While traditional methods of securing MLS listings are still in place throughout the country, it’s easy for real estate professionals to share tokens, passwords and other information or devices to cut through the security walls.
Security measures can be inconvenient to the majority of users who aren’t breaking the rules, says Mark Lesswing, senior vice president and chief technology officer with the National Association of Realtors.
"Most systems are still using two-factor authentication, which means they require something you have and something you know. For example: a password as ‘something you know’ and a token as ‘something you have,’ " he said. "Using typing rhythms would be the ‘something you had,’ so you wouldn’t be inconveniencing most people who aren’t sharing."
It would be more convenient if agents didn’t have to provide tokens to access MLSs, said Lesswing.
Many MLSs that now work on the token system see problems with token-sharing among real estate professionals who share offices. Typing rhythms would solve this problem because each agent could buy into the MLS they wanted, and not have to worry about tokens, which can be costly.
In some cases, agents aren’t sharing to try to avoid paying extra fees — they’re just allowing their assistants to access the system for them. AdmitOne allows them to register their assistants so they won’t be penalized under the Secure Scout system.
While some may be concerned about the implications of privacy in analyzing typing rhythms, Shawn Dauphine, director of the Houston Association of Realtors MLS, says that no personal information is ever matched with the rhythm.
"It wouldn’t be used for consumers. It’s more for subscribers and even then we wouldn’t be able to match it with specific people," he says. HAR is considering whether to implement a similar security system.
"Ultimately, this may lead to biometrics like retina scans or thumbprints, but they probably won’t end up doing those kinds of things because it’s more of an inconvenience than something like this," he said.
Maureen Wilkey is a freelance writer in Illinois.
What’s your opinion? Leave your comments below or send a letter to the editor.