Information security in the real estate industry is a huge, multi-faceted challenge. Much is at stake, including, ultimately, trust in the Realtor brand. The hardest part of the challenge, from my perspective, is that there are a large number of leaders that need to care about it who don’t care, and some who do care get fatigued or grow hopeless at how hard it is and how long a road there is to deal with it. When more than 40% of top MLS, association, and broker websites aren’t even keeping up with basic security patches, and most organizations are not assessing security risks regularly and remediating issues, it almost makes me want to throw up my hands in defeat. But I never have, and I never will. And now there’s a small glimmer of hope, at least in one little corner of our industry, and that’s the xDTM standard (http://www.xdtm.org/).
Version one of the xDTM standard, which was just published in March of 2016, describes best practices for digital transaction management. It covers information security and so much more:
The xDTM standards group has a board of directors that crosses many industry boundaries:
Is this standard perfect? Not even close. For example, the standards for authentication are completely out of line with those being set by the NIST, the National Institute of Standards and Technology (https://pages.nist.gov/800-63-3/) – but at least xDTM mandates more than one form of authentication be used, even if some of them are completely unacceptable by NIST standards. All of that said, we’re only on version 1.0 of xDTM – the standard still has room to evolve.
For those brokers and MLSs contracting for transaction management systems, finally there’s an easy way to reference minimum standards requirements for security and all of the other areas shown in the first picture above. Vendors can be contractually required to be compliant with the xDTM standard and become compliant with new versions within a specific time period. I believe that, with NAR, RESO, and Upstream getting involved with DTM, we can expect that some mandates may be in the works – and I think that’s a good thing. Change from within would be better than possibly even more burdensome further government regulation.
The path forward with xDTM won’t be easy for our industry. Some may look at it and think it’s all a bit much. And maybe some aspects of it don’t make sense for all parts of the real estate transaction, which is not the same kind of real-time transaction as purely financial transactions, which some of the standard seem to be designed around. The standard is complicated, and could mean technology services might need to be more expensive to address compliance costs. Most importantly, our industry will need to carefully consider what aspects of the agent workflow belong in a transaction system and would thus be covered by the standard. For example, though the earnest money and money disbursement processes don’t currently reside in our online transaction management systems, I believe they should occur in software systems that would be covered by xDTM. If they were, we’d see a whole lot less of the wire fraud that has been plaguing the industry. Also, some types of client collaboration / forms platforms may need to be covered by xDTM.
What does all of this mean to you? If you’re a broker or agent, it means that the technology systems you depend on should become more secure, usable, and dependable. If you’re a broker, MLS or other organization contracting for transaction systems, it means you have a standard to point to as a minimum requirement for vendors. And, for transaction management and related system vendors, it means having well-articulated definitions of where you need to be with your product.
We have a lot of information security challenges for our industry – authentication, general hacking risk, screen scraping and a “grey market” for copyrighted content, wire fraud, the physical risk to the client and transaction files, and so much more. Now, with important industry parties lining up behind a standard for at least a small part of our industry’s challenge, hopefully we will see renewed energy to address the rest of it. I’m ready to help.
Share this post: