Realty Reality: New MLS Security System

Realty Reality: New MLS Security System

Written by Bob Hunt Posted On Sunday, 02 April 2006 17:00

During the past few weeks the Southern California Multiple Listing System (SOCALMLS) has been distributing to its members a new security device, known as a SAFEMLS token, which is intended to bring a new, much-needed higher level of security to the MLS system. SOCAL is not the first MLS system to adopt this security program, but, with more than 30,000 members, it is so far the largest.

MLS members are like the rest of humankind; they resist change. Nonetheless, those who have been receiving the tokens and instructions for their use seem to be receptive to the innovation. There really is no argument that MLS systems have a need for security, even more so now than in past years.

From the consumer perspective, MLS security is important in two respects. First, and most obviously, there is the matter of sensitive information contained in the agent-only private remarks sections: gate codes, lock box combinations, information about when the home is unoccupied, or when children are home alone, etc. Secondly, and a matter of more recent concern, is that MLS systems are becoming the "front end" to broker and escrow transaction management systems -- systems that are liable to contain buyer and seller information that identity thieves would love to get their hands on.

From the point of view of the MLS systems themselves, breaches in security represent the potential for significant revenue losses. According to one estimate presented to SOCALMLS, somewhere between 10 - 25 percent of people accessing the system were not legitimate users -- that is, they were using passwords assigned to actual members, but were not members themselves. Suppose the number is 10 percent and your MLS system has more than 30,000 members, and members pay $200 or more to use the system. That number of nonpaying users adds up to a fair piece of change.

Curiously, older MLS systems -- prior to the advent of the internet -- were more secure than the present ones. That is because they required proprietary software and dial-up systems that kept them from being accessible to anyone whose computer(s) did not have the required software. Now, with web-based systems, by and large the only security available is through the use of passwords.

But passwords by themselves do not provide much security. Consider that one survey cited to SOCALMLS showed that 12 percent of users on a password system used "password" as their password. 16 percent used their own name, and 8 percent used their birth date. Moreover, 75 percent of the users knew the password of some other system member. The last fact reveals the greatest weakness of password systems. A password can be given to others, who may give it to others, and on and on.

A password-only security system is what they call single-factor. You only need to know something. The system being adopted by SOCALMLS is a two-factor system. You need to know something, and you need to have something. In this respect it is similar to the widely-familiar security system of ATMs. You have to know something -- your pin -- and you have to have something -- the card.

However, there’s no way to swipe a card through your internet connection. The SAFEMLS employs a different technology. The item that an MLS member -- and only an MLS member -- will have is the SAFEMLS security token. This is a small, key-ring size, device that, upon each use, generates a number -- a different number every time it is used -- that occurs in an order uniquely associated with the user’s pin number. The MLS computer will know whether the correct number is being used with the pin, but no person is going to be able to figure out which number comes next. In short, even if a member gave his or her pin number to a non-member, that would not enable the non-member to access the system. He or she would also need the number-generating device. Sure, the member could give away both, but then the member wouldn’t have access.

Of course MLS members are going to lose these tokens and forget their pin numbers, just as people lose their ATM cards and forget those pin numbers. There are provisions for such eventualities, just as there are with banks and credit card companies; and, similarly, those provisions have their own security safeguards so that the system is not corrupted.

Greater MLS security means good news to a lot of people. Not so good, though, for those who have been "borrowing" passwords.

Rate this item

(0 votes)

Bob Hunt

Bob Hunt is a former director of the National Association of Realtors and is author of Ethics at Work and Real Estate the Ethical Way. A graduate of Princeton with a master's degree from UCLA in philosophy, Hunt has served as a U.S. Marine, Realtor association president in South Orange County, and director of the California Association of Realtors, and is an award-winning Realtor. Contact Bob at [email protected].

Latest from Bob Hunt

More in this category: > Menus for Real Estate Open Houses Realty Reality: Selling Hot Properties

Agent Resource

Realty Times

From buying and selling advice for consumers to money-making tips for Agents, our content, updated daily, has made Realty Times® a must-read, and see, for anyone involved in Real Estate.