Feb. 26, 2009 - Setting standards

Today I received a press release from a real estate software vendor indicating that they continue to "to set the standard in SSO technology". This vendor has a penchant for braggadocio, and this claim is one of many that they have made in the area of standards setting that just irks me.

Let's clarify who actually sets the SSO standard: The SAML standard, used to facilitate SSO (Single Sign-On), is lead by the OASIS standards group (http://www.oasis-open.org/). They have been the ones that set the standard starting in 2001. The real estate software vendor had nothing to do with it.

Later in the press release, the vendor indicated that they have "been leading the charge on this open standard for the real estate industry since early 2007". Since Clareity Consulting initiated the discussion of SSO and SAML in its white paper, "The Convenience and Security of Single Sign-On" (http://www.callclareity.com/SingleSignOn.cfm) in August of 2005, was the company that gathered numerous vendors in meetings in 2005 and 2006 to agree to use the SAML standard for real estate application SSO in the first place, created the reference implementation that most if not all of the vendors are coordinated around, and hosted additional meetings at conventions for vendors to discuss implementation, it might possibly be more accurate to say that Clareity Consulting has been leading the charge on this open standard.

What this vendor has done is to implement the SAML standard. Just like other vendors are doing - quietly.

To sum up: implementing a standard is not the same as setting a standard. One vendor does not set an open standard anyway - it's something that is done cooperatively.

Feb. 25, 2009 - I could write a book about RETS

I think there's a lot more information needed out there for the RETS standard. We need something like an O'Reilly book for all the real estate application developers. I think the biggest problem with RETS education today is when an MLS executive says "Sure, let's go all RETS" and every broker tech, consultant and local vendor throws their hands up in frustration after going to rets.org and finding little to support the steep RETS learning curve.

How do we get this book written? I'm not sure - books take a lot of time and money to write - I don't think I'm up to the task myself.

Feb. 23, 2009 - Consumer search and the MLS

I’ve been looking at some of the “next generation” of consumer real estate search – beyond “natural language” search – this search includes commute time to jobs, cost of living preferences (insurance, entertainment, housing, utilities, etc.), distance to amenities (parks, grocery store, gyms, golf, airport, etc.), school information  and performance, crime/safety information, and other demographics (own/rent, age, occupation type, education, income, family size), neighborhood and property foreclosure information, as well as all the traditionally searchable MLS fields. Consumer sites are also starting to get more sophisticated about suggesting homes that are similar to others the consumer has displayed an interest in and ordering the search results on relevance to all of the aforementioned lifestyle and demographic criteria and weighting as indicated by the consumer.

In contrast, MLS is still mostly focused on searching and displaying the listing characteristics, and prospect searches are often displayed in order of price rather than on the more complicated criteria that consumers use to select neighborhoods and homes. I reflected on this limitation to some degree in my earlier blog post, “ Improving Prospecting Part 2 - Gesture and Intent and Beyond

Now, imagine the consumer goes through the effort of outlining their lifestyle and other non-listing-characteristic criteria on a web site and are presented with the carefully selected listings that match both their property characteristic criteria as well as all those other parameters. When they go to the real estate professional, that professional  has no way of inputting any of that into their MLS for search – let alone having a way (say, via RETS) to have all of that preference information flow automatically into the MLS from the consumer’s search site(s) to generate a search for their new prospect.

MLSs can’t get complacent about new property search capabilities and leave them to consumer oriented websites alone to implement. As I’ve described above, there’s a relationship between consumer search and professional search that will necessitate, at the very least, following in the use of these capabilities and implementing the means for consumer preference data to flow from system to system.  Or even better, real estate professional IT systems can lead those accessed by the consumer, allowing the professional to provide the consumer with additional professional-grade information and interpretation that helps maintain the real estate professional’s  value.

Feb. 16, 2009 - Cost Savings for MLSs (number 19 of 21)

In advance of Clareity Consulting's sold out MLS Executive Workshop I asked MLS executives from around the country how they have either cut costs while maintaining the same level of service or kept costs the same while increasing the level of service they provided.

I received twenty-one great ideas that will be shared during the Workshop, and I'm sure others will come up during the Workshop itself.

One idea that I'm looking forward to discussing is 'unbundling' products and services to reduce costs to those that don't utilize much service.  I can see how this could reduce the cost for some people to belong to their local/regional MLS, especially those who cut back to the absolute basic MLS package. But I believe that the subscribers that would do this are doing wrong by both their industry and consumers by decreasing their own use of the information tools that  enhance their professionalism.  The whole industry can be painted with the broad brush of unprofessionalism based on the actions of these subscribers. Further, this decreases the buying power of the MLS for providing those professional-grade  tools that the subscribers need now more than ever to show value to the consumer.

I can see where unbundling makes sense - it seems logical that people should only pay for those resources they use - but I have those more strategic concerns. I am really looking foward to  the Workshop!  

Feb. 9, 2009 - Facebook: a real estate industry explosion

Lately, it seems like everyone I know has moved to Facebook - especially real estate industry colleagues. I like Facebook very much - it's one of the better social networking sites on the 'net, with all the best parts of Twitter, LiveJournal, Blogger and other social networking sites built into it.

That said, all of the user-built applications that want to access my profile make me a bit nervous. I generally counsel friends not to accept these application requests and ask that they please not send them to me. I also suggest people read the following article:

10 Privacy Settings Every Facebook User Should Know

http://www.allfacebook.com/2009/02/facebook-privacy/

Feb. 2, 2009 - NAR and PCI Compliance

According to a letter sent to MLSs and associations by NAR, "When associations use the Realtor Ecommerce Network, the burden of meeting the PCI security standards falls on NAR, the merchant, rather than the associations." This is incorrect and puts these organizations at risk.

For those not familiar with PCI compliance, If your organization accepts credit cards, there is a set of rules you need to be aware of called “PCI Data Security Standards”. PCI stands for “Payment Card Industry” and includes the five major credit card companies. These companies have all agreed that any company that stores, processes or transmits credit card or debit card data must comply with a rigorous set of information security guidelines.  By the end of 2007, any organization that accepts payment card transactions was supposed to be in compliance with the standards – and if not, the credit card companies (or the bank through which the cards are processed) could assess fines on non-compliant companies and even disallow further credit card transactions until PCI Data Security Standards compliance has been achieved.

To clarify this issue, I quote from the PCI Security Standards Council (https://www.pcisecuritystandards.org/) site: "Does PCI DSS apply to merchants who use payment gateways to process transactions on their behalf, and thus never store, process or transmit cardholder data? PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted."

The key words here are "processed or transmitted". Let's say I had a web site that sold widgets and I linked out to Paypal when people checked out on my site. To be clear, when the user input their credit card information, the URL in their web browser said "http://www.paypal.com" and no portion of the checkout process involving the credit card involved my web site. In that scenario, my web site has nothing to do with the credit card information - the information is never input on my web site, processed or transmitted from my web site - everything happens at Paypal - so they are the only one that needs to be PCI compliant. If, for example, NAR were to fully host and audit the association management systems AND other credit card systems where credit card information is processed and transmitted, then they could be solely responsible for PCI compliance - just like the Paypal example. However, MLSs and Associations take credit cards often on paper or via email (electronic fax), via point of sale devices, and allow for the input/processing and transmission of the credit card information via a system that is located on their local area network. Therefore, it is the responsibility of such MLSs and Associations to attain their own PCI compliance.

PCI compliance is not easy to attain and maintain, but it's just part of doing business within the rules. My company, Clareity Consulting is working with a number of MLSs and Associations to help them attain PCI compliance - and our sister company, Clareity Security is the exclusive real estate industry reseller of McAfee Secure, which provides ongoing vulnerability scans required to fulfill the PCI requirements.

If you have management responsibility for such an organization and don't have your PCI compliance documentation in order, you may wish to consider moving forward on that quickly in 2009.