Home is sometimes where the fraud is, as criminals often consider purchasing properties or making rental payments to launder ill-gotten gains. It is estimated that real estate money laundering costs $1.6 trillion worldwide each year, representing a major challenge for home purchasing, rental and mortgage companies that must detect bad actors without creating friction for legitimate customers.
Companies like the real estate platform Zillow are working hard to juggle tight anti-money laundering (AML) and know your customer (KYC) security with easy onboarding, knowing if that if it is successful, it will secure a reputation as a safe and convenient site for customers. Justin Farris, the company’s director of product development, recently spoke with PYMNTS about the money laundering and fraud threats facing the industry, the variety of attacks that rental and home sale platforms must prepare for and how Zillow aims to stop crime without deterring honest customers.
The Face Of Digital Real Estate Fraud
Bad actors abuse home purchasing and rental transactions in myriad ways. Common attacks include structuring schemes, where criminals obscure large sums of stolen funds’ origins by dividing them into many smaller real estate investments, Farris explained.
Other real estate scams see fraudsters purchasing properties, providing some of their illicitly obtained money to third parties and then having those parties pass the funds back — often in exchange for a share — through rental payments on the property. Criminals can then present sources for their newfound incomes that look legitimate. Real estate companies are also required to check that all rental or home purchasing funds are not transferred from countries on the United States’ sanctions list.
“We review the source of all funds that are sought to be used in a mortgage transaction, not just to detect money laundering, but also to deter the financing of terrorist activities,” Farris said.
Digital real estate platforms must be vigilant against not only signs of money laundering and terrorist financing, but also cyberattacks. It is critical that platforms protect themselves against phishing and malware, Farris said. Defending against such threats means encrypting sensitive data both in storage and transit, applying multi-factor authentication (MFA), using penetration testing, accessing continual attack monitoring and more.
Ramping Up Protections
Customers looking to quickly search for rental or home purchases on real estate listing platforms may not have much patience for lengthy AML, counterterrorist financing (CTF) and KYC checks, despite their ever-growing desires for enhanced security. Busy would-be buyers and renters often just want to complete their activities with minimal hassle.
Farris said that the trick to keeping security processes as painless as possible is for companies to not get ahead of themselves. They need to be aware of just how much authentication they need from customers at each point to avoid asking users to undergo too much too soon, he added.
Consumers who search on Zillow and ultimately find homes they want to buy may turn to the platform for mortgages as well. Mortgage procedures require firms to impose more rigorous authentication steps to verify the individuals, assets and incomes involved, but such information is not needed when customers start their searches. Zillow does not know which customers will end up needing mortgages and seeks to keep onboarding as simple as possible. It ramps up security only as users progress to more sensitive activities.
“We believe in only asking users to disclose key information when it’s necessary,” Farris said.“To browse, most users just need an email and password along with a few key shopping details. ... As a customer gets more serious, they will be asked to disclose more information and, toward the end of the process — [whether the user is] buying, selling or both — [the] user is connected with a real estate agent or a Zillow Group employee.”
Opening The Door To Strangers — But Not Fraudsters
New features generate security challenges for real estate companies. Zillow’s ongoing pilot of a self-serve home tour app means the company has to be ready to bring remote verification efforts from the website to the front door. Its Self Tour service enables prospective homebuyers to visit Zillow-owned properties without scheduling tours in advance, provides directions and unlocks front doors. Letting strangers wander a building is not without risks, however, and Zillow must feel confident that users will be safe while in the property and not create problems for future visitors.
“We verify the ID of anyone entering the home before unlocking the door, both for their protection and for all the customers that follow them,” Farris said.
The company places motion sensors in the homes to monitor for unexpected activity and Zillow staff can shut down tours and inspect the site should anything suspicious be detected.
Farris also said that Zillow must verify the identities of anyone entering or exiting the property. The company requires app users to provide phone numbers, home addresses and other key details that it verifies through its own resources as well as third-party services. The system also connects tricky-to-validate users with customer service representatives who can help complete the authentication, he added.
Today’s consumers want everything — including home purchasing and renting — to be as fast and seamless as possible, but that ease cannot come at the expense of safety. The real estate market is a key target for money launderers, and companies that adopt digital services to make property searches and transactions more convenient must implement additional security, AML, CTF and KYC efforts. Platforms will avoid helping criminals if such initiatives come together, and buyers and renters will be able to have peace of mind.