NAR’s D.A.N.G.E.R. Report – Focusing on the Security Risk

DANGER ReportIn the D.A.N.G.E.R. Report, compiled for NAR by Stefan Swanepoel, a “security breach” is listed as a “high risk” for MLSs, though it is quite clear that the risk is to the industry more generally. According to Stefan, “Cyber criminals could attack the industry, breach the MLS, and cause disruption … as transaction management systems and mortgage systems are added or integrated, this threat becomes more serious.”

Only some leaders in our industry are taking this risk – and their responsibility – seriously. Everyone knows how important installing security updates (“patching” or “upgrading”) is, but between 28% and 46%, depending on industry segment, don’t take even that basic, no-cost step for their web servers, even though their organization’s websites are often a gateway for services for many stakeholders. Following is a chart of different industry segments, showing what percent were running unpatched servers with known vulnerabilities as of January 2015:

Patch Level - January 2015

We’ve got to do better than that. So, where does the industry need to focus its attention?

Security Assessment

Security risk assessment is the first step. Clareity Consulting has been helping clients with security risk assessments for the last thirteen years. Organizational security is not something executives should just be handing off to their technical staff, since many of the most important and foundational areas of security are non-technical. Vetting new staff and training them in how to deal with data securely is critical. Writing good policy and procedure documents makes it clear to employees, including both technical and non-technical employees, what their responsibilities are in securely operating your business. Detailed contracts extend these responsibilities to those who provide you with services, and to independent contractors. Also, physical security is extremely important – everything from making sure access is granted only to authorized people to making sure that sensitive information is handled properly and disposed of both timely and securely. Areas of more technical evaluation include routers and firewalls, wireless devices, virtualization environments, websites and applications, installed software, use of encryption, server and workstation operating systems, mobile device configurations, printers, copiers, and much more.

Payment Card Industry (PCI) Data Security Standard (DSS) compliance is also necessary in order for your business to process credit card information. The latest Payment Card Industry Data Security Standards (PCI DSS) now require compliance from organizations whose websites redirect their e-commerce transaction-processing functions to a third party, even though these organizations are outsourcing their credit card functions to that third party.

Having an in-depth knowledge of how information flows in our industry as well as both the business and technical aspects of electronic transactions enables Clareity Consulting to help organizations with this kind of risk assessment most efficiently.

Authentication

The D.A.N.G.E.R. Report focuses on login authentication applied to MLSs and integrated systems such as transaction management and document management. Of course, only weak authentication is in place for broker systems that are also integrated with such systems, and for the direct logins to those systems. Only about half the industry has implemented strong authentication for the MLS and integrated products and, in some cases, even those that have implemented strong authentication for the MLS have not required that all licensed and/or integrated software integrate the stronger measures.

Our industry has a complicated authentication problem to solve. Most login security solutions are not designed to work when the users actively wish to share their account. When mobile professionals have unusual computer use patterns and share computers in a “bullpen” situation, it is even more difficult to provide an effective security system. Even when an MLS has extensive fines for account sharing, we have found that subscribers are quite willing to try to share their login account with non-subscribing professionals, consumers, and others. Most MLSs prefer an authentication solution that focuses on stopping long-term account sharing to one that may cause some inconvenience to users but more reliably prevents an unauthorized user from using account information to access an account even once.

Clareity Security, the leading provider of strong authentication to the industry, has an amazing array of technology that can be used to provide more proactive security, including an exciting new biometric method for mobile devices that is patent pending. Even the current technology Clareity Security has in place at MLSs can be configured to be more stringent, but the industry has to have the will to implement it in that way. Hopefully the industry will move in that direction before there is a publicized security breach.

Clareity Security has always recognized the need to balance cost and convenience with security. That is why Clareity Security has built a RISK based scoring system that has been fully customized to real estate use cases, ensuring that when strong authentication is necessary based on risky behavior and/or application sensitivity, it can be implemented.

Clareity Security also leads the industry in the best practice implementation of secure single sign-on (SSO). Using the SAML (Secure Assertion Markup Language) standard, the company has provided a way for hundreds of applications to be SSO integrated while still maintaining good security. I have also seen some very bad implementations of SSO that create tremendous risk for the organization because they have little to no security.

There are new, emerging authentication challenges as well. For example, it is very difficult to protect authentication to APIs, especially those that are designed to be used by mobile applications. This is an issue that I presented at a RESO meeting in 2013 and, to date, only limited protective mechanisms have been developed by some vendors.

Screen Scraping

Though consumers are providing their agents with information solely for the purpose of marketing their property for sale, it’s very difficult to ensure real estate information is being used for only that legitimate purpose, since our industry sends the content to so many locations online. One of the biggest challenges is “screen scraping”, when someone copies large amounts of data from a web site – manually or with a script or program. There are two kinds of scraping, “legitimate scraping” such as search engine robots that index the web, and “malicious scraping” where someone engages in systematic theft of intellectual property in the form of data accessible on a website. Malicious scraping has been a severe problem in the real estate industry for a decade or more. Bad actors and their software “bots” can grab MLS data and resell it or use it for their own purposes. The very largest sites, such as Realtor.com, have invested millions in anti-scraping solutions, and these solutions have to be constantly updated as scrapers become ever more sophisticated. However, as some sites take steps to protect the content, that pushes the scrapers out to harvest content from other sites that are less well protected. For our industry, Clareity Consulting recommends a company it has worked with (and is currently consulting for), Distil Networks, that provides a robust and scalable technology solution at a cost that even an individual agent can afford for their site. Distil Network’s solution has so far been adopted by one MLS vendor, some IDX vendors, and some individual VOW sites. While some advertising portals have implemented anti-scraping measures as well, the industry has a long way to go to protect its content both in the MLS system and its public facing modules (client collaboration, framed IDX) and many of the other locations to which content has been syndicated.

Next Steps

Information security is not something where one can “set it and forget it”. New challenges emerge regularly. The policies and procedures, contract terms, and even the security audit tools I used even five years ago have changed radically – they are always changing. We’ve got to get both authentication and screen scraping under control. If you’re an executive in this industry, whether of an association, MLS, broker, or software provider, it’s time to move faster and press harder on security. Start with assessment. I can help with that. Then we can figure out the next steps for your organization. Just remember, security isn’t something you achieve: it’s an ongoing practice.

 

 

Clareity Security Helping Associations meet NAR Core Standards Requirement

Last year, NAR introduced six Core Standards that REALTOR® Associations must meet, focused on six areas. With exception of the financial solvency standard, Clareity Security’s Single Sign-on (SSO) Dashboard helps Associations meet all of the other Core Standards.

DB1

DB2Code of Ethics – The Clareity SSO Dashboard with Association Management Integration links new and existing members to all of the integration courses offered by the association. The Dashboard messaging system can be used by Association staff to alert the member when their Code of Ethics training has not yet been completed. Clareity’s partnership with NAR, and the NAR Resource Module, will give every member one-click access to all NAR Resources, including Code of Ethics.

 

AdDB3vocacy – Through the NAR Resources Module, there is a Realtor Party tile (an interactive Dashboard component) that will link all members to the Realtor Action Center. This is their direct connection to all of the NAR PAC information and happenings. Within the NAR Resources Module, and more specifically, the Realtor Party tile, NAR can initiate a special “Call to Action” communication, which will alert all members dynamically. Communication for Calls to Action can also be communicated through the Messaging Module, which will increase visibility and conversions. Lastly, as necessary, each association can install hyperlinks and or SSO links to their respective State Association RPAC efforts. The Clareity Dashboard comes with a robust Reports Dashboard, which allows the association to view, run, and share reports about Member Engagement.

 

DB4Consumer Outreach – The Messaging Module inside the Clareity Dashboard is perfect for promoting Consumer Outreach activities. The association could also create custom tiles to add to the Association Services modules on their dashboard as well.

 

DB5Unification – The Association Resources Module, bundled with the NAR Resources Module, gives the association the ability to communicate, promote, and provide direct connections to activates at their local Association, the State Association, and anything NAR wishes to promote. The Dashboard can display information appropriately, based on the type of user as per association records, so that limited function referral organizations (LFRO) can be invited to participate in political advocacy (i.e. PAF and Calls For Action).

 

DB6Technology – Every association must have an interactive website, post access to professional standards arbitration filing processes, and create a link to the websites of the other levels of the association for promo;on of member programs, products, and services. The Dashboard, specifically the Association Services Module, features the ability to create static and/or SSO links to various member services, local, state, and NAR site pages. The Clareity Dashboard is the perfect vehicle for member communication … putting the local association into the driver’s seat. With every login to the MLS (or any other of their applications), they will see your association’s messages, campaigns, and individual links.

 

For more information about how your association can implement the Clareity Security SSO Dashboard, please contact sales@clareitysecurity.com.

Clareity Security and the Great Flywheel of Convenience

A Ten Year Journey

In James C. Collins’ bestselling business book, “Good to Great”, he introduces the concept of the flywheel. Outside of business, a flywheel is a heavy wheel that, once momentum is built, can store and provide consistently great power to a machine even when regular power is interrupted. The tricky thing about a heavy flywheel is that it can take great effort to overcome its initial inertia, and sometimes it takes a long time of pushing to get it up to full speed. Collins uses the flywheel as a metaphor for business, describing how, with consistent effort and persistence, a company can achieve great things. Clareity Security has been pushing on some great flywheels for some time, and it is perhaps overdue to describe those efforts to the industry at large.

Flywheel alternator field magnet
(Rankin Kennedy, Electrical Installations, Vol II, 1909)

flywheel

The flywheel pushing began ten years ago. A client of Clareity Consulting needed to solve the issue they were having with unauthorized system access and theft of data, which had become a national epidemic due – in part – to lax password-only security. Clareity Security was highly successful at solving this problem, and after a few years was protecting logins for half of the industry with the SAFEMLS product. However, there was always some pushback on information security measures as inconvenient. Security in every context is always a bit inconvenient – it would surely be convenient to never have to remember house keys and just leave the door unlocked, but we don’t want someone walking in and taking our possessions. Still, Clareity Security was listening, and started exploring new ways to provide security more conveniently, though the new authentication technology would take some time to develop and deploy.

The push for greater convenience also led the way for something which is now a common term in our industry, “Single Sign-On(SSO). Clareity Security, with NAR’s support, created an open-source toolkit and reference implementation for secure “SAML” SSO in 2007. Vendors started to deploy more secure single sign-on in more places, making life easier for real estate professionals, while still ensuring best practices for data security and authentication.

While SSO was gaining momentum, starting in 2009 Clareity Security began to deploy a new, “zero footprint authentication” solution – a way to provide security while providing the minimum inconvenience to end-users possible. Using new technologies, security could be provided without carrying around hardware “key fobs” to generate one-time-use passwords and without software installation.

But one of the greatest breakthroughs occurred in 2010, when Clareity Security integrated Miami REALTORS®’ various applications using SSO technology to create a single dashboard for their members. Thus began Clareity Security’s SSO Dashboard initiative, which allows MLSs, Associations, brokers and others to present all the tools they provide to their subscribers (members, etc.) in one convenient location, and provide secure, convenient SSO. In 2012, Clareity Security extended this concept with the Clareity Store, allowing subscribers to purchase additional well-integrated products.

SSO Dashboard

Keep in mind that what you are seeing today is just the first version of the SSO Dashboard and Clareity Store – what is coming in 2015/2016 will make our industry look back and say, “That was a good starting place.” Clareity Security is committed to growing and enhancing the SSO Dashboard and Clareity Store to meet the changing needs of the busy real estate professional.

But, that was a lot of background – let’s look at this history in terms of what industry issues are being addressed with all this technology:

  1. The Value Proposition Problem. MLSs, Associations, and brokers now have a platform for expressing the value they provide by keeping their whole offering in front of users and giving them convenient access through SSO.
  2. The 90/10 problem. Traditionally, 90% of users use 10% of the offering. The SSO Dashboard improves significantly adoption of tools by users. In a recent case study, adoption of certain applications rose by an average of 75% within the first month of Dashboard implementation.
  3. The Robust “Site License” Offering vs. Differentiation problem. There has always been a strain between MLSs wanting to provide everything needed for agents to be professional yet leaving room for brokers and agents to differentiate using tools not in use by others in their market. The SSO Dashboard, combined with the Clareity Store, allows organizations to provide a platform that provides just the right balance.
  4. The Convenience / Security problem. SSO, by its very nature, creates an increased security risk: more resources – including platforms holding the most sensitive information our industry handles (document & transaction management) are available behind a single login. Because Clareity Security provides a great security solution that can be combined with the SSO Dashboard, this risk can be mitigated.
  5. Centralized Identity. With the introduction of SSO Dashboard including a SAFEMLS Identity Provider (IdP), everyone benefits from not having to remember and synchronize different user IDs and passwords across multiple platforms.
  6. The Revenue Assurance problem. When logins are shared, the honest folks pay for the resources being stolen by others. Clareity Security makes sure everyone pays only their fair share by reducing the number of “freeloaders” and reducing unauthorized access.

Clareity Security continues to push hard on the flywheel and innovate. In 2014, we released SAFEMLS+, providing even better security, especially for mobile users – plus an improved interface for customers’ staff. Clareity Security is working with specialist interface designers now on creating an even more amazing experience to be unveiled in 2015. And that’s just the beginning. If we keep pushing and the industry pushes with us, we can expect that widespread SSO Dashboard and Clareity Store deployments should eventually provide a personalized dashboard experience for the individual real estate professional. A tool that combines franchise, broker, MLS, association, and eventually even personal apps is the ultimate in convenience and power for real estate professionals.

It has been an amazing ten years for Clareity Security, growing from just being a security company to an integration company to a convenience and user experience company while retaining the best parts of its past while quickly moving toward its future.

When Clareity Security started on its journey, we had some good things in mind for our industry. But now that Clareity Security has been pushing for ten years, we can see great things ahead. An industry colleague once said, “We’re an industry driven too often by our fears and not enough by our dreams.” Dream with us!

Welcome to Boise!!

Boise BlogFor months I’ve been telling my Boise family and friends how excited I was for the first week of October.  Now, we have nearly arrived at the week in which 550 (and counting) of my close friends, business partners and industry colleagues arrive in Boise for the Council of Multiple Listing Services annual conference.  Since the location was announced last fall I’ve taken my fair share of ribbing about potatoes and a blue field.  A few of you expressed genuine excitement about visiting a place you had never been, and a few of you were less “enthusiastic” about the location (it’s ok, I forgive you.)

Naturally, I want EVERYONE to come and enjoy the incredible content put together by CMLS leadership and conference hosts Intermountain MLS and Willamette Valley MLS.  But I also want to show each of you some of my favorite spots in and around Boise.  So without further adieu, here is my completely biased view of “the BEST of Boise”.

Lets start with EATS since I know that’s what 100% of you will be doing at some point while you are here.  Walking distance from the hotel, downtown Boise hosts a veritable cornucopia of great places to eat.  I’m proud to say MOST of them are NOT chains.  Folks, if you were hoping for another overpriced steak from Morton’s this is not your town – you can however find some of the best grass fed local beef I’ve ever tasted.  PS – I might as well break it to all you Starbucks junkies that we also don’t have any of those downtown. Drive to the burbs if you are desperate, otherwise I highly recommend you walk to one of nearly 30 local coffee shops in the downtown area.

Ok, back the carnivore recommendations.  There are several places in downtown Boise to get a good steak (yes you can get a real IDAHO baked potato too).  Here are a few of my favorites:

  • Chandler’s Steakhouse –  If you have the patience, try the 10 minute martini, it’s worth the wait!  My recommendation for dinner is the American Kobe Beef grown right here in the Snake River Valley.  As a nod to our Willamette Valley co-hosts, I highly recommend any of the Pinot Noirs coming out of the Willamette Valley on the wine list.
  • Fork (Do we really need anything else?) –  Excellent Northwest Cuisine.  If you arrive Tuesday in time for dinner go get the Cast Iron Buttermilk Fried Chicken & Cheddar Waffle – trust me on this one.  Maybe it’s because I’m a Gemini but I LOVE the Huckleberry Gemini  ~ Idaho 44 Degrees North Huckleberry Vodka, St. Germain, fresh grapefruit juice and topped with splash of Prosecco :)
  • The Cottonwood Grille –  Looking to try some wild game? This is the place!  A gorgeous setting right on the Boise River – heaters on the patio for those of you that just can’t get enough of our fresh air.  I’ve had both the elk and the buffalo and recommend them both for the slightly more adventurous – good stuff!

If you are looking for something a little more casual, your options are nearly limitless in downtown Boise.  A dozen brewpubs, a tequila bar and yes even a restaurant/distillery that creates their own delicious Vodka and Rum along with some great casual dining!  I’ve haunted a few of the following joints with great satisfaction:

  • Bardenay – The only restaurant in the country that is also a distillery of vodka and rum (both are yummy). I think I’ve said enough here, but in case you need further convincing the locally raised pork chop is one of my favorites!
  • Bittercreek Ale House – Beer lovers meet up here! 39 drafts on tap from all over the West.  If you love a burger with your beer – these are some of the best!
  • Bar Gernika – Boise has one of the largest Basque (it’s a region of Spain for those who want to save the google) communities in North America and that means some great Basque food!  Try the Lamb Grinder or the Paella.
  • The Matador –  Okay, I’m allowing a “sort of” chain restaurant on the list but this place is AWESOME!  With over 50 kinds of tequila to choose from and a menu that includes goat cheese stuffed jalapenos wrapped in BACON, this place is a little slice of heaven on earth.

I realize breakfast is part of the AGENDA at CMLS but so many of you have asked me where to get off campus for a good breakfast so here we go:

  • BACON –  Anyone who knows me already knows this is my favorite spot.  Both breakfast and lunch are served featuring – you guessed it – my favorite food group, BACON. Seven kinds of bacon are served (I refuse to count the vegetarian option as bacon).  PS – for those of you needing a Bloody Mary to jump start your day, this is the place to be!
  • Goldy’s – Definitely try the Sunrise Mimosa, have two if you don’t have to behave responsibly for a few hours J The stuffed French Toast will have you speaking in tongues – delicious!  My favorite menu item is the Andalusian Eggs with the aforementioned mimosa.

Once you finish eating and drinking yourself into a near comatose state, you may decide you need a place to burn it all off.  If there was ever a week to leave the hotel gyms behind – this is it!  Boise (coming from the French word Les Bois “the trees”) is a gorgeous city with over 25 miles of greenbelt that follow the Boise River and hundreds of hiking trails.  Like your Mom always told you “go outside and play!”

  • Hike Tablerock –  This is one of my favorite hikes because the reward is an amazing view of our beautiful valley.  The trailhead is only minutes from downtown Boise – a quick cab ride or an easy walk of about 1.5 miles.
  • Walk or run the Boise Greenbelt –  This time of year is cool but not cold in the mornings (exception: Floridians and Arizonans) so throw on a sweatshirt and take in the beauty of Fall along our amazing river.  Folks around here are friendly so if you aren’t sure where you are going – just ask someone!
  • Head to the park for a workout!  Yes, Boiseans love the outdoors.  So much so that they built an outdoor gym with equipment donated by local company body building.com

If all these exercise options make you tired, put a down payment on some relaxation at this great Day Spa right in the heart of downtown Boise.

And if the CMLS schedule and your gastro-adventures haven’t completely consumed all available time, here is a list of 84 attractions in Boise.

Whatever you do while in Boise, I hope you all have an amazing time!  Please feel free to shoot me a message if you have any questions about other local information.  See you all next week!

Are You Taking the Proper Measures to Protect Your Digital Assets and the People Associated With Them?

What do 85 of the top multiple listing services have in common with the Pentagon, Twitter, Facebook, LinkedIn, G-Mail, Microsoft, NASA and most financial institutions, colleges and newevil1spapers?

They have all implemented data access security utilizing two-factor authentication.  Why, you ask? Because this form of data security supports their initiatives to implement “best practices” or “take reasonable steps” to protect access to their user’s personal information from cyber-villains.

Everything these villains might want to know about someone is generally hosted somewhere in their user profile(s). Name, address, phone numbers, date of birth, email addresses, characteristics and interests, employment history, etc. are all personal profile staples. This data is considered ‘Personal Information’ and comprises everything a villain needs to know about someone to commit nefarious deeds and gain additional access to even more personal information.

Most people assume, or would like to believe, the companies they engage with can be entrusted with their personal information or ‘secret identity’. They expect their personal data to be treated as a valuable asset and want their value to extend beyond a customer list, marketing program or data mining effort.

SpidermanAll companies now have a legal responsibility to protect the personal information their subscribers have provided them. The US government mandates companies implement “reasonable and accepted best practices” to protect the personal information they collect.

To date, 46 states have enacted a Data Breach Notification Law. Under these laws, a breach is defined as a single unauthorized access to a database containing personal information.  This means a single compromised user ID and password, whether willingly shared/borrowed or intentionally hacked, constitutes a breach. Reasonable steps must be taken to avoid such an occurrence. If a breach does occur, every individual with personal information stored within the breached database must be notified of the breach in writing. This is not only costly to implement, it can challenge the integrity of a company and have significant financial ramifications. Each state defines ‘Personal Information’ differently.  (Please refer to this chart and consult an attorney in your area for more specific details.)

Within our industry, we may feel these rules don’t apply or that we’re immune to such obligations because listing data is plastered all over the Internet. But the fact remains, the responsibility of the MLS goes well beyond protecting subscriber’s personal information and the sanctioned public display of listing information.  The MLS community must also consider:

  • Subscription revenue loss associated with shared access
  • Consumer (buyer/seller) data stored in the MLS system’s CRM and Client Gateway modules
  • Listing data not intended for public consumption (e.g. sensitive showing instructions such as alarm/gate/CBS codes, kids home alone, or when the house is vacant)
  • Compensation details

In many cases this is simply scratching the surface of what may be exposed. Introduce transaction management, online bill pay and document storage into the MLS services and exposure swells further.

Superman2

The fact is, laws or not, the need for secured access is an obvious and necessary requirement to conduct business in today’s world. For businesses that ‘fly under the radar’ thinking they won’t get caught it’s more a question of when than if.  The important thing to remember is you don’t have to be a superhero to mitigate your risk. Companies large and small are adopting best practices to protect access to their digital assets and those of their consumers and subscribers. So we ask again:  Are you taking the proper measures to protect your digital assets and the people associated with them?

 

And the Winner is… ClareityStore!

Clareity Security is ecstatic about our ClareityStore nomination, and subsequent WIN, of the 2013 Inman Innovator Award for Most Innovative MLS or Real Estate Trade Association App, Tool or Vendor. Want to know who else took home this prestigious award? Read more here.

photo

Welcoming a New Freshman Class to Team Clareity

The average age of a Clareity employee dropped significantly last week!  There is a youthful spirit surging through our organization after adding three new ‘Generation Y’ employees to the All-Star Clareity roster.  We are excited to have these bright, young people join our seasoned team of veterans!  They bring with them a ton of professional talent and infuse a fresh perspective on business.

steven4

Steven Yansak recently joined the team as our Staff Accountant in the Scottsdale, AZ office. Born and raised on the east coast, Steven has just recently moved from his hometown Rotterdam, New York to pursue opportunities in Arizona professionally and personally. Steven attended the University of Hartford earning his Bachelor of Science in Business Administration with an Accounting concentration.  He earned his minor in Psychology. Graduate school is in his future plans but Steven is currently enjoying his 20’s, his new job and is exploring his new home state.  Steven’s outgoing personality is a welcome addition to team Clareity – we love it when we find bean counters that are fun too!

 

michael1

Michael Elliot joined our Development Team in Knoxville, TN as a User Interface Developer.  He enjoys website design and the challenge of coding websites to work with design to make the user experience seamless and enjoyable. Michael started website design by accident in 2004, when he started coding his e-bay listings to look like a store.  With his new-found passion he set about learning website design. In addition to attending ITT and earning a degree in Multi Media, he refined his design and coding skills by spending much of his spare time practicing and learning new tools. When we asked Michael what he looked forward to most, he said “Now I can’t wait to see how I can take what I know to help Clareity Security be the best.”  That spirit to be the best is what we look for most in our team members and Michael embodies the Clareity spirit!

 

We are proud to welcome Steven and Michael to Team Clareity and look forward to their contributions in 2013 and beyond!

 

 

 

 

Why Clareity Chose Not to Build an App Store

Have you ever wondered why we spell CLAREITY with an “REI”? Well, it’s a form of an acronym and there are a few different interpretations that can be associated with the “REI”. For example, Real Estate Information, Real Estate Integrators and my personal favorite, Real Estate Innovators.  The “E” in Clareity can also stand for E-commerce. All are accurate interpretations of what Clareity does.

At Clareity we truly are Real Estate Integrators. In 2005, Clareity identified an industry challenge as MLS vendors and 3rd party service providers integrated their services on various authentication platforms.  Our CTO, Matt Cohen brought our industry’s leading service providers together in Las Vegas. At the conclusion of the second meeting, all parties agreed to utilize the SAML platform moving forward. The National Association of REALTORS liked what we were doing and provided Clareity a grant to create a SAML tool kit for real estate software developers. Today, Clareity platforms now integrate with over 80 product and service providers.

Clareity Security was formed with great intentions. We wanted to create solutions that added value and solved problems specific to our industry. As an Industry partner we are proud to provide services to over 100 MLSs (and a significantly larger number of Associations), representing 550,000 real estate professionals.

Clareity built a solid business based on providing a higher level of data security and revenue assurance for sensitive and proprietary MLS information.  Simultaneously we began offering a Single Sign on Service to facilitate more secure and convenient access to third party applications.

Two years ago at the request of a few MLS customers we started delivering the Clareity SSO Portal – which leveraged the SAML platform and made Single Sign On (SSO) and the applications offered by the MLS more visible. The Clareity Portal empowered these organizations to demonstrate their value proposition while simultaneously creating a better subscriber experience.

The Clareity SSO Portal translated into immediate success for both the organization and the end user.  The benefits were immediate to our MLS and Association customers:

  • They created a modern, locally branded experience that showed members the full range and value of the services offered
  • They became the secure and trusted point of entry for all services.
  • End users raved that a single User ID and Password provided access to ALL services
  • Adoption of 3rd party site licensed applications increased by as much as 12% within weeks
  • They gained a new channel for pushing custom content to their members
  • They added a mobile optimized entry point for applications and services.

Noting these benefits, our customers came to a natural conclusion for what should come next. They asked us to evolve the Clareity Portal into the Clareity Store to create a trusted place for secure E-commerce transactions.

Feedback we received from customers in 2011 and 2012 indicated a shift in traditional thinking regarding site licenses.  In addition to offering CORE services, our customers wanted to offer a broader choice of products and services to their subscribers, however existing site licensing models were often expensive and were becoming more difficult to manage as the list of vendors grew.   The “country club” model with one price for an all-inclusive experience was failing to offer the flexibility needed to keep up with all the innovation in real estate technology.  It also failed to create a personalized experience for subscribers based upon their unique needs.  Our customers also expressed frustration from licensing a product for every member, when adoption was low for many of the products.  And of course, there were also brokers that yelled STOP using my money to level the playing field – let agents pay for the optional things they want!

The solution to this dilemma is really quite simple:

CORE + STORE = SATISFIED MEMBERS (AND BROKERS)

Offering competitive and meaningful core services plus introducing a Store offers MLS organizations a bridge to the future of the MLS delivery of service.  This goes way beyond offering a stand-alone App Store.  This is about creating a hyper personalized and convenient way for products to be “one-click” ordered and provisioned to MLS subscribers while creating a seamless experience for members to access all of their products and services.

There has been movement by several vendors to develop proprietary APIs to improve access to and transport of MLS data.  Clareity Security, our customers and most of our industry partners believe that the industry is best served by having a single way to move real estate data between the MLS and other products. The RESO organization has worked hard on those standards over the past few years.  The MLS and vendor executive leadership is now in place to get both data standards and standards for transport in place in the very near future.  Clareity has donated hundreds of hours to RESO as have many other companies who are to be commended for their efforts.

Clareity knows that for a Store to be successful, it needs to be part of the end-user’s daily experience and nested in their natural workflow. Hence, the Clareity Store was designed to provide the customer’s CORE services through the SSO Portal and offer deep work flow integration within the leading MLS service providers software. Our approach has been validated by the ten large MLS markets representing an initial 270k actual users fully committed to this experience.

store innovators2

Additionally, we are pleased to announce a new partnership with CoreLogic to offer its MLS customers a customized Store within all CoreLogic platforms.  Clareity’s 550,000 user base combined with CoreLogic’s 650,000 MLS subscribers provides the national footprint that software developers and service providers have only dreamed about  – until now.

When you look at the BIG picture…what Clareity offers is an experience that is much more than just an App Store. Think BIGGER .  Combining CORE services with the choice of HUNDREDS of useful products and services that can be seamlessly ordered and provisioned to create a convenient, personalized experience for MLS subscribers was our design goal for our Store and we DID it!  Clareity offers real estate  organizations the opportunity to brand and evolve their business to the ever changing technology market.  And Clareity helps our customers accomplish this while doing it their way, at their own pace, and by respecting existing data licensing models and business rules while supporting evolving technology.

We hope you will reach out to us and learn more about the Clareity Store – and see for yourself why the App Store component is only a fraction of the Clareity Store offering!

How Do You Define Value? – Part 2

add_valueIn my last blog, I asked  “How do you define value?” It’s time to follow-up on that question.

Lets start with some simple internal questions to get in the right frame of mind: Who is your organization? What service do you provide? Who do you provide these services to? What value do you deliver to your customer?

I am aware most of you have already completed this exercise in some secluded strategic planning session for your business. But, as you ponder or answer these questions, dig deeper. Does your customer know these answers?  Is your customer aware of the full breadth of the services you offer? Is your customer aware of the value you are delivering? If they were aware of these benefits would it help you retain existing customers and secure new ones?

Over the years, our collective industry services have evolved.  Whether you are an agent,  a broker selling property/retaining agents, or an MLS, all these questions apply. Do you communicate your value to your customer? Does your customer know what products and services they are receiving in exchange for their investment in you?

Does your business continue to rely on emails, letters and flyers? Do you simply chalk up a 2% email “viewed” rate to the conditioned “RDR” response (short for REALTORS don’t read)?  Or do you want to reinvent the way your value can be communicated or presented to your customer?

Personally, my parents have always told me to be humble. However, humble does not always apply when it comes to my business. In business, I want to tell the world what we do, why we do it and who we do it for. I want to communicate what value I can deliver and why. I want to win over my customers. I want them to believe as I do.

I think many of you feel the same way about your business, so why not reinvent the way you communicate your value to your customers and prospects?

We believe your customer deserves to be presented with your value on a daily basis in a non-invasive manner. Your customers access your MLS data an average of 2-5 times per day.  Why not furnish them with all you offer through a custom landing page.  You may be surprised with the results.  Clareity customers currently using the SSO Portal have experienced:

  • Increased Adoption / Usage of all Services – as the user is presented with all the service options upon login we generally see a 10% to 12% increase in adoption
  • Improved End User Experience – one login to all solutions improves efficiency and ease of use
  • Content driven down through broker/Associations/MLS Site – messaging is clear, concise and consistent as it is delivered to a customer across all services and through all access points
  • Demonstrated value proposition to end users – the customer understands what services your business is offering

If you are looking to increase not only value perception, but redefine and deliver real value contact Clareity today to see how we can help.

The New National Association of Real Estate Professionals – is this Zulia’s Nightmare?

Many of you have read the “Syndication Bill of Rights” that Clareity Consulting drafted as part of its April 2011 white paper titled Syndication to Real Estate Portals: Problems and Solutions”Clareity’s Bill of Rights laid down 10 rules that would make real estate publishers “industry friendly” and more respective of a the broker’s intellectual property – the listing.  Over the past year, I was invited to present the Bill of Rights notion at many NAR, state, and local broker meetings.  Since that time, we’ve seen several small and large brokers cease syndication to some or all publishers, but we haven’t seen a broker stampede or mass exodus yet. We’ve also seen a few national publishers (e.g. Homes.com and Trulia) respond and begin to improve their behavior by prominently displaying proper attribution and contact information for the listing agent and brokerage “above the fold,” instead of hiding it 4-5 screens deep. Still, on some sites, advertising for other agents – typically buyer’s agents – are displayed all around and even inside the listing detail so it doesn’t look like advertising, thereby deceiving the consumer. For the listing agent or broker, it’s as if someone plastered ads covering the yard sign the agent paid to have placed outside one of their listings. How can this conflict between the listing broker’s interests and the need for increasing quarterly profits of publicly traded companies be resolved?

Two weeks ago, a gentleman named Ben Caballero contacted me and introduced himself as the chairman of the newly created National Association of Real Estate Professionals (NAREP).  Ben said he was a big fan of the Clareity Syndication Bill of Rights, so of course he had my immediate attention.  Ben told me that the NAREP had formally opened for membership in October and is organizing as a 501(c)(6) non-profit trade association. NAREP plans to launch a national real estate listings network of Internet Data Exchange (IDX) websites overseen and managed by individuals who truly understand real estate — licensed real estate professionals. Ben’s goal is to create a competitive listings website that better meets the interests of listing agents and serves consumers better by delivering pure, current, and accurate information.

Following is an overview of NAREP and its objectives Ben sent me:

NAREP’s revenue model involves collecting a nominal $10-$20 total fee at closing from its member listing agents, a sharp contrast to those business models of Zillow, Trulia, Realtor.com, and others (i.e., the “ZTRs”), which typically charge monthly fees regardless of whether any home sale results. NAREP’s listings site would conspicuously display NAREP member agent’s contact information.  NAREP member agents agree to cease syndication of their listings to all websites not adhering to Clareity’s Syndication Bill of Rights (www.narep.net/br). 

 As the controversy surrounding the ZTRs demonstrates, monetization of listing data incentivizes their much-discussed and questionable business practices. The Internet lends itself well to the Pay-Per-Click (PPC) concept when selling a commodity, and the ZTRs have adopted a form of the PPC model (in that they charge their fees on the front end, regardless of the outcome). The ZTRs treat a home as just another commodity, but a home is not a commodity from the perspective of the individual buyer or seller. Rather, it is a personal part of their lives. All homes — and their buyers and sellers — are unique in some way. In short, the buying and selling of a home is a personal experience that is much different than that of buying or selling a commodity.

 Until now, consumers and industry professionals have tolerated the ZTRs’ business practices for lack of anything better.

By introducing a non-profit business model to the Internet real estate space that relies on the Pay-Per-Sale (PPS) concept, NAREP will give real estate consumers and practitioners an alternative to the ZTRs. NAREP will do so: (1) by enabling its practitioners to ensure the integrity of their listings, as the IDX data feed will ensure accuracy since it comes directly from the MLSs; (2) by providing consumers with a simpler, more streamlined online experience; and (3) by satisfying consumers’ hunger for listing data. Because it incentivizes data integrity and promotes customer service from cradle-to-grave of the home buying/selling process, NAREP believes that, for homes, the PPS model of monetization is more compatible with the real estate industry’s long-standing and proven business practices. 

NAREP’s mission is to end syndication abuse, not syndicators or syndication sites. If they wish to remain relevant, they must adopt more responsible business practices than what they currently have in place. Clareity’s Syndication Bill of Rights is a good place for them to start.

So, Ben is a man on a mission.  NAREP is a fledgling trade association, but perhaps it can fill a void that groups like NAR, CMLS and the Realty Alliance have been unable to do for legal fears  – anti-trust or group boycott – and other reasons, including broker fragmentation on this issue.  Some colleagues have told me, “Gregg, NAREP is just a few brokers led by one guy that’s fed up with the system.”  My response to that has been, “Isn’t that how most groups start?”

I find NAREP very interesting as one of the first efforts in a long time focused on the interests of brokers and online publishing.  At Clareity Consulting’s first conference back in 1998 – “Law and Order in Information Commerce” – the content owner’s IP rights were a major topic on the agenda.   Since the beginning of online publishing, the collective voice and IP protection for broker’s content have been fragmented.  No offense to NAR, The Realty Alliance or Leading Real Estate Companies of America, but there has been a leadership void in this specific area, and other than the handful of brokers that have pulled their listings from syndication, 99% of brokers and agents have been forced to put up with the increasingly egregious terms and unfortunate business practices set by the national publishers, or “ZTRs” as Ben calls them.

Ben is not your average REALTOR®.  According to NAREP’s Press Release dated October 10, 2012:

Caballero was the top individual real estate professional in the United States for 2010 and 2011, as measured by unit sales and dollar volume, with more than 4,500 home sales exceeding $1.2 billion in total value. He is the co-founder of the National Association of Real Estate Professionals. He serves as a member of the board of directors of the Greater Metro Multiple Listing System of the MetroTex Association of REALTORS®.”   

So Ben is not some wing nut with an idea who just fell off the turnip truck.  Ben knows real estate and he’s sick and tired of syndication and the publishers looking for ever-increasing profits, made off of his listings.  Can this one man rally the industry?

I love the subject of online real estate advertising and I’ve been involved with it since launching CyberHomes at NAR in Atlanta in 1995.  (Wow, that was 17 years ago this week.)  I was curious what a large brokerage I respect would think about NAREP, so I made an introduction, and Ben met with them last week.   I was impressed when this firm responded very positively and agreed to join and support NAREP and the company’s CEO was invited to join the NAREP board. This brokerage is part of a powerful national franchise/organization and is also a member of the Realty Alliance.  A few large brokers can put a dent in any publisher’s inventory.

Will NAREP grow to fill the aforementioned void and be able to turn the table on the publishers?  Will NAREP be successful enough that the publishers are forced to further moderate their practices in order to receive the broker’s listings? Will the national publishers, with over two billion dollars in market capitalization, and more than $300 million in cash, overwhelm anything NAREP, and a freshly united real estate professional group, do to reach consumers?

NAREP reminds me of a song I learned at bible camp in Minnesota when I was about 10 years old: “It only takes a spark, to get a fire going …”

NAREP will be in booth #422 in Orlando, or you can reach the man on a mission at:

Ben Caballero,Co-Founder and Chairman

National Association of Real Estate Professionals, Inc.

(214) 997-1229 | (214) 616-9222 mobile

ben@narep.net | www.narep.net