While home-buying I was bombarded with dozens of introductions to strangers asking me to wire large sums of money and share sensitive personal information, typically via email. The emails themselves were suspicious – from dubious domains, lacking signatures – few if any signals to trust the individual.
To establish trust I asked them to Facetime and share IDs mutually, but they balked. I've tried this before and people are generally reluctant. Asking for a mutual phone call with a trusted person was also met with suspicion.
Ultimately, I met the escrow agents and sellers face-to-face at their business to collect business cards and transfer information. There's still no better authentication than meeting a person at their place of business: they have business cards, an office, co-workers – half a dozen signals to verify identity.
Despite the high incidence of wire fraud and identity theft, authentication protocols are all one-sided. Customers require credentials but there's no way to authenticate the business agents. This goes beyond banking to include healthcare, utilities, credit bureaus, the tax industry – any business relationship that shares sensitive or personal info.
So, how do you go about establishing trust with strangers in order to share sensitive information or transfer money? What process and / or tech do you use to identify & trust the other side of the transaction?
My Proposal :
On the social side, we need to improve the culture of verifying identity to encourage a mutual process. Both sides need to share IDs and proofs of identity for any transaction to be sound.
As for technology, we need better systems to empower customers to validate the authenticity of agents, including one-time tokens and business verification. A system like "The Work Number", used for employee verification, could be effective to validate business agents without compromising them. These systems need to be stable over legacy channels like phone, fax, wire transfers, paper checks & email – systems that will remain for 30+ years.
As software engineers we need to establish trust mutually and give more attention to the business-side of the trust relationship.
You should invest a lot of effort establishing trust when buying a house. Get the seller's details from someone who is not involved in the transaction then visit the seller in person, check their ID and take photos with them. Get the details of everyone involved in the chain from that person.
In the UK someone tried to sell me a house that they didn't own. Luckily I worked out that it was a fraudulent sale before transferring significant sums of money. I did out-of-band identity verification by getting the real owners details from two neighbors, then calling up the letting agent who was managing the property. The letting agent was not aware that the property was listed for sale.
After the dust settled I attempted to recover some of my costs. According to my lawyer when the seller is committing fraud the buyer is liable for the mortgage, and usually the buyer never gets any money back. Normally the buyer declares bankruptcy. Basically all of the professionals involved have to show that they took reasonable steps to verify the seller's identity. The buck gets passed all the way to the fraudster who is usually long gone.
Whenever I tell people this story they usually struggle to believe that the buyer ends up bankrupt, but the buyer does normally go bankrupt.
Moral of the story is that your gut is telling you to do the right thing. If the seller won't spend 5 min to take a selfie then buy another house. You are responsible for verifying the identity of everyone in the chain.Reply
> Both sides need to share IDs and proofs of identity for any transaction to be sound.
I like this idea but:
> validate business agents without compromising them.
What is the value here? Legally conducted business has no need for this.Reply
Do not respond to any email you are not expecting. This is a common scam when people are buying a house and your agents should have warned you about this. You always need to get contact info from the appropriate people offline and call them with the info they gave you to verify.Reply
Your scenario sounds sketchy - you typically only need share info in order to transfer money and handle transactions like this once. You do it at the closing which is typically held at a title company's office, and handle it all at once with everyone present, including notaries. Even when done remotely, the title company handles it. While there is certainly much room for improving how real estate transactions work, the closing and the title company is not the place to ad-lib some new solution.
In general, that carries to other types of secure transactions as well - we have systems in place that handle the trust concerns. Use them, don't re-invent the wheel.Reply
"So, how do you go about establishing trust with strangers in order to share sensitive information or transfer money?"
You don't. You make it so they are no longer strangers by identifying them. Buying a house? Get an agent, broker, and/or company that is licensed. Finance through your credit union. Etc. Nobody is participating in high-risk transactions as a professional without a company/license. Most jurisdictions simply don't allow it.Reply