The perils of electronic banking in real estate

A day like any other, except ...

'A billion here, a billion there, pretty some soon you're talking real money.' So we were reminded by the sage and cynical Senator Everett Dirkson who wryly depicted the future of government spending.

Although the billions of dollars that get electronically transferred every minute of every day through the American and International banking systems somehow doesn't look and feel like real money, it is indeed real money.

While paper checks and signed credit card charges presumed some measure of protection, electronic banking today has exposed your money more than ever before.

Alarmingly, anyone can right now, today, reach into almost any bank account, pull money out electronically, and, in the short run anyway, get away with it.

Imagine hearing one sunny morning on CNN that the unusual number of transfer errors reported the previous day from three mid-western banks were suddenly appearing in significant numbers in other banks across the country and that the Feds had to temporarily freeze all accounts, at least until the local banking systems could sort out the millions of rogue transactions that inexplicably went awry in the system.

It will be a day like any other day. Except you won't be able to give or get any money. How could this happen?

The casual, rapid expansion of these new electronic transactions is making the speed, interdependence, and exposure at which the current system operates a very real threat.

Beyond individual account problems, danger lies in the potential of the system to become flooded, purposely or accidentally, with massive numbers of bogus or erroneous transactions and to overwhelm systems that are not fully protected from such events.

It can happen by simple human error or it can happen by ill intent. If a large utility or mortgage company that has common access to their customers' accounts makes a mistake and reposts their monthly debits, the first few hundred millions of demands could be released over the dam in a moment.

Or if a malicious or adventure-hungry hacker feels it would be entertaining to post several million bogus charges into the ACH system through an unwary vendor's debit or credit system, they could create a financial firestorm that might only be stopped by letting it burn out.

As in high school physics, that first mouse trap to send the first ping-pong ball triggers an exponential reaction. In hindsight, we'll realize how visible and obvious the threat was.

"But I though I was secure! My bank account says 'protected by SuperCheck'. Everybody thinks they're protected. How could such a thing ever happen?

It can happen because many banking systems are predominately reactive and not pro-active. In simple terms, they'll honor a check or electronic demand until they find out they shouldn't have.

With surprisingly minimal authentication, they'll routinely process through the debit demands of those taking the money out electronically until they are proven to be bogus.

Two-party registration, authentication, and validation of each such electronic trade before any payment is processed are the primary ingredients in preventing such errors.

Specialized industry services, such as Bedrock Exchange of New York, serve as 'trading agent' to pre-process all electronic trades for its subscribers. Engineered specifically for the New York area Property Management and Services Industry, Bedrock serves as its members' electronic trading center who hold 'Seats' on the Exchange.

By establishing strictly enforced, programmatic authentication procedures between the 'trading partners' Bedrock assures both parties that each and every such transaction is valid before payments or collections are executed.

To deliver such tight controls, Bedrock has engaged many system features considered too costly by most software companies.

Most business systems provide only for the immediate updating of checking and similar master control records on the specific day or hour they need to occur, bypassing any advance tests of highly critical bank account number and other changes.

Through Date Effective processing, Bedrock trading partners can submit, acknowledge, and pre-test such transactions well in advance of their intended commencement date. Once proven all the control records are locked down against any changes and may only be suspended or terminated by either party through the Exchange.

Without Date Effective type processing, users must place a flurry of yellow 'D-Day' sticky's on their workstation, then stay late or remember to come in early on that date, and hope they get all the account numbers entered correctly.

It's almost comical in its sloppiness were it not such a common and serious flaw.

Effective Date control is further fortified by tracking each and every data change under the Bedrock 'Change Versioning' technique. Bedrock banking records cannot be changed but may only be replaced by newer, mutually authorized replacement versions, and providing a detailed history of who, what, when, and how was data changed in the trade relationship.

Like checks that are numbered sequentially, each and every change or transaction posted by a user in both the Bedrock System is issued a consecutive user sequence number. This 'Event Sequencing' feature permits the tracing of each and every user's activity in the system.

The good news is there are many thousands of concerned and capable people working to tighten up these systems at the banking and software level, but it is clear that electronic payment systems still have many flaws and exposures. And for E-Commerce to be safe and sound, it must be flawless.

Importantly, such fraud can be prevented in your own business. While you can't change the rest of the world's system, you can help protect your money and your own business by demanding and deploying these techniques from banks and system resources that are alert to these issues.

BRIAN MURRAY, PRESIDENT, BEDROCK INTELLECTUAL PROPERTIES

COPYRIGHT 2005 Hagedorn Publication
COPYRIGHT 2005 Gale Group