A few months ago the Staten Island Board of Directors approved a recommendation by the SIMLS Board of Governors to implement a security initiative designed to provide optimum protection for valuable MLS and customer data.  Our reliance on usernames and passwords as the sole form of user authentication is no longer an option.  With the advent of easy-to-use web-based systems, password sharing with unauthorized individuals has become widespread.  Whether these passwords are used by non-members who fail to pay their fair share, or unauthorized data pirates, the simple truth is that the MLS is no longer a members-only system.

Sandy Krueger, SIBOR CEO, described a conversation he had with a broker on December 30^th.  “She called me to tell me about a discussion she had overheard between two ladies in a local supermarket.  The discussion went something like this:”

Lady #1:  “When are you moving into your new home?”

Lady #2:  “We should be moving sometime in January.  The mortgage issues have finally been resolved.”

Lady #1:  “Who did use to find the new house?”

Lady #2:  “Oh, I have a good friend who is a Realtor.  She isn’t very active in the business, so she let me use her password to get into the Staten Island MLS.  I found the home on the computer, called up the seller and worked out a private deal!”

Sandy Krueger added, “The broker who was relaying the message was getting more agitated as she got closer to the end of the story.  “That lady is stealing from me and every other Realtor on Staten Island!”  She said.  And she is absolutely right.  But I wonder who she should be more angry with; the lady who bought the house or the agent who gave her a password into our MLS system?  Regardless of the answer, we need to close the security hole in the MLS.  That’s where the SafeMLS system comes in.  But protecting Realtor earnings is not the only reason to implement a more secure MLS authentication system.”

Controlling access to the MLS is now more critical than ever, since it is no longer just listing information at stake.  MLS systems now include a host of contact management applications that store personal information about clients and prospects.  With transaction management system’s adoption on the rise, access to the MLS now provides open access to a whole new world of sensitive property and personal financial information.  Members of SIBOR have an ethical obligation to protect the personal information of their customers and clients.  It is only a matter of time before members may also be legally obligated to protect this information.

In order to deal with the inherent weaknesses in our current password-based login authentication system and to provide a greater level of protection for listing, consumer and financial information, SIBOR will implement a security process known as “strong authentication.”   In reality, we are all familiar with “strong authentication”.  A common example of strong authentication is an ATM or bank card. Such cards are called ‘tokens’ in information technology security parlance.  Tokens require something you have (your card), and something you know (your PIN).  “Strong authentication” eliminates password risks by providing multi-factor (more than one level) authentication.  Best of all, “strong authentication” is not new behavior for our members, as we can all relate to the ATM card example.   In addition, the MLS electronic lockbox system is another form of “strong authentication” as it operates on something you have (your lockbox key) and something you know (your PIN code).

During the week of February 20^th, SIBOR  will begin phased implementation of the SAFEMLS product in partnership with Clareity Security and Secure Computing.  Each user of our MLS system will receive a SAFEMLS™ token with instructions on self-registration and details on using the token. 

SAFEMLS™ Silver 2000

In a convenient key-fob package, SAFEMLS™ tokens generate one-time passwords with the simple touch of a button. These passwords can be used once, ensuring secure access.

Once fully implemented, users who wish to access the MLS system will type in their user name, push the gray token button, and enter the password that the token displays (and a PIN code for extra security).  It’s simple, fast and painless.  Once a password is used, it cannot be used to log in again; thus significantly reducing the risk of shared passwords.

SIBOR wants to assure each of our members that we are working to protect the valuable data and information in the MLS.  More information on the SAFEMLS™ product will be provided to each of our members in the coming weeks.  In the meantime, members can learn more about MLS security at www.safemls.com.