An Interview conducted between CIO LOOK and Sara Statman, the Founder & CEO of the company sheds light on how IDprop allows businesses to automate workﬂows, meet regulatory requirements, improve the customer experience and generate signiﬁcant cost savings.
Below are the interview highlights:
Give us a brief overview of IDprop, its vision, and journey since inception.
IDprop provides an all-in-one, cloud-based property management solution, covering Leasing, Accounting, Invoicing, Online Payments, Arrears Management, Maintenance, Compliance, Operations, Inspections and Appraisals. The suite also includes a CRM for Lead Management and handles Vacancies, Bookings, Tenant Progression, Background Screening with Biometric Identity Veriﬁcation, E-Signing, Contracts, as well as separate Dashboards for Property Managers, Owners, Concierge, and Tenants, with useful alerts such as arrears, compliance notices, emergencies and messaging.
IDprop covers the full spectrum of Property Management: SelfStorage, Residential, Single & MultiFamily, Affordable Housing, Community Associations, Student Housing, as well as Commercial Property.
“IDprop Saves You Time And Money, Is Simple To Use Without Training And Reduces Business And Fraud-related Risks.”
Systems have multiple security layers and built-in controls for access management, permissions, and fraud risk mitigation. For example, only someone authorized may wire out funds, add a new owner/property or approve Supplier Fees. In addition to “Ease of Use” a core theme across all modules, is Fraud Risk Mitigation, which is why we were delighted to be invited to contribute to this CIO Look edition.
Please list the popular solutions/services that make your company stand out from the competition.
- Biometric Identity Screening to protect against identity fraud: This includes facial recognition, a liveness check, and authenticating identity documents
- A special 2-Factor Authentication login app that is almost hack-proof as the PIN is never transmitted or stored. It is entered onto a special keypad so even a keylogger could not detect it and should a device be lost or stolen, the login would fail after a few incorrect attempts
- This provides clients with a secure invoice portal to mitigate phishing fraud (see below)
- Multiple internal and external fraud risk mitigation techniques (see below)
- Automatically short-list and select the cheapest supplier and approve all costs before booking or invoicing.
- User-friendly dashboards with alerts, analytics, and automated communication
- Cost-effective online payments and sector-speciﬁc accounting (GL, AP, AR & Trial Balance)
As the Founder & CEO, where in your opinion are organizations most susceptible to internal and external fraud risk, and what solutions have you implemented?
In Property Management internal fraud may occur if an employee, without restricted access, adds fake properties, with fake tenants, sets up fake accounts or shell companies as owner, and uses this to wire out funds.
Another key area relates to third-party suppliers charging outsized hourly or ﬁxed fees, or applying excessive mark-ups for equipment or spare parts. How might these bids be accepted? A property manager could be bribed or coerced into selecting higher bids and taking a cut of excess proﬁts.
These kinds of risks are present across industries, in particular when large cash-ﬂows are at stake and are often committed by mid-level employees with sufﬁcient knowledge of systems and processes.
At the tenant screening stage, should fake identities pass, all screening would be meaningless, while realtors and landlords would have no way of identifying the real tenant. The property could be used in subletting scams where evictions are much harder. It may be stripped bare or let to illegal immigrants, with each scenario causing legal headaches. The safest way to mitigate these risks is through Biometric Identity Veriﬁcation using a liveness check, facial recognition and authenticating ofﬁcial documents – only then will employment, credit and criminal checks relate to the real tenant.
Id prop implemented multiple fraud controls in its maintenance solution. First only someone senior and authorized can approve: a) Suppliers being added to the portal b) Min to max ﬁxed-rates and daily/evening/weekend fees c) Quotes for ﬁxed-rate jobs and spare parts. Next, when a job is required, the system only displays the 3 lowest cost suppliers covering the repair type and location. Bookings are automated and by requiring tenant feedback, this adds in a further layer of control, to ensure the job took place.
To protect against fake properties being added, or to approve an owner, building or property, being added, multiple checks are in place and only someone authorized may add these to the system. To mitigate wire fraud in general, it is essential that only certain staff with authorization have access to approve and pay invoices. Our systems include such controls. But regardless of sector, very similar controls should be in place and where possible these should be automated.
Phishing Fraud is an increasing problem. Let me share a true story. A respected builder visited a client and gave a verbal quote, which was accepted. However, the builder’s system had been hacked. The hacker knew the client’s name, address, email, and price – emailed the client a fake invoice with the builder’s name and logo but the hacker’s bank details – the client paid and was left out of pocket.
Email is not a secure form of communication and should not be used to send out invoices. IDprop’s secure login means all invoices inside the portal originate from the real vendor. We will soon be launching IDpay as a secure portal for all sectors to send and receive invoices and arrange secure payments.
The current pandemic certainly pushed many businesses to increase their online foothold, which means an even greater reliance on cloud solutions, online operations, and payments. Client identiﬁcation is also moving from in-person to online, all of which require new tools and security systems.
However, this must be placed in perspective. Ten or twenty years ago, HR Departments would typically hold a copy of staff passports, in their local systems. If those systems did not encrypt data and were hacked, that data would probably have been stolen. This is no different from today, regardless of using in-house vs. cloud-based solutions.
Whether developed in-house or purchased from a third-party, businesses should ensure they consider how fraudsters may attack their business and incorporate suitable measures to protect their data and business as a whole.