Hey Peter! Can you tell me a bit about yourself, and CertifID?
I’m happy to! I’m Peter Marsh, Head of Security, Compliance, and IT at CertifID. CertifID is on a mission to eliminate wire fraud in real estate transactions. Born out of firsthand experience with fraud (our co-founder was hit by a fraud incident), CertifID is the only company dedicated to protecting the real estate industry through identity verification SaaS platform, insurance coverage, and proven recovery services. By ensuring secure and insured wire transfers, CertifID has helped prevent fraud amounting to $80 million in just the past year.
Being one of Aikido’s very first customers, how did you find us?
We were about to renew our contract with our previous solution, but we weren't a fan of their offering anymore (being too pricey and serving up many false positives). Aikido was much easier to deal with, served a lot less false positives, and included plenty of context on how to fix them.
Honestly, we stumbled upon Aikido by chance. We were about to renew our contract with our previous solution, but we weren't a fan of their offering anymore (being too pricey and serving up many false positives). Then, I wondered if there were any good alternatives available and researched competitors to our previous solution. This is how we found Aikido - it was listed as one of the alternatives.
I did a quick demo using a GitHub repository and noticed the product was much easier to deal with, served a lot less false positives, and included plenty of context on how to fix them.
"Prior to Aikido, security was such a drain. Our previous solution let us chase too many false positives and was difficult to navigate through."
Recently, CertifID acquired Paymints.io to facilitate real estate transactions. Did this put more scrutiny on your security posture?
Absolutely. Acquiring Paymints.io came with additional security concerns, because when a US-based company handles financial transactions you need to meet strict compliance requirements, including anti-money laundering (AML) and GDPR or HIPAA. Of course, many other countries require this too. It's safe to say the US and Europe operate in a similar fashion: in the US, you have national laws, but also stateside differences (eg. New York vs. California). The European equivalent would be European rules vs regulations per European Member State.
As a company, our main product is building in verification of identity in wire transfer systems, and insuring transactions up and until certain amounts. Historically, wire payments are old, archaic processes where you'd normally just need an account number and routing number to get a payment done – which is very prone to fraud. On a bad day, anyone can simply walk into a bank with those 2 numbers and get cash withdrawals done without further authorization needed.
Bringing it together, how can security solutions like Aikido help mitigate (virtual) fraud risk?
In a virtual setting, fraud can happen numerous ways. Most common ways this happens is through email compromises, domain squatting... These are being facilitated by criminal actors (usually organized groups of multiple people with proper resources) to commit fraud. They try to gain control of the system, or to modify it in their favor.
Aikido plays a central role in ensuring the transactions going through our system are handled safely. When I see vulnerabilities come in, I know they're worth looking into and I can work together with my team to resolve them quickly. Luckily, the whole team is security-minded given the industry we're in. And the good news? Last year, CertifID prevented 80M dollars from being sent to fraudulent contacts!
How do you typically decide on adding new technologies to your stack?
One of the things I look for in new tooling: can it integrate in a current day-to-day? It was great to see how Aikido fit right in, no modifications needed.
It was great to see how Aikido fit right in Github, Jira, and our compliance system, no modifications needed. Aikido's dashboard helps us report on SLAs and execute on fixes timely.
To elaborate: Aikido’s seamlessly embedded in our workflow by integrating with Github (for code scanning), Jira (both for PR reviews and tickets in case no autofixes are suggested), and our compliance system (providing SOC2 evidence). Prior to Aikido, we didn’t have good data to report on (yet). Now, the dashboard helps us report on SLAs and the ability to execute on fixes in a timely manner.
How does Aikido compare to your old security software?
- Aikido bundles different vulnerability detection and remediation options (3rd party scanning, 1st party code, container, cloud configuration…) into one intuitive solution. Our previous solution, in comparison, had different packages, each priced differently.
- Drastically reduced false positives
- Clear data visualization through the Aikido dashboard
- The integration with Secure Code Warrior, providing context and guidance for issue resolution
"One of the big reasons we went with Aikido is the close collaboration and partnership since day one. It’s great to see a fellow fast-growing company always improving the product and keeping communication lines open."
What’s your favorite feature?
The AI Autofix functionality (which, by the way, became even cooler with 1st party code).
Features aside, one of the big reasons we went with Aikido is the close collaboration and partnership since day one. It’s great to see a fellow fast growing company always improving the product and keeping communication lines open.