Steven L. Johnson

In the past retailers, payment processors, and credit card companies clearly were not doing enough to keep our sensitive financial information secure. When I would travel to Europe I would always be asked to supply my PIN number with my card. I would always have to remind the server that that wasn’t necessary as I had “an American” card and wasn’t burdened by that extra inconvenience. Now I realize that that extra inconvenience could possible save me the hassle of getting my card information stolen due to the vulnerabilities of a magnetic strip. Retailers, payment processors and credit card companies should mandate the strictest means of securing data and not be only reactive when something goes wrong. A six sigma approach must be instituted in a way that commerce isn’t significantly affected. I have noticed that since the target breach that my credit card company is more responsive to behaviors that do not fit my profile which I appreciate. The story in the article we read make me sick when I see that Target had clear warning of the impending attack and sat back and didn’t do anything. There must be strict guidelines institutes so security officers in companies can’t choose when to react but have to follow quide lines and protocols when threats are suggested. This is similar to the FAA when any aberration is noted in their checklists. Clearly advances in technology have made it easier to commit fraud. This also has spawned growing industries in fraud prevention which can significantly safeguard the consumer community. Today all computer systems, cell phones, iPad should have up to date security systems that are updated real time to protect consumers that know nothing of spyware etc. Just as one of the articles noted that training the human element is the key to the prevention of data theft, the government and manufacturers of any instrument that transmits data must constantly be surveying the marketplace and ensuring the safety of consumer information through more sophisticated installed security operating systems and credit cards.

The advances in technology have made it easier for criminals to commit fraud such phishing scams, targeted personal data thief with social engineering, and major credit card thefts such the Target case. However, advances in technology are also giving the consumer ways to keep their money safer. For example, the embedded chips in credit cards are becoming more prevalent in the U.S. Credit cards with embedded chips are harder to counterfeit. Another example of a technology to help consumer keep their money safer is the ApplePay payment system which uses a combination of security measures that include an encrypted single use dynamic code for each purchase and Touch ID. More information on ApplePay can be found at Apple’s site. (https://www.apple.com/apple-pay)

I have not traveled to Europe but it is my understanding that retailers there have been rapidly adopted the capability to accept payment cards with chip technology. Here in the U.S. we have banks and card companies issuing cards with the chip technology, but very few retailers are updating their point of sale terminals to accept the new cards. In this regard I do not think retailers, card companies, and banks are doing enough. If there is a more secure technology that will better protect the consumer, then the FTC or other government agency needs to step in to push the industry to increase adoption.

I think card security will increase as the US payments industry continues to progress through the transition to EMV (Europay, Mastercard & Visa) technology. These are cards with computer chips mentioned in some of the posts versus magnetic stripes. The information contained on the magnetic stripe doesn’t change so it’s more susceptible to fraud and can be used repetitively but the chip creates a unique transaction code that can’t be used again. Europe has adopted EMV cards (they use a combination of chip and strip together) and has seen dramatic reductions in fraud and data breaches (maybe the criminals are just going to the US where it’s easier?). In the US, I have seen estimates that approximately 70% of credit cards and 40% of debit cards will support EMV by the end of 2015. EMV won’t prevent data breaches from occurring but the technology will make it harder for criminals, and significantly reduce the profit from what they steal. It should also provide greater protection to consumers against fraud.

At the present time, I don’t think retailers and credit companies have done enough to keep financial information secure. However, with the recent hacks at Target, JP Morgan and Anthem, companies are now starting to pay attention to cyber crime and security. By hiring FireEye to monitor its systems, Target was trying to prove to its consumers that it was actively defending against cyber-crimes. However, when reports came out that on Nov. 30 and Dec. 2nd, FireEye alerted Target headquarters about possible breaches. Target did nothing. Actually, they turned off the system. They also were alerted by Symantec and let the warnings pass. The defense system that Target had was just an illusion for the rest of us to think we were safe and for Target to feel like they were doing a good job. When an alert occurs, companies should look into alerts and see why it’s occurring. We can’t explain why they didn’t act, but we can help other companies prevent the same occurring in the future. Companies should be vigilant with their cyber defense systems. Systems like the VA don’t allow users to stick anything on the USB drives. They also monitor user websites. This prevents the US government from getting hacked. More than a decade ago, before the internet, we had robbers who would steal money from banks and stores at gun point. This kind of stealing happened for centuries. Now, with the invention of computers, thieves have become smart and have changed the way they do business. They now steal through computers. Google spends millions of dollars by hiring hackers to help them defend against potential threats. Maybe companies should hire cyber security firms to monitor any suspicious activities and to help look for potential threat. In the commentary response by Peter Stephenson, for “When Hackers Turn to Blackmail,” I agree with Stephenson’s response about hiring security consultants. It may be one of the few times in which outsourcing or hiring your own security consultants is worth the price of potential future loss of data.

Unfortunately, I think fraud is a cost of doing business as we continually progress towards a cashless transaction based society. I’ve spoken at length about this topic with a family member that works for a cyber theft prevention company and we’ve concluded that until a new system is implemented at retail chains nation, fraud will continue to be a major issue. The banking system needs to lead the way and we need to find a better transaction system than the magnetic strip debit or credit card. As mentioned above by many comments, the next logical step for the U.S. is to mandate the chip enabled cards. This will be an advancement, but in my opinion will not solve the answer as the hackers will always find a way to breakthrough technological barriers. I’ve personally been hacked three times within the last three months, and every time my money has been reimbursed by the bank. I think the banks will need to lead the way in innovating new ways to pay, to protect themselves and their clients.

Retailers, payment processors and credit card companies are not doing enough to keep our financial information secure. From my perspective, improvements need to be made across the board, because I am certain that we have not seen the last high profile attack. Many of the systems that work together to actually make a transaction happen from the POS through to the systems that host various accounts are based on archaic technology. Whether it’s the magnetic strip or Windows XP or the green screen terminal, some technologies just die hard. The question with these technologies is not “are they secure?”, they have all been proven to not be secure. The question is when will somebody exploit them and how much will it cost everyone affected in damages?

On the one hand, I think that technology has made it more difficult to commit fraud; but on the other hand, I think it is easier to commit widespread fraud if a hacker is successful. In the articles, the human errors seem to have caused the problems, not the actual technology. The technology actually notified the companies of potential security breaches that could have been avoided. As long as individuals do not create weak passwords and companies react properly to security warnings, I think the information should remain safe. I actually had my credit card information stolen two different times. In both instances, Capital One notified me and canceled the fraudulent transactions before I even found out about them. They sent me a new card within a few business days. Their quick reaction to security breaches surely saved me a lot of time and hassle. But when the companies fail to react, as seen in the Target article, the damage could be much more substantial due to technology where in the one Target attack about 40 million credit card numbers were stolen. Although the breach came down to human error, without technology, this widespread damage would not have been possible in such a short amount of time.

While I think there will always be a certain level of fraud that will be unavoidable, I do think that companies could be doing more to protect against it. The problem that I see is that this kind of thing is almost always nowhere near their wheelhouse, and they rely on outside contractors to provide protection. A company like Target can afford a reputable firm like FireEye, but really it gets left in their hands. For other smaller companies, to effectively mitigate risk may end up breaking the bank. I think what I’m trying to get at is that all of these companies, big or small, are more so experts on the business they conduct rather than something as obscure as cyber security. So they’ll try to buy the best or most reasonable services they can, but that might not always be enough. Heck, I imagine some install virus protection and figure they’ll roll the dice and hope that’ll suffice. It seems to me that Target got themselves a good company that actually did do what it was supposed to. They just had issues with what Mr. Olavsrud discussed with monitoring the human element. And this is where I think there will always be a problem. As I said, management is predominantly going to focus on their primary business function, and so will general employees. Cyber security is very complex and complicated to most common individuals, so even the most amounts of training are likely to go over their heads. It’s hard for me to expect that those that aren’t experts are going to be locked tight on doing their part. So until the systems become more and more impenetrable, I really do think that it may just be part of modern commerce to run that risk.

I’m not very knowledgeable on information security and can only assume that reputable companies are at least doing what they are required to keep financial information secure. A retailer cannot guarantee that their infrastructure could never be compromised even if they exceed compliance expectations as illustrated in our reading about Target. Fraud is an obvious risk based on the nature of business transactions in today’s world.

Are advances in technology making more or less likely for fraud. I believe you can ask this question every month and get a different response. We can probably compare it to escalation with weapons and body armor. Every time someone invents a more deadly weapon another person invents a method to defend against it. Every time we think we are safe behind our new armor another person invents a new weapon, and so on. This is the way of the world to be constantly outdoing ourselves. Although I would venture to guess even if we did create a “fool proof” safeguard with technology we still would have to worry about a person from the inside unknowingly letting a hacker in through a back door. No matter how good the technology gets people will always be the weak link.

I believe the credit c ard companies are doing everything they can do to best protect the consumers but not so much by the retailers or the processing companies.Target’s incident is an alert to other retailers and the industry as a whole. Even though Target was alerted many times about a potential threat, due to nature of business and complacency of some of the key employees, the company didnt act fast similar to what we read in the other case “SunnyLake Hospital EMR” situation.
Apple has becoming a leader in that perspective with it apple pay, but apple cant do it alone, there has to be a buy in from other companies as well. So lets see what future will unfold.In case of Target though, as i understand it was not an issue with a credit card company but it was an issue with the way target had stored the credit card information of its consumers and their processing companies and the systems that were in place.

It’s difficult to make a blanket statement regarding businesses are doing enough to keep information secure. I think the answer is some are and some aren’t. In my experience one of two things tend to happen. Either budget delays upgrades in technology that would increase security or a new tech, platform, or system is purchased but the staff is not sufficiently trained from the beginning on using it. From a budget standpoint lots companies are currently PCI compliant but likely have yet to add chip technology or additional security scans. In my experience these things are typically identified as needs but don’t always make it to the top of the priority list. On the training side Target did invest in the right equipment, the system performed wonderfully, and yet a major security breach still occurred. Was it laziness, or training? Why wasn’t a protocol put in place requiring the immediate report of any flag in the system? What’s the point of investing in it if you’re not going to use it? Another example sort of related example of this: My company invested $150,000 in Radian6, a powerful social monitoring tool that allows users to gather all kinds of information/conversations from social platforms. You can conduct deep analytic reporting from the information, integrate it in with your CRM and more. Unfortunately, we didn’t invest in any training and offered no additional staffing to utilize the system. For the last year, the platform hasn’t been used at all making it a complete waste of $150k.

I have several credit cards and never had an issue with my information being compromised until last year, shortly after I opened a store credit that I was able to use beyond that specific store. In a six month period, it was compromised twice. At first I thought it was directly linked to the Target credit card information breach but after a replacement card was sent, activated, but never used, I soon realized that it could not be the case. So in my opinion, retailers, payment process, and credit card companies are not doing enough to secure our personal information. On the back of each of my cards, I have “SEE ID” and I would say I am asked maybe 20% for ID of the time I shop. I am not sure if it is lack of training of staff to require to ask, possible laziness, or that I have a kind face and don’t look like a thief but I have called several cashiers out asking them why they didn’t request ID. Most have said their protocol is that anything under $25, $100 or whatever amount they are told they do not have to ask for identification. To me, that is complete negligence on the retailer’s part. In the case of Target, it appeared they had an opportunity to respond to this hacking incident but choose to ignore that. While I love shopping at Target, it makes me reconsider doing business with a company who didn’t give a warning of this nature a second thought.

Based on the credit card compromise at Target, our company immediately acted with increased security measures. One thing they did extraordinarily well is brought every single staff member, regardless if you dealt with credit card information or not, into a meeting that explained the recent breach with Target, how it affects people, and what we were going to do better to prevent a situation like this occurring with the customers at our company. They provided us background on PCI, scanned and removed any personal information from our emails, require 90-day password changes, and then gave us an accountability policy related to their new security measures. 1st breach-discussion with manager, second breach 90 day review period, third break and you are terminated. Working in a sales industry, we deal with credit cards all day, every day. We have a DO’s and DON’Ts with how we collect and store our data. We were all set up for success and fortunately have not had any issues with our customers information since our PCI sweep began.

Technology, like most everything, is a mixed bag of good and bad. It provides so many conveniences but provides a new class of fraud and identity theft issues. I never would have believed that identity theft would have become such a common risk for average people. The credit bureau agencies are not pleasant to work with and I cannot imagine how horrible it would be to have to clean up serious errors on credit reports. I worked to remove some incorrect addresses on my credit report a few years ago. The amount of documentation required was ridiculous.

I think that information is protected only for as long as it takes for a hacker to break through. It seems that information security will always be a cat and mouse game.

Today most of us are using a huge number of online services to get things done and technology have saved us from having to physically commute to a bank or investment branch to perform transactions. While this is very convenient, technology can operates like a double –edged sword. It facilitates fraud through email hacking, website attacks, and identity theft but it also makes it easier to keep our money safe. On the one hand, advance in technology presents the ongoing risk of hackers decoding passwords and using Trojans, viruses, and spyware to find new ways to make it into our PC’s and cause havoc. But on the other hand, technology has also helps to better manage online security by allowing us to use two-factor authentication to the more sophisticated voice activation and bio metric fingerprint identification. In addition, many banks allow customers to monitor their accounts in real time via e-mails or text messages sent when certain unusual activities occur. This also helps in cutting down fraudulent activities.

I would like to speak on question 1. I feel pretty secure in my daily transactions at businesses. I have even used my debit card at Target since this hack without the thought even crossing my mind about someone stealing my information. While I know doubt think that the people effected by this and similar hacks are harmed and may not see things the way I do, I don’t see a system wide problem of people stealing my information. We live in a pretty secure world. Is this security breached sometimes, yes. Is it bad when it happens, yes. But I think the media tends to blow singular or group of events out of proportion. For example, there are no more child molesters today than there were twenty years ago, but because of how the media blows up the horrible times that it does happen, we fear to let our children walk to a neighbor’s house. Quick, anybody name a financial security hack since 2013? I have nothing. With that said, I think Target let down its consumers by not heading the warnings that were given to them about the hack. With the sophisticated technology they were using and the center they had for preventing the attacks (imagine the money to have such a center), I am incredulous that such a simple hack couldn’t be stopped. But, I believe that most retailers and businesses are doing a good job at keeping my information secure, and my credit card company is backing them up with refunds. I don’t think a certain level of fraud should be expected. No one should have their information stolen. Companies must not rest on past successes, but look at the times they have failed as a whole and grow as a whole to prevent future attacks. Hackers are inventing new ways to attack businesses and they must be ready to respond.

Technology has made numerous things in our lives easier, so why not fraud as well? The internet has made it much easier to find the right book or product, find information, get directions, translate languages, and a host of other things. However, I feel that it all comes with a price. 30 years ago I’m sure there were isolated cases of credit card fraud and identity theft, but the instances have skyrocketed. Entire industries have been built around cyber crime, cyber security, and cyber warfare.

Technology helps information move at incredible speeds. That’s the real challenge. Take the Target case for example. Hackers from Russia were able to extract tens of millions of credit card numbers from Target’s system. Years ago this simply could not have been done. Data theft would have been localized and limited. If a Russian thief wanted to steal something, odds are he or she would have had to remain within a certain geography. Or at the very least hit one spot at a time. Today, anyone at a computer can simultaneously break in to any company at any location in the world. It’s astounding.

Advances in technology have made it easier to commit fraud and to keep money safe, however fraud has the advantage. This is because in a fraud scenario, there is a person working with the technology to get the information – essentially someone on the offensive. The same cannot be said for every safety protocol, which is not being managed by a person (the defense). Add to that the fact that, as is noted in the “Human Element” article, humans are the weakest link in security, setting up passwords and security measures that are easily bypassed by assailants. This means that not only is nobody watching the gate, but those who create the gate did not do a very good job. Someone with strong computer skills who wants to get information can pass through weak, unmanaged security measures to get what they want.

I think advances in technology may lull people into thinking their information is secure because of the technology in place. I have security software on my laptop, and I expect it to stop viruses, malware, and Trojans. I also use the software’s browser plug-in to identify safe/unsafe links, but I learned the hard way the software doesn’t stop all attacks, and I’ve seen also evidence that “unsafe” links are sometimes marked as “safe” (it may be time to find new security software). I consider myself pretty good at spotting phishing emails and unsafe attachments, but I do admit that before the malware somehow installed itself on my laptop, I relied more on the software than on my instincts. Now I supplement the software with a second program (the one that found the malware in the first place), and try to remember to run a second check on all downloaded attachments, whether received from friends, family, classmates, or colleagues.
–
I think the massive bank heist I mentioned in a comment above and Kenyetta mentioned in her post is another example of people being lulled by the protection technology is supposed to provide – that kind of heist was probably not possible in the minds of the people running the banks’ networks. The same thing goes for the Target breach. In that case, technology did catch the intrusion, but humans failed to take appropriate action to shut it down.
–
On the other hand, technology has also made it easier for people to regularly monitor their money. I regularly check my bank and credit card accounts, and receive emails if unusual activity occurs. I also pay for an identity monitoring service that alerts me if there is any activity related to my social security number, if bank or credit card accounts are opened/closed, if there are credit checks on me, or if activity on any of my financial accounts hits a specific threshold.

I do not think retailers are doing enough to prevent fraud. Before reading the Target article, I had no idea that fraud was such a big concern. Certainly we know it happens, and we all have heard stories about “identity theft”, but I was under the impression that was the exception and happened very infrequently. The Target and the related CIO article make this seem like a much bigger issue. In addition credit card companies have implemented policies to reimburse customers for fraudulent charges, which indicate that the banking industry, if not the retail industry as well, have embraced this as a form of business expense.

I spent a month in Phoenix AZ a little over a year ago and my credit card information was “hijacked” (is that the right term?) after buying some Mexican food take-out one night. I had no idea until months later when I got a call from my credit card company. Apparently the thief had made a series of small purchases – gas stations, retail stores, etc, – before attempting to buy a $700 plane ticket, which was denied. The caller listed some charges on the phone and I was able to distinguish the legitimate from the illegitimate charges based on location and time-frame, and they reimbursed me for everything, which was great.

Evidently the credit industry then is taking this seriously; keeping customers feeling safe and promoting spending is just good business for them. However I feel that the retail store I purchased from, where my information was obtained initially, should have some degree of responsibility. For the small mom-and-pop I understand this must be difficult and costly. However many people shop at the larger chains not only for convenience but for the relative sense of safety that comes with the territory. If this sense of security is threatened their business could suffer. Hence it just makes good business sense to protect user data.

This is a response to the second while touching on the first. Clearly technology has made our lives easier is many ways. Equally as obvious is the fact that technology and the internet have also introduced new risk – new ways to obtain and steal data, new ways to duplicate and mimic information, and so on. Really this is a trade-off: increased commerce on the one hand and relative risk on the other. Clearly the government and the banking institutions and virtually every other industry would favor more commerce to grow the economy, increase the GDP, etc. Every industry involved wants us to spend more. To spend more we need to feel safe and secure. Therefore the risk involved is downplayed, and security measures are advertised. But, as other users have mentioned, with every step forward in technology there is an equal step forward in the fraud and thievery “industries”. This factor can never be eliminated completely, the best we can hope for is to control it at some minor, if not insignificant, level.

Do you think retailers, payment processors, and credit card companies are doing enough to keep your financial information secure? Or, is a certain level of fraud just a cost of doing business?

– I think all the aforementioned parties are doing their upmost to keep information secure. These entities employ scores of compliance and risk management specialists who assess these issues on a daily basis. In my mind, this is a new cost of doing business that, to some degree, we must become accustomed to as part of the advent of the digital age. There has always been unsavory and unscrupulous individuals who engage in nefarious activities – in the digital age, this fact has become glaringly obvious. There are some basic exceptions. The recent hacking of Anthem servers revealed that some of the information wasn’t encrypted. Such a lack of security is unacceptable. That said, a fair share of some of the more recent hacks covered by the media have turned out to be due to the actions of disgruntled employee. The most obvious example of which is the recent hack of Sony that leaked The Interview. While the media sold the issue as North Korea having sophisticated hackers, it turned out to be due to the actions of several disgruntled employees providing proprietary information to North Korea that allowed them to gain access to the Sony Systems.

When I look at question #1 my simple answer is certainly not. Technology has constantly been evolving, but when I look at credit card companies specifically, we are still using the same type of technology that allows our information to be viewed or stolen by others. We as a society are still using a little plastic card that fits in our wallet and stores our information. It’s simply a numerical string that someone can utilize to steal money.
–
I would like to see us move to a 3rd party payment type system utilizing the technologies of google wallet or others where I can purchase my products and push the money to them as opposed to them pulling the money from my credit card. This allows me to be in control over who stores my personal information into their systems, I surely don’t want target, homedepot or others having my information on their systems I’d much rather chose a single vendor that I know will encrypt and protect my data to the fullest extent.
–
As for is a certain level of fraud acceptable I would say sure, but that depends on the type of fraud. If the impact to me is that I need a new credit card and there is no financial or real time cost to me that’s acceptable. If the fraud is my information is breached and a hacker knows information that cannot easily be repaired like a SSN and can ruin my credit for years, absolutely not acceptable. Speaking of SSN how long is it going to be until we move off of this antiquated number system and into the digital age of biometrics and include things like voice, face, fingerprint, iris scanning. It will be much more difficult if you need to scan me in order to complete a transaction – you would need to make a clone if you want to steal my PPI information in the future!

Do you think retailers, payment processors, and credit card companies are doing enough to keep your financial information secure? Or, is a certain level of fraud just a cost of doing business?

Honestly I don’t think they are. There should be a new standard of processing payments regardless of the method. Credit Card companies are putting chips into their credit cards to further secure the information however, thieves are still getting their hands on the information from the retailers. The article in CIO states that, Your sensitive data is only as secure as the weakest link in your organization, and in many cases the weak link is your employees. A properly established security awareness and training program can pay huge dividends.” Retailers aren’t doing enough to secure the data they are entrusted with. If I go to the store and use my debit card for example, I am trusting the retailer with that information. Technology is changing and Apple has changed the way credit card information is stored. Apple Pay loads your card onto the device but gives it a different number. Your credit card information is never posted. How this works is a unique identifier attached to your card notifies the bank that you’ve made a transaction. Apple has taken the initiative to protect your information. There should be a way retailers can still keep your information on file but code it the same way Apple Pay does. It would be impossible for thieves to actually use the credit cards at that point.

“Have advances in technology made it easier to commit fraud? Or, has technology made it easier to keep your money safe?”

I think without question, technology has made it easier to commit fraud. Before credit cards in the 70s and 80s, you would almost have to give someone money for them to take advantage of you (e.g., pyramid schemes). Then, in the 1980s and 1990s, you’d still need either physical possession of a card or be skilled in creating copy of a card. If you were counterfeiting, you had to be excellent or the clerk grabbing your card would recognize something was wrong. Some of that skill went away by the late 90s and early 2000s, when card readers became more prevalent, but now you’d need to be able to counterfeit the magnetic codes on the back. With the online retailing revolution, it is much easier to commit fraud. All you need are 16 numbers on the front of a card and a 3 digit security code on the back, which can be intercepted by even novice hackers in the right setting. It also creates large vulnerabilities where large amounts of credit card data are stored, as we saw in the Target case. At some level, you do have more protection now, if you are pro-active, since you can check your bank balances daily, and most major banks have some sort of fraud protection available, but it remains much easier to commit the crime now in a digital age than for the grifters of years gone by.

The advances have definitely made it easier to commit fraud because hackers use the most updated technology and attack companies that lag behind or have gaps in the technology. It’s a vicious cycle. As soon as technology advances hackers are given that much more to work with and it ends up becoming a race to see who can stay ahead.

Every seems to believe there is a better way. I agree that the movement to chips in credit cards is necessary, and it seems all major issuers are moving towards that route. Apple Pay utilizes NFC technology, which I believe will be one of the hallmarks of future commerce, as it makes it very difficult for fraud to occur. While the information used in NFC transactions can be easily “got” by hackers, the information is meaningless, since a special number is generated for each individual transaction (i.e. the info they get can’t be used for transactions).

Everyone additionally seems to feel that there needs to be a system that codifies the information that is stored. To my understanding, such a system exists, and its called encryption. Sad to say, even some of the best encryptions are crackable. Coding consumer information to the same degree the pentagon or other highly classified information is coded currently, while ideal, presents several challenges. For one, the data becomes extremely bulky, meaning not only does it require infinitely more sever space to be stored, but it also requires infinitely more processing power to retrieve and utilize said data. This presents a challenge in the sphere of consumerism, where transactional information is transferred around the world and back in nanoseconds.

The question remains – is this a reality we are willing to accept? I would argue yes. All disruptive innovations have come at a cost. The invention of the automobile lead to an exponential increase in carbon emissions and greenhouse gases – but it also paved the path to modernized civilization. The Industrial Revolution witness the advent of factories, which allowed for mass production – at the cost of harming the environment and human lives. With time, the market invariably finds solutions to these problems. We have developed low carbon emitting engines, and even electric cars. Factories have learned how to operate at an environmentally neutral capacity, etc.

The world is rapidly changing, we are more connected as a society then ever before – and this is almost exclusively due to the digital revolution that is the internet. Is it acceptable for us to continue to stumble our way down this path, as we have time and again? I would say yes.

Regarding my money and the purchases I make, I think it’s pretty clear that technology has both made some things more secure and made other things more risky. Essentially, this seems to me to be a sort of “arms race” between those that are working to provide us with more information security and those who are developing ever-more effective and creative ways of stealing information. While I greatly appreciate the convenience that many of these advances provide, I’m also very much aware of the risks that I’m taking every time I use them. For example, when I started working (in the pre-internet, pre-ATM dark ages) I used to have to take an actual paycheck to an actual bank, give it to an actual teller, and then wait some given amount of time before I was able to access that money (again, often by going to said actual bank). This was (by today’s standards) terribly inconvenient, but also pretty secure. At that point in my life, the biggest risks were that I’d be mugged on the way to the bank, or that the bank would get held up (again, not by hackers, but by some guy with a gun and a ski mask). Even so, the FDIC and bank insurance was covering me against such losses. By comparison, just before I started in on my homework today, I checked on my direct deposited paycheck, deposited a couple of miscellaneous checks I’d received in the mail, and transferred some money from checking to savings – all on my smartphone over a 4G cell tower connection.

Today, my money is still insured by the bank and the FDIC, but the amount of risk to which I expose myself every time I do these kinds of online transactions often gives me reason to pause and ask myself whether this hyper-convenient manner of managing my money is really worth it. On a related note, I just got notice last night that my family’s information was probably compromised as part of the Anthem health insurance hack, potentially sending our SSNs and G-d knows what else to the highest bidder with the lowest morals, and my to-do list for this weekend now includes taking advantage of the free year of Lifelock or whatever’s being offered to me in “compensation” for this event. So on the one hand, I really love the convenience and I have a great deal of faith in technology’s ability to allow me to perform highly convenient (and largely secure) transactions online. On the other hand, I have to constantly remind myself that for every technological advance in the name of convenience or security, there’s a highly capable teenage hacker who considers said advance just another challenge to be overcome in the interest of his own personal gain.

I believe that for the most part, retailers, payment processors, banks, and credit institutions are indeed doing enough to product our sensitive data. There will always be an inherent level of risk associated with data and information systems; as technology progresses, so does the aptitude and ability of hackers and malicious actors. However, I think there are smart ways of incorporating security measures into our systems, and I think passwords are one method which could be improved upon. A few years ago a senior team from Google came to my workplace to do a panel discussion on some new Google innovations, and one of the things they discussed was the idea of dual-verification for password protected systems. Instead of requiring a lengthy and complicated password which is almost always impossible to remember (and requires being written down somewhere, expressly defeating the purpose of having a lengthy password), Google has incorporated dual-verification, which allows a password to be supplemented with a code which is sent to the user’s cell phone. This exponentially increases security and reduces the hacking vulnerability.

What is demonstrated through the Target case, as well as by Google’s innovation, is that (like the cio.com article theorized) users are the weakest link when it comes to tech security. Weak passwords are a major reason for many hacks. In the Target case, it also came down to simply a breach of a HVAC vendor’s credentials. Additionally, if Target employees in the security department had reported the malware reports like they were supposed to, the leak never would have happened. I think it’s clear that as long as humans remain so susceptible to social engineering, there is no amount of tech security that will totally close the vulnerability gap. Employees need to be trained and retrained on a recurring basis to minimize vulnerability by recognizing and reporting malicious attacks.

While I think that certain breach’s in information are unavoidable, I am not sure that all businesses are doing everything they need to do to protect its customers. Target is an example of a company that received multiple notifications of potential threats but did nothing until personal data was stolen. I think most businesses chalk it up to being a cost of business and that there is not much more they can do. I wonder if that is because of the type of business they are in. I know that my bank does all they can to keep my financial information guarded, is it because they are liable for reimbursing me if my account is breached? All Target offered its customers was a late apology and offering credit protection for a year. I’m not sure that is enough for me to feel that something like this won’t happen again.

I still think that people are the weak link when it comes to securing information. In many organizations, it seems that there aren’t effective security awareness or training programs to ensure that employees are doing all they can to secure information. Educating employees on how to identify malware or suspicious emails, teaching employees how to handle infected machines, providing a contact list of who to contact in the event that this occurs and understanding what the process is to make sure there aren’t any breaches. I think Thor Olasrud’s article is accurate when it says that security programs shouldn’t be ad hoc and departments should be ankle to answer the “who, what and how.”

I work at a company that takes security very seriously and our IT department does a good job of educating employees on how to identify threats based on what department they are in. We also have monthly security meetings to ensure that employees are aware of the recent security threats we experience. One of the best parts of our program is that our IT department conducts IT drills to see which employees are successful in identify suspicious activity and follow the proper protocols. I think these initiatives make our program more effective because security is embedded in what we do and our culture.

1. Do you think retailers, payment processors, and credit card companies are doing enough to keep your financial information secure? Or, is a certain level of fraud just a cost of doing business?
I do not think that retails, payment processors, and credit card companies are doing enough to keep financial information secure and the many reason for this is money. It all comes down to what these firms value their losses at vs what they would need to spend on security measures to prevent said loss. In the case of credit card companies, it is much easier and cheaper to pay their customers back for whatever illegal transactions were made then give them a new card vs spending the time and money to find who stole the card and get them to appropriate authorities. Also the costs associated with creating tighter security measures usually isn’t worth it when the likelihood of actually having a large scale and expensive breach isn’t there. Take a look a Sony over the past few months. They were so easily hacked because most of their internal secure passwords turned out to be “admin” or “password” which made it extremely easy for hackers to manipulate. I do believe to a certain level that fraud is a cost of doing business but it shouldn’t be. A majority of smaller firms just don’t have the resources to completely stop/prevent fraud and to an extent, fraud will always happen as long as there are people with the means and motivation to commit it.
2. What do you think. Have advances in technology made it easier to commit fraud? Or, has technology made it easier to keep your money safe?
I think that advances in technology didn’t make it easier to commit fraud but instead changed the type of fraud that is being committed. In that past there was much higher counterfeit cash and check fraud because money was easier to replicate and checks were easier to wash. Without modern machines, things like jewelry and rare metals were easier to con off as fakes because digital machines didn’t exist to check the chemical make-up. Now those types of fraud are harder to commit but things like ATM and credit card fraud are easier. With the advent of RFID chips, people can now scan card number with handheld machines making it easy to steal card numbers. With the cheaper and easier access to devices used to commit fraud have not made it easier to commit fraud but they have made the ability to commit fraud accessible to more people.

I suspect that most large businesses have the funds to do a lot to prioritize security, but as a business owner who is acutely aware of how vulnerable I am to any security breaches, I think that the risks associated with using technology are worth the benefits technology offers. I think we practice medicine better due to our EMR utilization and I think as a COO and CFO I couldn’t possibly multitask as I do without using technology. It is important to use reputable product vendors and it is on every business’ shoulders to put in place a risk management program that includes the risks involved with relying on technology. Leadership teams need to be aware of responsibilities that accompany the widespread use of technology – like in my case making sure that my practice management software is PCI compliant since I store clients’ credit card information. I think though technology tries to be one step ahead of hackers, but the hackers are so smart that they will always pose a risk. I do my best by trying to have systems in place to minimize damage should it occur. The first thing I do every day is check my bank balance and carefully review credit card charges on a regular basis – not just when my statement is available.

In general I believe retailers do provide as much security as they can for their customers. They know that if customers don’t feel secure they will show elsewhere so it’s in their best interest to protect their clients. While government regulations are in place to dictate minimum levels of security many companies are going beyond that because they understand the importance of security and know that they could be targeted. At the same time I don’t think it is realistic to believe that retails can prevent all fraud. The unfortunate truth is that there are bad people in this world who will continue to try and find ways to do bad things. If people are concerned about their credit card security they can always go back to dealing in cash. Then of course you run the risk of pick pockets and street crime, so there really is no way to eliminate all risk.

In many ways technology has made monetary transactions safer. Credit card companies can monitor for unusual spending behavior, banks can notify you of low balances or recent purchases, just to name a few. At the same time, technology has made it easier to make fast purchases without a lot of security checks, making some interactions more vulnerable. For example, you don’t have to sign credit card transactions for under $20 anymore or you can make online purchases with your saved credit card information if you log into the retailer’s web site. There are also more programs to protect credit card holders when there is fraud and ways to monitor your credit activity in real time. Ultimately there are always trade off to changes, however new technology that has made things easier and more efficient outweigh the risks brought with it when used smartly.

Technology has brought the world smaller, it’s amazing that I can talk over the web to someone across the globe in real-time. Although the advances in technology are making us all more proficient and work faster, it is also opening us up to more threats for those few individuals who want to capitalize on poor security systems. In the example of Target, the individual who was committing the fraud was half way across the globe. It took countless man hours of investigation and collaboration with authorities overseas to make an arrest. Compare this to years ago, when most people paid by cash or check, thieves were caught when their hands were literally in the cookie jar. Or they would actually have to go into their bank and make a deposit. Nowadays with online banking and online purchasing increasing, it’s easier to steal someone else’s information and never need to put a name with a face. Our money and our identity is at risk now more than ever. Security measures need to be increased and stiffer penalties for thieves need to be put in place.

Due to the financial nature of their business and volume of transactions, retailers, payment processors, and credit card companies are all obvious targets for internal and external hackers. Although to some degree fraud is an inevitable cost of doing business, both articles confirm there’s definitely room for improvement when it comes to fraud prevention. Complying with information security standards and government regulations is only the first step toward protecting consumer information. Technology is only as strong as the company’s weakest employee, therefore extra vigilance is required to detect malware and counteract human error. These companies should do more to thwart hackers and avoid ‘security blunders’ instead of waiting until after a crisis to implement fraud prevention measures. However, since there’s no legal requirement to publicly disclose security breaches and insurance covers fraud, transitioning to more secure technology is not a priority for U.S. companies. An example of this complacency is the misguided decision to continue exposing cardholders to the risk of fraud and counterfeiting, instead of immediately upgrading to chip cards (already proven to be effective in Europe). These companies unscrupuosly rely on the consumer’s willingness to accept the threat of identity theft, in exchange for the convenience of online banking and non-cash transactions. The only accountability measure seems to be a company’s stock price, which might not even suffer commensurately with the damage done to consumers, if they have a good public relations team. Ultimately, technology has made it easier to steal from consumers and companies, but since hacking still requires a human element, these same advancements should make cyber attacks easier to defend against. If companies/competitors worked together and shared knowledge, security breaches such as the incidents at Target and Sony Pictures could be avoided. Call me skeptical, but I don’t see that happening anytime soon.

I do not think that technology has made it necessarily easier to steal, I think it just changed the way in which things are stolen. In ancient times thieves used to cut people’s purse strings at the market and these days they steal credit card data. Unfortunately, crime is an evolving business, just like any. While it might seem that it is easier to steal what is less tangible, we have also become more adept at finding ways to evade such theft. In the readings regarding Target, there was a very sophisticated system in place, it was just not used appropriately and in a timely manner. In part, financial safety in both tangible and virtual terms relies heavily on the user/consumer as well. We have an equal responsibility to track our transactions,monitor our credit activity, and carefully select retailers that we trust with our credit information. While security breaches at Target and other retailers might be a huge burden or inconvenience, on a consumer level, keeping a careful eye on your transactions would, most often, resolve the problem quickly.

You can’t help as a consumer but feel quite a bit of dread and anger at the lack of attentiveness to extremely useful security breach information provided from FireEye to Target on multiple occasions. While doing business through electronic means will always afford a degree of risk, the use of checks and balances and the rapid awareness and action to red flags can drastically decrease the amount of hacking that takes place. There will always be a slow uptake of new technology that offers increased security, such as the embedded smart chips that are references in European credit cards. These scramble individual transactions to be more similar to a bitcoin type transaction when anonymous information is attached through layers of security to highly sensitive information. Eventually, hackers will also find a weakness within these systems as well, perhaps even prior to the uptake by U.S. consumers. I think it is perhaps unfair to say advances in technology make this type of business unsafe as there are inherent security risks with any system in place. If you accept only cash in your business, you run the risk of someone entering the building with a shotgun and performing an armed robbery. These were the types of financial crimes we saw generations ago. In this generation, we see the same socially disenfranchised individuals, just with a different set of skills, performing these criminal heists. In my opinion, if used properly, these technologies make it safer to conduct business, but every businesses information officers need to be more vigilant in response to simple red flags. It is no surprise that Targets CIO was fired in March after the incident took place.

Do you think retailers, payment processors, and credit card companies are doing enough to keep your financial information secure? Or, is a certain level of fraud just a cost of doing business?

I believe the companies accept a certain level of fraud as a cost of doing business. They absolutely are not doing everything they can to avoid scams to customers. Case in point, credit cards could have embedded chips which would aid in preventing theft but the retailers push back due to the costs associated with the technology required to read the cards.

As a customer, it is infuriating when someone steals my credit card info and racks charges up until they’re caught. My first incident happened 5 years ago when someone in the UK used my card at a travel agent’s website. They bought airline and arena tickets totaling $3,800. My credit card company was awesome and quickly took the charges off my bill but that was it – they didn’t pursue the scammers. Little effort is made by credit card companies to find or even prosecute the thieves. Seemed pretty simple for them to reach out the travel agent, get the customer’s name who used my card, meet them at the arena and arrest them. There’s probably so much fraud that exists they have to put a dollar threshold on which cases to investigate.

What do you think – Have advances in technology made it easier to commit fraud? Or, has technology made it easier to keep your money safe?

I think both – advances in technology keep your money safe for a certain amount of time until advances in hijackers’ technology and abilities figure out how to crack the safe. The CIO article “How to Secure Data by Addressing the Human Element” really put things into perspective for me. As advances are made in technology, humans become the weakest link. Scary to hear that only 5 employees out of the 140 phone calls made refused to provide information. How do you fix this…through training or maybe hiding privileged information from employees, or both?

The company where I work is required by law to provide public records to anyone who makes such requests. Since we have customer’s private information, we’re required to redact it before sending the data out to the requester. Our IT security team provided company-wide campaigns to ensure all employees understand the importance of not providing personal information for our customers. Interestingly enough, we don’t have any sort of software-type check to validate private data is not being disseminated, which wouldn’t be a bad idea since we are “only” human.

I really don’t think companies are doing enough to prevent to prevent fraud from occurring. Just look at Target, Home Depot, Staples, or health care company Anthem for example who’ve had their systems hacked within the last year or so. I think that we as consumers have to have a greater expectation that as we become more connected and use our credit cards more often, that there will be more fraud. At the same time however, we, as consumers, have to be more proactive in protecting our identity which will really take a lot of effort to break ourselves from the norm.

But if we incorporate technologies like the EMV chips, which will become standard issue over the coming years in the United States (http://www.forbes.com/sites/tomgroenfeldt/2014/06/23/more-secure-credit-cards-with-chips-coming-to-the-u-s/), using this technology would be a great step in the right direction to prevention fraud from occurring. New technologies will force us to change. I don’t see hope in some people when they’re still using 123456 as their passwords, even though we’ve been warned for years that it isn’t safe.

Those that handle sensitive credit card information do have an obligation to keep the data safe to the best of their ability and using sincere practices to protect the consumer. That being said, I do believe that the consumer bears a portion of the risk if they choose to make purchases with credit cards. In a society where risks of fraud exist it is imprudent to assume that the entirety of the responsibility belongs to the vender.

I believe that a certain amount of fraud, like shrinkage in the retail arena, should be contemplated and planned for by businesses. Additionally, I feel it is a prudent business practice for companies to employ both preventative and detective controls to identify fraud. An example of controls is the review of transactions to identify patterns which could suggest fraudulent transactions.

I also think that it should be the responsibility of the consumer to use best practices to protect themselves. Best practices include choosing venders only using a secured and verified web page. Also I suggest that consumers review their credit card transactions regularly to identify any irregularities and be sure that they shop at only reputable firms.

This question has a few different components to consider. There is no question that online purchases, the proliferation of credit cards payments and web based financial services open up a treasure trove of opportunities for would be hackers. Many of us blindly assume that when make a transaction with a retailer or provide sensitive information to our insurance company online we are safe. The problems arise when hackers of all levels of sophistication find the weak point, whether through malware technology or by compromising employees within the firm. As stated in the article this week, often employee behavior is a large contributing factor in a breach, which could be prevented. Consider the Target case, where even the best intended data security software resulted in a massive issue because the “people” did not respond accordingly. Also consider the link below which outlines these problems in the context of the Anthem breach from earlier this month. Once again, we see an inability to identify abnormal behaviors on the system side, while the short-comings of staff and their failure to recognize issues delays a meaningful response. So in sum, most firms have a plan to handle these challenges, but have gaps in their process; especially with respect to “people” problems. Fraud is not preventable, but early detection, proper training and rapid response is the best defense, when considering both Target and Anthem and many other examples.

http://www.forbes.com/sites/frontline/2015/02/24/behavioral-analysis-could-have-prevented-the-anthem-breach/

Banks have been robbed since the first modern ones opened during the Renaissance. Thieves are always looking for a quick payday. It is the responsibility of financial institutions, retailers, credit card companies, and the like to anticipate what these criminals will do before they do it. It is a heavy burden that makes it virtually impossible to guarantee consumers that their financial information is secure. In fact, I would think that in almost every instance the advantage lies with the criminals trying to extract and steal personal information as opposed to the aforementioned organizations. Hackers are constantly looking for vulnerabilities to exploit and persistently attempt to penetrate networks to gain access. They may be unsuccessful 999 out of 1000 attempts but all they need is that one victory. Regardless of the fact that those companies succeeded on 999 occasions, a single network breach is completely intolerable and they just lost the confidence (and possibly business) of the consumers that they serve.
The challenge for these institutions is to stay one step ahead of would-be criminals. Some employ hackers to identify weaknesses. Others invest in robust network security packages to deter cyber thieves and hopefully prod hackers along to softer targets. But a truly dedicated hacker with a specific purpose or mission, regardless of reasoning, could be extremely difficult to thwart. In today’s digital marketplace, consumers should expect the possibility for fraud in transactions – no matter when the transaction occurred; yesterday, five months ago, or five years ago. I believe that retailers, credit card companies, the government, etc make valiant efforts to put the necessary procedures and data protection systems in place to safeguard personal and financial information. Target anticipated the risk and made a significant investment in a malware detection tool. However, like it was stated in the CIO article, humans are generally the weakest link. The reporting procedures Target put in place were not properly followed and the hackers were able to make off with the credit card numbers.
A week ago, hackers stole $1B from banks around the world (http://money.cnn.com/2015/02/15/technology/security/kaspersky-bank-hacking/). They were even able to get ATMs to dispense cash at will while an associate collecting the money falling out of the machine. Let’s not forget about the government (who some would also call criminals). In a story released on the 19th, it details how the U.S. and British intelligence agencies stole encryption keys as a part of the NSA communications monitoring program that was exposed in 2013 (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/). So while technology has undoubtedly made lives easier around the world, it has also made it easier for those with unsound intentions to commit fraud against those who use modern conveniences. As the old adage goes, if there’s a will, there’s a way. This point has been proven time and again through stories of identity theft, ponzi schemes, and corporate data breaches.

I think there is always going to be a certain level of fraud. Companies can take steps to keep financial information secure but you will always have the human element. Hackers are looking for the weak link. They have a mission to find a way to beat the system. Employee passwords are one of the avenues hackers use to access this data. Employees become complacent about security. A hacker’s goal is to get through the security. Companies need to make their employees understand how hackers work and to be more diligent in training their employees on the importance of security and following data protection policies.

Although in its infancy technology has enabled more fraud, with time secure methods have been implemented. Given its dynamic nature, technology will continue to be beneficial and used to cause harm. Social engineering is, in the era of bid data- in my opinion, the evil genius. It can be cleverly customized to harvest from unsuspecting, yet willing participants. it is unfortunate that it can be used with malicious intent rather than always for positive cause. What is the solution besides firewalls and security protocols? Training the human element, most definitely; however that would be a blanket statement. Without effectively addressing all facets, individual roles and positions it may prove to be grossly inadequate. Continual education is critical in providing the skills to efficiently enforce prudence and vigilance. It will be habit forming and change the way one will view digital security in the workplace and personal life. Also, once an individual has been victimized, lesson learned turns into wisdom. It has certainly changed my behavior- I now change passwords often and vary their theme regularly. Unfortunately nothing is fool proof however i want to make sure I do what i can to minimize the potential for fraud.

I think advances in technology have definitely made it easier to commit fraud, but those same advancements have also made it easier to keep money safe. It is a vicious cycle where technology advances followed by vulnerabilities in that technology that become threats that are then fixed by security advances only to have more advances in technology and the cycle starts again. And the entire time the weakest link is the human element. Remember when skimming at the ATM was the big thing to be concerned with? Now the criminals do not even need to leave the glow of their computer screen to wreak havoc. The human element as the weakest link is compelling because I think it has a lot to do with advancements in technology outpacing our individual understanding of that technology especially for those who permit breaches in security to occur. But at the same time I think the criminal minds who have proliferated on the internet are equally part of that weakest link. How much farther would our advances in technology be if we didn’t have to dedicate so much effort in preventing cyber attacks?

Do you think retailers, payment processors, and credit card companies are doing enough to keep your financial information secure? Or, is a certain level of fraud just a cost of doing business?

In recent years, there have been increasing numbers of security breaches associated with firm loosing control over customer’s financial information to the hackers. Regardless of how sophisticated a system company adopts, the hackers have shown upper hand to breach all the walls to the treasure. Although may companies may have already been spending significant sum of revenues on developing security against hackers, they may have reached a point at which cost of additional security may out way little risk inheriting within the system. These include company such as Google who has made quite evident that they too become attacked; yet their systems are capable of preventing/letting intruder deep into their process. However, not all companies are that far advanced nor they may have enough funding to develop such complex system. But I believe there are still further options for their companies to consider improving safekeeping of customer’s financial information. Recent sensation hitting media is Apple Pay, which claim to enhance customer payment security by not releasing customer’s credit card information to merchants instead it releases a onetime use code to complete transaction. Such algorithms may be implemented by all retails companies to prevent storing customer’s credit card information into their system and adding layer of security to safe keep customer’s payments. Although the Apple may advertise to claim the strengths of their system, time will tell if its indeed powerful tool.

Considering the rate of internet fraud, I think retailers are generally doing a good job protecting financial information. I have been doing online transactions for almost 15 years and have never experienced a security breach. Perhaps I’ve been luck so far.
I think social media as well as mobile technology are grossly are grossly responsible for modern internet fraud.

Airbnb had multiple options at hand which could have minimized the EJ incidence. The first is requiring a substantial down payment that goes into escrow determined by the value of the rental. This could insurance based which would make more sense from a business perspective. All renters should have a standard low cost background check prior to renting. Hosts and Renters cannot use pseudonyms to avoid fictitious posts to destroy reputations. As long as the renter and quest are financially protected incidences like this can be avoided. When a story such as this airs it is imperative to calm the rental community that all owners are financially protected from loss due to insurance. Let the hosting community and consumer know that only prescreened customers are allowed to rent and that a confirmed credit down payment will be required to ensure against any loss. I would also remind potential consumers that the risks are similar in any rental situation absent the internet. You really never know who will turn out to be a nightmare renter. But with the internet you have the ability to know even more about a renter due to online reviews, background searchs and profiles built over time which never existed in a standard rental agreement

I think Airbnb could have done more to gather complete information on their customers to protect hosts like “EJ”. The case reading stated that guests were not even required to provide full names when submitting a reservation request. I would put a “know your customer” type program in place requiring complete customer profiles with a required identification process. In addition, security deposits should be required with their release dependent on a timely property inspection after guests leave the rental property. It was disappointing to read that Airbnb also has a process in place that incentivizes hosts to accept guest requests within 24 hours by placing them higher in their placement search results and actually penalized guests with lower placement for turning down reservation requests. I believe the penalty for declining requests and incentive for quick acceptance contributes to hosts performing less due diligence on potential guests which increases the likelihood of incidents like what “EJ” experienced. I think a combination of requiring thorough customer profiles with verifiable identification, security deposits, and some form of insurance for hosts will severely mitigate the potential for future “EJ” type incidents.

If I were a crisis consultant, I would advise Airbnb to communicate proactively on the issue by acknowledging the problem, apologizing publicly to “EJ” and reimbursing her for damages. At the same time, I would announce actions they will be taking in what I would state as their “Commitment” to improve the safety and security for their customers (both hosts and guests). I would also advise them to prioritize resources to roll out these changes quickly in conjunction with a strong public relations effort around how they are delivering on their commitment.

The biggest problem here is the public perception that Airbnb did not care when its ’employees’ suffered. They were slow to respond, tried to get EJ to shut down her blog site, and tried to sweep it under the rug. Instead, their apparent insensitivity further fueled the flames and made the story go viral. They did not have a plan for crisis management, and by the time they decided to admit fault and accept some responsibility, it was too late.

Having better background screening would help, but I don’t think you can ever eliminate the possibility of having a hotel or Airbnb house trashed by a guest. Although I don’t think they can ever completely avoid another EJ incident, they could have put out the fire from becoming a full blown crisis by having had a better crisis plan that could have immediately gone into effect – accept responsibility, have an insurance plan to pay damages, and have mechanisms to help the police track down the accused. That would be my recommendation if I were a crisis consultant.

Incidents that EJ had should never occur. It’s like the golden rule, “Treat people as you want to be treated.” People should not destroy other’s property. That said, this isn’t always true. You’ll always find someone that doesn’t care about anything else, but their own self. Airbnb essentially did everything they could after the incident, but looking in retrospective is always easier to fix situations. Airbnb could’ve performed background checks earlier on both renters and owners to make sure the listing is legitimate and the renter has a clean background, similar to the TSA. For renters, they could schedule an interview and do a basic background check. For home owners, they would have home inspectors inspect the rental property to make sure it is as described and the home owner is legitimate. After each visit, AirBnb should survey both the rental property owner and the renter to try and obtain accurate reviews. AirBnB should also require a security deposit (as we do with hotels and airlines currently), once both owner and renter have agreed. This security deposit would be returned if the rental property is left with minimal damage. If damage were to occur, the security deposit could be used for it.

Airbnb should do a thorough background check by a third party agency about the potential guest and a host as it is essential to prove their reliability, credit worthiness and this information should be made available to both prior to the acceptance of the transaction. Having some sort of insurance policy in place to protect the hosts and legal enforcement to protect both the host and guest is essential. In case of EJ’s incident, it is unfortunate to leave a stranger in her house, not knowing the malicious intent of the guest but she could have avoided the incident from happening if they had known the background of the guest ahead of time, had he committed such a crime before, were they any public records or criminal records. If EJ had known of such records or incidents, then she could have avoided renting to that guest in the first place.

First thing as a crisis consultant, I would bring the media and public together and disclose of the incident and the steps that we as Airbnb are about to take in order to address the current incident and what steps we are taking to avoid such incidents in the future and the course of action. Disclosures are important to the media and public and constantly keep them aware of the progress. Every care should be taken not to tarnish the brand and taking necessary steps to mitigate any current or future incidents is of utmost importance.

Companies like AirBNB essentially trade in trust. It is interesting to see the evolution of this independent broker style of crowd sourced services or sales. From EBay to Uber to AirBNB, the level of personal trust involved in this space is escalating. Of the examples provided, I would argue that AirBNB is the most personal because people are renting their own private space to total strangers. As a result the systems that create trust between hosts and guests need to be superior to other services brokered using this model. At the time of the EJ incident, it is clear that AirBNB did not have the right systems or protocols in place.

In my opinion, AirBNB would have been better prepared for the EJ incident as well as their latest series of incidents by continually striving to be the best at establishing online trust relationships. More complete personal profiles would be a start, but they also need several methods for hosts and guests to distinguish themselves as reputable. Subjective information like reviews should be supplemented with objective information like background checks, credit scores and statistics on rental history and demographics of historical rentors. The subjective methods used to establish reputation need to be tamperproof and extremely resistant to fraud and impersonation. The systems and methods also need to be backed by scenario based protocols for handling breaches in trust from both hosts and guests.

The suggestions for improvement from the case all seem pretty common sense to me. The most obvious ones being background checked users and insurance provisions for hosts. No one can prevent incidences like EJ’s entirely, but they can make them less likely to occur and more manageable if they do.
As a crisis consultant, I would have advised Airbnb to get out in front of this as soon as they caught wind about it. In this situation, it wasn’t exactly that they got caught actually performing the egregious act, it was more that their flaws were exposed. As tuf74391 said, trust is essential for Airbnb’s business. EJ’s incident put its model into question. The longer people/hosts question it, the more they will stop participating. So Airbnb should have responded immediately – if at least to look into the situation and verify it to be true. This shows concern for their users and their business. Once the incident was indeed verified, they should have worked to remedy it with EJ so as to avoid any damaging legal proceedings and maintain their goodwill. At the same time, a task force should have been formed and announced to look into creating and/or instituting safety measures like the ones listed in the case.

I’m a member of Airbnb (as a guest) and it is extremely simple to join the site. I understand the benefit of making the site easy to join, but perhaps Airbnb could begin charging a small fee for guests that would include the cost of a third party pre-screening company. If charging folks to join the site is too risky, Airbnb could charge visitors and prospective guests the fee once the guest finds a property they’re interested in and decides to contact the host. Whether or not Airbnb charges the fee just one time or annually is another question. The guest could have a clean background during the first year of membership, but anything can happen during that year or following years. It is equally important to pre-screen the hosts. I haven’t used Airbnb in recent years because I’ve worried about my own safety as a guest in a stranger’s home. Naturally, the hosts (and possibly their friends, family members, etc.) have separate sets of keys to the rentals. How do I trust that my things won’t go missing while I’m touring the city? Or that someone won’t come into the property while I’m sleeping? Pre-screening both users is definitely the way to go, in my opinion.

The article suggests that Airbnb could require visitors to answer additional questions to aid in the prevention of these occurrences. I joined in 2012 through my Facebook account and was automatically verified, which certainly didn’t seem like a thorough verification process. They now have a ‘Verify Me’ option for guests where one can take a picture of their ID with a webcam or enter additional personal information such as providing an old address and the last four digits of one’s social security number. From what I’ve read, this is now required to book a rental. Although some disagree with this new verification process and have promised to stop using the site because of it (see link below), I think it’s a great idea, but needs improvement. It took me less than 5 minutes to answer the questions. Additional personal questions could be asked to improve the process.

http://www.theglobeandmail.com/globe-investor/personal-finance/household-finances/why-i-wont-be-using-airbnbs-new-online-verification-system/article19290229/

Airbnb should have had a third party for screening of all hosts and members. It did not need to be an intrusive process, however verifying identity, address, etc. should have been the minimal process and stipulations to join the site as both a host and guest. Along with identity verification, there should have been some protection for the hosts. An insurance policy protecting the hosts from vandalism and theft should have been the minimal expected protection. While many consumers realize there is some risk when posting on sites such as Craigslist and Airbnb, the fact that there was a financial transaction occurring made Airbnb’s situation much different. Airbnb needed to ensure their guests were going to have a good experience to retain repeat customers, and the host needed to have the same good experience to ensure they continue to provide their residence as a viable place for guests to stay so they remain on the site and bring Airbnb continued business. A good strategy for this could have been a similar strategy that Uber utilizes. Hosts and guests could be rated after every stay and Airbnb could have ensured that information was public. This would have helped protect both the host and guest, and would have encouraged each stay to be a good one, especially if they were being rated on it and all experiences were exposed for the consumer to see and evaluate.

As a crisis manager I would have definitely assisted EJ as soon as possible. I would have asked that she keep her experiences internal with the guarantee that Airbnb would take care of all of her damages and losses due to theft. I would have immediately initiated the insurance or protection for hosts, and worked to develop a screening and identification process to implement immediately. Along with implementing these strategies to protect the company and its “employees,” I would have made preemptive strikes on social media. Social media can be a very powerful weapon, and when these strategies were implemented I would assure that all followers knew of the new policies and would ask EJ to post something about the quick reaction that Airbnb had after her misfortune. These would be my initial reactions, however as the article discussed my next approach would be to revamp the reviews policies and strategies. Companies such as Amazon and Yelp have reviewers that are followed as icons by customers, and consumers believe they give an adequate assessment of the service. Much like Uber, a rating system could have been implemented immediately on both hosts and guests to get an adequate idea of what their past experiences have been. There are many more strategies that could have been implemented, but I think the key to recovering any negative publicity is speed to action to prove the business is there to protect its clients.

To avoid the “EJ” incident, I think Airbnb should have required both host and renters to provide more information about themselves that included more than just providing a name and phone number. When someone registers for their services they should require more background information that can be used to track down the guests if an incident was to occur such as social security number or state issued identification number and more than one professional reference. For those who may not want to provide private information at the beginning should be required to provide the information once reservation is completed and like regular hotels or car rentals they should have required customer provide a major credit card/banking information which they could use to place a hold on a customer account for the duration of their stay to cover any damages they cause.
If I were a crisis consultant I would advise Airbnb to promptly reach out to any of their customers who voice any concern with their experience. As part of their quality improvement plan, I would also advise that they find and partner with an insurance company that would offer adequate coverage at affordable rates for their customers and either require the guests to buy insurance as part of their reservation cost or give the host an option to waive insurance requirement for preferred guests.

Although Airbnb, had protocols in place regarding rentals such as pictures and descriptions and reviews, as most of us know if you’ve traveled anywhere and rented room at a hotel, it never quite looks like the ‘professional’ picture but at times more like Faulty Towers. Travelers rely more on previous vacationers pictures to show them a realistic view of the accommodation. It seemed that people were anxious to accept renters for the fear of appearing lower in the search results. However it does take a certain amount of trust to open up your home to complete strangers even if you have swapped several emails. Hotels will ask for a credit card on file when checking in to cover any incidentals such as room-service and damages. Had Airbnb taken the credit card to cover expenses it may deter those who were looking to stay in a property with the sole purpose of stealing things or destroying the property. Full names should be given, and even a simple background check. When volunteering as a coach at an elementary school there is a small fee to the local police department, Airbnb could perhaps add this cost into the renters fee, it may deter those with a shady background to think twice.

I think there are several things Airbnb could have done to avoid the “EJ” incident. Specifically, Airbnb could have required more information. The renter should have had to at least provide accurate contact information. Additionally, a credit card could have been required on file to cover any potential damage caused. Technology should be used to cross check the contact information with public information and a nominal amount can be charged to the credit card to ensure that it works. This information could have been facilitated by the Airbnb platform without sharing the information with the host to protect private information. I would expect Airbnb to use some of its investor money to ensure that the platform is protected from data breaches and hackers.
If I were a crisis consultant, I would advise Airbnb to conduct a full investigation on the incident to find out what information would have been needed to identify the person that caused the damage. Since EJ already took the event public without contacting Airbnb, the investigation should be shared with the Airbnb community so members could be assured that steps were being taken to prevent another incident. At the end of the investigation, the Airbnb system should be updated and the community should be advised that more information would be collected on hosts and renters to ensure safety, trust, and reliability in the Airbnb community.

Airbnb could possibly have avoided issues like EJ’s by taking steps to assist their customers. Each of the following steps could be taken individually or together. Although many of theses steps would be hindered by the fact they punish owners for not accepting renters.
Steps:
– Requiring renters to use their actual information (ie full names). Having the full names would have allowed the renter to perform a google search.
– Provide the option (link to sites like instantcheckmate.com) for renters to perform a background check as an option. Leaving it as an option would act as a “verification” process performed by several social media websites that require a photo ID. The verification would show up on their renter profile. Those that perform the low cost background check on their own dime would be more likely to be accepted by owners. Those that do not are not forbidden from the site but lack bidding power.
– Have the renters supply a credit card that is verified and held on file to potentially pay for damages.
Although these steps could help limit the potential for an EJ situation it will not guarantee a lack of damage or theft. Hotels follow the first and third step and still take damages and theft. As a crisis manager it would be smart to recommend to Airbnb to take ownership of the several EJ stories and promise fixes that will assist with safety in the future. Airbnb can implement the many ideas noted in the case as well as those above as extra options for members. I would not make them all required because this would limit the customer base and not all customers are worried. The majority of the fixes noted in the case study would also cost the customers more money or less privacy or both. This may not be what all customers want.

If I were a crisis consultant for Airbnb I would have suggested they respond immediately to EJ’s incident as opposed to being slow to respond and appearing to avoid the situation. Her situation required a higher level of sensitivity which she did not receive from the company. For a company that was looking to rapidly expand, this bad press could have seriously compromised their brand. I would have suggested taking a report of everything that occurred on her property and attempt to rectify the manner in some way. It seems to me that tens of thousands of dollars’ worth of damage is something they could and should have easily absorbed to attempt to make her whole again. You can never replace the memories she lost through her photos and journals but doing the right thing goes a long way when running a good business. Word of mouth is the best form of advertising so while she publicly outted Airbnb on her blog I’m certain she would have followed up with something positive had Airbnb responded in a quicker and more professional manner. I would suggest using EJ’s experience as a learning tool and implement stronger methods for reviewing guests, and for that matter hosts. This would include background checks, possibly hiring local people in heavily occupied Airbnb cities to conduct personal evaluations of users of the site, as well as create a ranking system of satisfied customers. Possibly having “secret shoppers” act as guests at sites that are receiving poor ratings would be a good indicator of service. If continued poor ratings occurred for users, I would suggest removing them from the site. You could also suggest hosts install cameras and security devices to better protect themselves. Lastly, I would suggest looking into insurance that would cover any hosts damage should future incidents like this occur.

If I were a crisis counselor I would advise Airbnb to get right out in front of the issue. Allowing blogs to raise awareness to the “EJ” incident causes a quick erosion of faith in Airbnb. I would advise they implement a stronger background check, but not one that makes it so cumbersome that it reduces use. I would also advise that they not only provide damage restitution to “EJ”, but then add an insurance protection plan for both renters and hosts. When that had been agreed upon, I would put my marketing team to work to share publicly that they not only acknowledge that the incident occurred, but that they were taking steps to prevent such incidents in the future. Finally, after the hopeful acceptance of restitution to “EJ”, I would advise they request a statement of satisfaction that while Airbnb had regrets that the incident occurred, they had done something to make “EJ” feel as if they truly were behind their hosts in the event of incident

I’m really not sure that there is anything that Airbnb could have done in advance to avoid the EJ incident. They certainly could have anticipated that this type of situation could occur. But I’m not sure that they could have prevented it. Their model essentially creates the marketplace where sellers and buyers come together. It’s like Etsy or Ebay. When you create the marketplace, there will always be some who will try to use it for the wrong reasons. I believe this is unavoidable.

That said, I think that Airbnb must address this. Their entire business is built on trust. If the renters cannot have trust in the people coming into their homes, it will directly affect Airbnb’s ability to be successful. I thought the idea of offering some type of insurance was a good one. I think taking on the responsibility of pre-screening candidates is an immensely challenging one for the company, and also exposes them to quite a bit of liability. By offering insurance, perhaps at a small fee, Airbnb can give renters some reassurance, while still remaining true to its model.

I think that Airbnb should have implemented a more secure system of sharing information. The suggestions made in the article to require more complete profiles from users, solicit more detailed consumer and host reviews, prescreen users and make it easier to reject renters should have been implemented prior to the EJ incident. I think Airbnb created a virtual market for something that already exists. Currently at hotels you aren’t asked for background check to grant service but the hotel does require a credit card on file and explains policies to customers that hold them liable for any damages. Airbnb should have done due diligence in making sure safety requirements were in place. Airbnb could institute the following requirements:

Virtual meetings: Provide hosts the opportunity to have virtual meetings with potential guests. This will give the host a better sense of security knowing who will be staying at their place.

Account holds: Airbnb could require a valid credit card on file and place a hold on the accounts of those guests who participate in fraudulent behavior while staying as a guest. You can also require safety deposits or holds on reservations for risky guests.

Insurance: In addition, Airbnb should provide insurance policies for hosts who are willing to participate in the service.

If I were a consultant I would have told Airbnb to make a statement much sooner than they did. Making a statement owning up to the flaws of its system and proposing upcoming changes would have been better for the reputation of the business. In addition, the folks who experienced these incidents should have been contacted and offered some payment to make up for the loss experienced. This would have helped to retain members who would think of leaving. Lastly, I would have the IT department build in new requirements to ensure that members are providing adequate information before being allowed to make reservations.

Is there anything Airbnb could have done in advance to avoid the “EJ” incident?

Yes, AirBnB did bring about a new way of renting someone’s home. However, with other sites such as eBay, Yelp and Amazon, AirBnB should of taken an initiative to protect the homes that were rented. The case mentions several ways to identify and protect each party.

Reviews – This can go either way. Reviews are great for highlighting someones pros and cons but it will not help replacing any items stolen or damaged. Someone can leave a great review as we saw in the case, but observing what has happened after they left the home is another story. A better review system would allow hosts to reject renters they deem “unsafe” or “untrustworthy”

Collecting Information – This would be a great option and should include a government I.D. and/or passport as well as taking a credit card for incidentals like hotels do. This would protect the homeowner and prevent those who wish to steal or damage someone else’s property.

Insurance – This is a no brainer. AirBnB should of realized the risks of strangers renting rooms from strangers. AirBnB should ask both parties to each pay a percentage of an insurance policy for the duration of the stay.

AirBnB’s delay to make a public statement was wrong. It did not show its customers that it truly cared for the wellbeing of it’s renters and hosts. I’ve always wanted to try AirBnB but I cannot lead myself to trust strangers in my home. I would have to have cameras or everything of value moved out of the home.

I wouldn’t go as far as to say that the “EJ’ incident could have been completely avoided, as there is always risk in these kind of ventures. However, there are a few things Airbnb could have done to minimize the likelihood of this event. Airbnb could require renters to provide their real names along with identification confirming the same. This information would not be available to the hosts, unless an incident such as this one arose. Renters would be comforted knowing that their information will remain private unless an issue arises, and hosts would be assured of renters’ compliance. Individuals would be less likely to vandalize property if they knew they could be identified.
Furthermore, Airbnb could require a security deposit from renters. Doing this would deter malicious behavior and provide peace of mind for hosts as well. Many travelers provide credit card information for security deposits at hotels, and this service should be no acceptation.

If I were a crisis consultant, I would advise Airbnb to have some sort of insurance plan available for hosts. This insurance could be provided for a small fee, and would provide coverage for costs associated with theft and/or vandalism.

Regardless of how well thought out your strategy is you will still have criminals who want to commit a crime and will find a way. However, while I don’t think that Airbnb could have prevented this type of occurrence from ever happening they could have easily limited the potential for this, as well as protected the homeowner in an event of such an occurrence.

1. Require every person that utilizes your service to review before they can utilize your services again. This will increase the likelihood of something negative occurring being caught immediately. Uber does this and it protects the customer and the service provider.

2. Provide background check services on everyone who is going to utilize your services. While this may make individuals less likely to use your service this is something that care.com utilizes and I have never had someone come to my house that I have hired that did not pass a background check.

3. Have a process of ID verification to ensure the person renting is the person who showed up at your door. Having a formal process in place will make it less awkward for someone to ask for identification when they show up at your home. Additionally, someone who has provided identification would be less likely to commit a crime as it is truly tied to them.

4. Provide liability insurance. Uber does this, and while it does not protect someone from having a criminal act committed on them, it does limit their burden if something does occur.

I hate to blame the victim here but perhaps Airbnb could have provided some advice to its renters as to what should be left in the home while it’s being rented. While it’s true that EJ did have her valuables hidden behind a locked door, perhaps they would have been better placed in a safety deposit box or with a friend. It’s a bit unclear to me if there is always a host present (the B&B part of Airbnb) but it sounds like that wasn’t the case here. Perhaps they should limit rentals to those that have a host present, to deter anyone who might have unseemly ideas.

It seems like the consensus is that Airbnb could not avoid the EJ incident and I’m on the same page there. If someone wants to commit a crime, they’re going to do it. But as I mentioned in a previous post, you can help minimize the crime committed.
The one thing I think Airbnb could have done is setup a better screening process for hosts and renters. When someone sets up an account they should be required to submit a photo ID and credit card info. Following a background check the individual is approved or denied access to the service. The downside is that joining the site and receiving the service would not be immediate, but trust would be established.
I would think there has to be some sort of automated process where a new user types in social security, provides info from their driver’s license, credit card info, etc and then all of it is automatically sent to a company that provides a background check. The other downside here is that Airbnb is on the hook for any security breaches and people may be hesitant to submit such personal information online.
I also really liked what Nicole mentioned in her post about advising hosts what to do with personal belongings. The only problem is making sure that hosts actually read what you send them or watch whatever video is included. Some people will just blindly click that they have read a document without actually doing it, but that could be used as a way to protect Airbnb.

If I was a crisis consultant the advice I would have is simple: Be honest and do it quickly.
People understand that mistakes are made and they also appreciate honesty. Airbnb could have highlighted that nothing like this had happened in its four-year history and that is was working with the host to recover items while also helping to repair the house. Airbnb should also mention that it’s screening process was under review and new policy would be implemented by a determined date.
By pointing out the number of years people see this is an isolated incident and by mentioning they are helping the host is shows they care. In establishing a new screening process by a certain date they can enhance credibility and restore trust if a new policy is created on time.
The last thing they want to do is delay because it gives the time for the media to dig deeper and the host additional opportunity to create more noise. Just proceed as quickly as possible while being honest and positive outcomes are much more likely.

What a fascinating case! I think AirBnB actually did an excellent job in minimizing these types of incidents prior to the fallout in 2011; if you think about it, they were able to facilitate 2 million transactions without any (or at least many) major incidents up until this point. Based on this, I’d like to focus on what the company should do in the aftermath of the 2011 issue, rather than what they could have done to prevent such problems from occurring in the first place.

I think the company should address the PR and potential safety/security problem using a multi-faceted approach. First, the company should provide insurance; the number of transactions relative to the number of security incidents is of such a high volume, insurance appears to be the least costly method for guaranteeing the safeguarding of property for hosts. Second, a security deposit could be instituted for newly-registered guests, which could be returned after the guests receive a sufficient amount of positive reviews. The security deposit approach could also deviate slightly by dividing properties into “tiers” with high end property tiers requiring a tier of guests which in turn would require a higher deposit. Finally, the company could institute a more formalized and structured vetting system for guests, similar to the one we all have experienced while taking examity tests; having an AirBnB proctor-like figure on the other end of a webcam to interview and check the ID of potential registrants could go a long way in deterring security incidents. That being said, this would likely be the costliest method for enhancing security and would require hiring a multitude of extra staff.

Some of the measures and ideas for improvements that Airbnb is putting into place following the “EJ” incident, including host insurance, ability to reject renters, and the like, will certainly help to mitigate and deter this type of situation from occurring again, but in reality the host is taking on a lot of risk by letting someone into their home. In everyday life we interact with people who we know better than a host can know a renter, and still we don’t really know that much of a person’s personal habits or indecencies. I do not think that there is anything the company could have done in advance to avoid the “EJ” incident. No amount of profiling would identify the type of person that will break into a closet and steal passports, jewelry, and other personal property, aside from a criminal record for a renter who has committed a crime in the past. Any first-time criminals or those who have no record, or those who provide false information, would be able to commit the same acts, and there is not really a system that can prevent that. The host is taking a chance and needs to recognize Airbnb hosting as such.

I think the issue of trust goes both ways. Hosts need a way to verify the identity of their renters to avoid problems like the “EJ” incident, and renters need assurance that the property they are renting is as promised and will be available (last-minute cancellations are not unheard of – this NYTimes article describes the experiences of a family using AirBnB for a road-trip, including a last-minute cancellation by the host).

As several people have pointed out, it would have been difficult to entirely prevent the “EJ” incident, but processes could have been in place to make it harder for something like that to happen. Verifying the renter’s identity through background checks is a good start, but that brings up other issues: who has access to the background checks (how does a renter know the host can be trusted with the information), who pays for the background check (is the fee added to the cost of the rental, does the fee come out of the host’s earnings, or does AirBnB eat the cost to make its service more trust-worthy), and the time and resources involved in doing a background check, especially if it’s a last-minute booking. Also, how does a renter verify that a host is trust-worthy?

When I booked through AirBnB this past December, the site asked me to “verify” myself through a variety of options: email (not the best verification – anyone can create an email address) or by connecting AirBnB to my Facebook, Google, or LinkedIn accounts (it looks for contacts who also use AirBnB, but I’d imagine those are also easily faked). I also had the option of truly verifying myself and gaining a “verified” badge on my profile by uploading an image of a government-issued ID (no thank you – I felt queasy enough about uploading that for Examity) or inputting personal information, including my social security number (again, no thank you). Hosts have the option of requiring a verified ID before accepting a reservation request, but as Chase pointed out in another thread, hosts competing for reservations are unlikely to do anything that makes it more difficult for people to rent their property.

Using AirBnB means you’re taking a risk at trusting a complete stranger, either as a host or as the renter. If you’re not ready to take that risk, then don’t use the service. (The only reason I used AirBnB is because the host was a friend of a friend and I’d been in the house in the past.)

Certainly they should have foreseen at least the potential for fraudulent, unscrupulous, our outright criminal behavior before creating the service, and frankly I’m a little surprised they went incident free as long as they did. A mechanism should have been in place to deter and address, if not prevent, such behavior. Some things they should have adopted were already mentioned in the article – obtaining full names and addresses of users, credit and/or banking info, credit checks, possibly even cross-checking with criminal record databases. In addition maybe they could manage things similar to PayPal where you have to verify your checking account to use the service. One final idea is to run the service similar to a hotel wherein they charge a certain fee up front, say $500, for “incidentals” and/or keep your credit card information on file for the same.
Whether or not Airbnb could have prevented the EJ incident is ultimately inconsequential; the incident happened, and now they must address it. If foresight measures were in place such as charging incidentals this could be one solution. Another is to implement an insurance plan to reimburse users who file claims; this may require an entire investigation process if the claim is over a certain amount. Honestly some combination of all of these measures should likely be used.
We can all remember when eBay was founded and how paranoid everyone was about the internet back then. I feel a certain degree of trust – for better or for worse, and whether warranted or not – has developed among the generally educated, internet-using public: we see a site with comments and reviews like Amazon or Facebook and generally trust the source. Certainly then there is some degree of responsibility that falls on the part of the user. However ultimately the company would likely be held liable and should take some of these recommended steps to prevent and address unwanted behavior. This behavior not only makes users unhappy but could potentially disrupt their entire business model.

While I don’t think that this incident could have been prevented, I do think there is plenty that Airbnb could have done to reduce the chance of the EJ incident but I don’t think that it really cared. Let’s face it, they were a startup that was flying at an incredibly fast pace and doing an incredible job disrupting the hotel industry. Airbnb’s slow response rate is evidence that they didn’t seem to care too much about this. After all, with the volume of traffic and transactions that were taking place, one isolated incident was probably not a big deal to them initially. While the incident was malicious, the chances of an incident like that could have been reduced if there was some sort of Risk Management protocol. They do allow security deposits but it wouldn’t have mattered in this case but if an ID and credit card were on file, it may deter someone from committing a crime like the EJ incident. Another option to minimize the risk would be to beef up the profile process. Although these are only suggestions, Airbnb would need to make them mandatory otherwise, you would be forcing the hosts to compete with others who might not want to participate which would be more or less an unequal playing field.

After reading Arun Sundararajan’s article heaping praise on Airbnb, it’s no wonder that an incident like what happened to EJ might occur. Creatying a feeling of community and partnership is nice, but a feeling of security should be the first order of business for an online market in which there are no first (or sometimes second or third!) person interactions taking place. I rent a two bedroom condominium and I would be very uncomfortable inviting it to be used through an online marketplace unless I knew that a reliable agent was checking the renter in and requiring a security deposit (or a hold on a credit card). I think Airbnb should have been more pragmatic about this in the first place, performing background checks (relatively inexpensive to perform nowadays) and requiring security deposits from individuals wishing to rent through its services. It seems that in Airbnb’s world, they get all of the investors’ money, while it is their property owners like EJ, (who placed her valuable things in a locked closet) who take all of the risk.

I really think that no matter what would have been done, the “EJ” incident was only a matter of time. I would hope that Airbnb learned from it and continues to put as many obstacles in place to deter that behavior and prevent it going forward. I think the worse fear is that you would have at Airbnb is a “Craigslist Killer” situation. That is something that crossed my mind when thinking of Airbnb services. How do you know this person that you are renting to isn’t a complete psychopath? At hotels you can for the most part ensure a good sense of security, Airbnb is limited to what they can provide because it’s not their residence or ultimately their decision.
If I was a crisis consultant my advice would be to respond and “make it right” immediately. Pay for the damages and make the problem go away. In the long term it is a small price to pay to prevent the damage that can occur from negative publicity. Once you make the problem go away, you are then able to focus on prevention of the problem occurrence. There is no benefit of lingering in decisions or analyzing what should be done. If Airbnd culture is that of a “welcoming community”, then that culture needs to be represented in the compassion and empathy that they show their customers. EJ lost not only money but meaningful, irreplaceable things. In my opinion, Airbnd should of not only paid for all of the damages but perhaps even determined if going above and beyond payment for damages would be beneficial in this case. That type of action would be reflective of the culture they are trying to create. People who use Airbnb should know of the risks before hand. If Airbnd would have reacted and made it right immediately, they would have been able to take a negative and make it a positive by focusing on how the positive fashion in which they reacted.

1. Is there anything Airbnb could have done in advance to avoid the “EJ” incident?
Could Airbnb have predicted the “EJ” incident? No but there are steps they could have taken anywhere from 2007 up until the incident that could have decreased the likelihood of something like this from happening. Crime to an extent, is inevitable in industries like this. That is the reason why hotels make you put down a credit card on your room or why online retailers like Ebay and Amazon offer buyer/seller protection because there are people out there who are looking to make a quick buck regardless of the consequences. Airbnb should have focused more on vetting customer’s backgrounds and credibility before allowing them to just book a room anywhere. The article mentioned several ideas going into the future and I think two of they would have helped prevent this incident. The first being, a more advanced pre-screening of guests and hosts. If basic information like arrest records were available to hosts then they would have more information before deciding to book someone. The other idea I liked was allowing a sort of “Ebay buyer protection” service for hosts which could cover them for damages brought on by customers. I operated a duplex beach house with my parents while I was a teen and we ran in to similar issues as these and it is in fact hard to find a fix all to prevent these situations. The best advice I can give is for Airbnb to vet their customers more and make that information available to hosts.
2. If you were a crisis consultant, what advice would you give to Airbnb on how to handle incidents like this?
I think the first mistake that Airbnb made in the days following the “EJ” incident is that they didn’t take a proactive approach to resolving the issue. They should have quickly released a statement and then started helping the host in whatever way they could but instead they initially pretended nothing really happened. This resulted in growing bad press which ended up hurting them. Their second mistake was then not put any changed into effect after this whole situation played out. They should have at least started some sort of buyer protection program in order to help prevent similar incidents in the future. The media can be a powerful tool and Airbnb should have utilized the media to their advantage.

The biggest challenge is maintaining trust, both by the host and guest. It is difficult for the host to trust potential renters because several homes were destroyed and valuable items stolen. It also, poses a challenge to the guest because the host that rented the room misled them. Both resulted in negative reputations, causing Airbnb customers to decrease significantly. Airbnb online system was missing a lot of information, such as incomplete profiles, that would make any customer feel uncomfortable about renting. Airbnb also had weak customer reviews and they actually penalized host that turned down reservations for a posted room, making that host appear lower in the search results. Airbnb online system need to prescreen hosts and guest (credit card record, background check, etc.); also provide insurance for host in case property is damaged or stolen and for customers that get a room in bad condition. They need to immediately rebuild the company’s reputation and regain trust. Use a customer review system like Yelp, because this would increase the confidence between customer and host. Improve the customer review system, regarding a personal profile within their system, where each user must provide their full name and picture ID. Also, host would not be penalized for turning down reservation requests. Discounts should be given to repeated customers who receive high reviews. If Airbnb had these suggesting’s in place they could have avoided the EJ incident. These improvements should increase Airbnb reputation, as well as sales.

Is there anything Airbnb could have done in advance to avoid the “EJ” incident?

I believe in new transformational business models like Airbnb its very difficult to predict what the outcomes, issues and roadblocks will be along the journey. AirBnB essentially disrupted the traditional hospitality business model with its innovative approach and its very difficult to predict issues like what happened in the EJ incident. What happens after an incident like EJ is more important because it shows how quickly AirBnB will react to address its customers, suppliers, partners and its public image. Having ratings, reviewers, security deposits and other safety mechanisms is something easy to conceive one a problem occurs and its clear what the problem your solving for is however its much more dificult in my opinion to institute a process in advance of an incident when your charting new territory. If the same type of incident happened like EJ in a regular hotel it could be claimed that the hotel did a poor job as there is plenty of operating history of hotels to understand people would break items in rooms, steal items etc. I think the phrase you live and learn is applicable in this case Airbnb has evolved its business model. Similar incidents have occurred with Ebay, Amazon, Facebook and other new business models where customer behavior is hard to predict and you cannot design safety systems for every possible scenario without stifling innovation.

If you were a crisis consultant, what advice would you give to Airbnb on how to handle incidents like this?

As a crisis consultant I would advise Airbnb to communicate and engage with their customers and suppliers. AirBnB’s response to the EJ incident was appropriate in my view. Having a plan to address the incident and mitigating the fallout would be key.

Apparently, Airbnb overlooked some very fundamental questions while focusing on the development of its unique new business model. Airbnb was effectively building a company around a group of geographically separated people who were not actually their employees and physical resources that did not belong to them. Given this, there seems to have been a shocking lack of foresight or basic risk management at work in the days leading up to the EJ incident. Clearly, more should have been done. While hindsight admittedly is 20/20, if the planned core operation of my business consisted of facilitating the online connection of two complete strangers to arrange temporary unrestricted access to privately owned or rented property, I’d think that one of the very first questions I’d be asking myself after “how do I effectively monetize this idea?” would be “what could possibly go wrong?” From there, it really wouldn’t take too much imagination to foresee someone’s home or apartment being mistreated by someone who really shouldn’t have been allowed access to it in the first place.

The article gives me the impression that the rules Airbnb established regarding the pre-registration communication process were centered primarily on ensuring the maximum number of stays, and that potential renters and guests were not allowed to circumvent the registration process and arrange a stay outside of the Airbnb system. For example, customer profiles were incomplete to the point of not even requiring a full name, and renters were effectively pushed to rent, even when they were not comfortable with a potential customer’s profile (or lack thereof). Given that we’re talking about people who aren’t actually employees and properties that not only don’t belong to the company but also are the private homes of said non-employees, I’d think that requiring potential renters to provide more information to the company would be an essential step. Also, while I understand that more rentals means more profits, pressuring renters to put their private homes at risk in the absence of sufficient information regarding who they’re letting in just doesn’t seem like a solid practice in terms of risk management or from a business standpoint. In addition, I think moving forward with this kind of business model without offering both renters and rentees some form of insurance against damage to private property resulting from an Airbnb rental borders is irresponsible.

“If you were a crisis consultant, what advice would you give to Airbnb on how to handle incidents like this?”
The first step for Airbnb is to have a crisis management plan in place to respond incidents. The plan would include a well-organized communication plan, both internally to the renter and host, as well as externally to the media and interested parties. Communication is essential to ensuring there is not long-term damage to Airbnb’s reputation or brand. After putting the post-crisis plan in place, Airbnb should develop risk control and risk financing strategies to avoid these types of events in the future. Some methods of risk control include more advanced rating systems for renters and hosts and background checks for users. In terms of risk financing, Airbnb could require security deposits from renters or require a credit card hold for incidentals. Along the same lines, Airbnb could provide some sort of insurance mechanism for hosts, and then re-insure themselves on the back end for major losses.

There were several precautions Airbnb could have taken to reduce the risk of the incident. Several are outlined in the case. I can’t fathom the idea of either renting my room to a stranger or staying in a stranger’s home without some kind of background check. We have friends that use Care.com to hire nannies and babysitters. Those interested in marketing those services have the option to undergo a background check. Those individuals pay more for that certification. On the other side, users can search for sitters with or without a background check. Obviously they will pay more for someone with a background check. I think Airbnb should adopt that same model. The costs can be built into the fees, which in turn can be increased by those certified with a background check. Now that isn’t to say that this could not have happened with background checks but the risk would certainly be reduced. Additionally, Airbnb should offer training and education to renters on the potential for crime and how to mitigate it. EJ has to take some personal responsibility for leaving so many valuable belongings in the house with an unsupervised stranger on the property. Maybe with some education and training, she would have prepared her home differently.

I would recommend that Airbnb should have prepared for this crisis in its infancy and had a plan of attack in place to combat this kind of press. Unfortunately in their kind of business, it is hard to believe that criminals wouldn’t be enticed to exploit their system. That said, Airbnb needs to address this immediately with press releases and have a media expert within the company ready for interviews. Airbnb also needs to announce and deploy some kind of process to mitigate similar crimes from happening in the future. Finally, Airbnb should offer assistance with any criminal proceedings as well as assist the renters with some kind of financial resistution.

If I were a crisis counselor for Airbnb I would follow the advice I found online at http://mashable.com/2011/07/29/airbnb-pr-crisis/. The site does a good job of showing how companies have to absolutely be credible when they respond to a crisis and that anyone who gets involved in responding needs to know their facts. A response to the article that is on the site shares this information:
Caroline McCarthy @caro’s suggestions are:
• 1) Don’t let the past come to haunt you. The incident happened at the end of June. Had Airbnb gone public with the incident and used it as an opportunity to teach its users better ways to keep themselves safe, the company wouldn’t be in the position it is in today.
• 2) Don’t make claims you can’t back up with certainty. CEO Brian Chesky said Airbnb “has been in close contact” with EJ since the incident, but according to EJ, he’s simply not telling the truth. If it’s true that Airbnb cut off contact after she put up her blog post, it’s a damning portrait of Airbnb’s values. Chesky should never have talked about the incident without verifying every detail of Airbnb’s interaction with the victim. Better yet, the company should have talked with the victim before issuing a statement that utterly backfired.
• 3) Treat the customer as sacred, even when you’re angry with the customer. Cutting off contact was clearly the wrong move (if true). While we don’t know what kind of overtures Airbnb made to the victim, it seems clear it needed to do more to appease her. A blog post where EJ wrote about meeting with the Airbnb team and getting financial and moral support from them would have changed everything.
• 4) Serve the customer, not your own interests. The greatest mistake Airbnb made in this incident was reportedly asking EJ to change her blog post or take it down. That approach is certain to backfire, as it did with Airbnb. Focus entirely on the customer’s concerns during a crisis and disregard self-interest. The first thing on Airbnb’s mind should have been helping the customer, not containing the potential damage. If you go above and beyond the call of duty, the customer will reward you. If you don’t, the customer will punish you 10 times harder.
• 5) Be in constant communication with the customer. EJ emphasized how “wonderful” the customer service team was to her in her original blog post. In her second post, she accused the company of delivering a veiled threat to her. You can’t predict how customers will react at any stage of a crisis, so have a plan for multiple contingencies and stay in constant communication with affected customers so they aren’t surprised by any public statements you make.
• 6) Set the record straight. Customers lie. Companies lie. Victims lie. Reporters lie. There are so many conflicting points of view in a crisis that the truth can be hard to discern. Provide every detail you can to your customers, and come clean about all of your mistakes (an FAQ is a great format). Nothing short of this will clear the air.

I have been fan of the Airbnb website since my first exposure to the website two years ago. Since then, I have stayed at seven different properties in three different countries. All of the interactions have been phenomenal, without any issues from host or even the properties that were offered by various hosts. I have also had experience with finding and renting properties through competitors, such as Homeaway, but the responsiveness and credibility of host on those websites haven’t been too great with my experience. Although my experience has been perfect with Airbnb, EJ and few others weren’t fortunate hosting guests at their property. First off, I would agree with reviews that Airbnb might have not taken fast enough actions. However, I completely do not agree with all media focusing on the handful negative reviews of a growing innovative website. In my opinion, no business start off ensuring that they are delivering a business model that is 100% beneficial for their customers. Similarly Airbnb’s initial strategy may be to ensure they are able to deliver 95% of the time, building 5% risk into its business model. EJ and others probably became victim of the 5% risk appetite the firm had opted for. Thus, I don’t believe there was anything that Airbnb should have done in advance to avoid the incident that occurred with EJ. Once the incident occurred, the company should take appropriate steps right away to mitigate the newly identified risk area. Eventually, the company did take action to mitigate risk by improving its customer screening, along with providing a protection to both host and guest. The protection program shall work with insurance companies help with the investigation of the damages to the property; thereafter, reimburse the host on the incurred damages. As companies across various sectors under hyper-growth, they need a program in place to ensure they are able to act immediately on any unexpected risk areas to minimize the negative impact from the media in today’s cyber social world. Recently, we have also witnessed Uber undergoing scrutiny from media and competitors about a rape case in India. Just like Airbnb, the event would be occurred outside its targeted risk, which could have occurred with any similar business model. However, pressure from competitors and activists makes a ‘mountain out of a molehill.’ Thus, best course of action for all such companies is to act fast, acknowledge issue and disclose mitigation strategy to public to minimize impact to its reputation.

Before reading this week assignment on Airbnb I was not aware this company existed. First, I think that the business model is great and it could be extended outside of renting rooms per night. As an example, similarly to high-end hotels it could have a real estate section dealing with buying and selling properties. It is my opinion that in 2011 at the time of the “EJ” reported accident a number of improvements in the background checking security system were needed at Airbnb. Also, generally speaking it is very easy to blame people or corporations retrospectively after the facts (in this case EJ’s horrific experience), and should not be forgotten that “issues” help organization to get better, if a proper remedy plan is developed and implemented as a result of a system failure. Finally, if we look at Airbnb as a virtual hotel, in fairness to Airbnb to properly judge how safe is to do business with this corporation we should compare its safety to the ones of the regular hotels. After seeing the pictures of EJ home office published all over the web, I doubt incidents of this same magnitude can happen in regular hotels. However, I do not exclude that episodes of vandalism are commonly seen in hotels in greater numbers and smaller entity. Therefore, the question becomes: “was this expected, and were proper precautions taken in advance?”

1. It goes by itself, that the best way to prevent vandalism is a proper background check for the costumers renting a room or an apartment. Being properly insured, and issuing a contract of limited responsibility with the host is also very important.
2. In my opinion, full transparency is necessary to properly handle cases like the EJ accident. Taking responsibility for the event will show how serious Airbnb is about protecting its costumers. Compensating the costumers for the damages, according to a pre-set insurance policy is due and expected. Developing and implementing a remedy plan to prevent a similar system failure to occur again will help Airbnb to regain the costumers’ trust. I remember years and years ago hotels used to have a centralized safe to store valuables. In the more recent years safes have been installed in every decent hotel room. Similarly, people that would like to engage in business with Airbnb should be encouraged to have a safe in the house to store valuable left in the house while renting rooms.

In my opinion, Airbnb placed too much reliance on their review system for securing confidence in both renters and hosts. It failed to protect either side from simply misrepresenting their intentions, which allows for undue harm. These types of systems depend heavily on user reputation, which is often generated by reviews. Unfortunately, these systems have many flaws (biases, missing information, misleading information, collusion, etc.).

They may have avoided their “EJ” incident (and similar situations) had they collected additional information about their users, disseminated this information to users and restricted use of their services to only those qualified and trustworthy. Airbnb could require stringent completion of detailed user profiles, without exceptions. They should demand that users agree to accept random investigations, whether in the form of property assessments, user interviews or background checks. Background checks would clear many questions regarding users’ criminal history and if Airbnb sets and upholds standards, users of Airbnb can comfortably know a particular historic level of lawfulness is met by their merchant or guest. If the additional cost of this service worries Airbnb, they can consider passing this down to their merchants and guests as protective service option. Such a service may create another revenue stream for the company.

In response to both questions 1 and 2, I believe that Airbnb’s reaction to the EJ incident seems to be reactive rather than proactive. There are many ways that incidents such as that encountered by EJ could have been prevented from the beginning. Although there are many things the company could have done in advance, I believe that collecting additional information from the host and the renter, providing insurance and performing diligent prescreening of both parties prior to allowing a transaction to occur would have led to a more successful business model. In example, as part of the prescreening process, the company would run a background check, a credit check, and full personal information (to include social security number, full names and addresses) on all customers. Furthermore, since the company’s bottom-line and reputation is on the line, the company should perform an independent verification on the abovementioned information to ensure accuracy. I know some of the ideas I am suggesting seem a little extreme and expensive; however, we are talking about people’s homes, personal belonging, or family memorabilia which are not easily replaceable. From the company’s perspective, we are talking about legal and reputational risk; which again are not easily mended once tarnished by bad publicity. Lastly, providing insurance for both parties would create a sense of security and responsibility. If both sides were forced to purchase insurance, there would be a sense of accountability. I know it’s important to see the good in people, but you should always be cautious; there are too many untrustworthy people in the world. As a company, Airbnb is responsible to ensure that all of its customers feel safe, regardless of the bottom-line.

As a crisis consultant, I would advise the company to first make a public apology and then immediately implement new policies and procedures to ensure that similar incidents never occur, or less frequently. First, the public apology shows that the company is honest and willing to admit that they were wrong; increasing public trust. Second, the implementation of new policies and procedures will allow the customers (host and renters) to feel sense, again gaining the publics’ trust. Let’s not forget, this company is heavily reliant on the public and the public opinion.

For this question, I also found a news article by Fox News which described other horror stories encountered by Airbnb customers. To be honest, after reading the class article and that of Fox News, I don’t know why anyone would ever use this company, I know I will not. (http://www.foxnews.com/travel/2014/05/08/10-incredible-airbnb-horror-stories/)

If you were a crisis consultant, what advice would you give to Airbnb on how to handle incidents like this?
Timing is everything as I learned in a risk management course when it comes to addressing corporate crises. Airbnb should have reacted quicker as delay insinuates incompetence. Press releases should have been quickly made regarding their efforts to resolve the EJ incident as well as proposals on how to avoid or prevent such situations from happening again. I would also recommend providing a discounted fee to the host for a year as a means of showing good faith to its customers. As mentioned in my previous post, I would also suggest Airbnb to offer background and credit report checks services to the hosts to help in avoiding these situations and for EJ, the service should be free for a year.

It is surprising to me that the company wasn’t prepared for this type of situation considering the risk associated with hosts opening their homes up to the public. Another suggestion for the company to be proactive is to purchase a liability policy that would cover Airbnb in the event a host tries to sue the company. Perhaps this subject is addressed in their contracts but it is better to have more coverage than not enough.

Airbnb is in a challenging position. Their business is providing a posting site where hosts post available properties and potential renters search properties. The two parties communicate through the website but the actual business relationship is between the host and customer. Airbnb is not in the rental business nor in the renter screening business but, when something goes wrong, Airbnb is the “entity” that receives attention. Though the attention and often blame is misplaced, Airbnb must recognize that their business of enabling connections places them in the position as being the “company” and therefore the party receiving attention, blame and press.
Though Airbnb provides only the connection platform it certainly is in their best interest to portect their business by helping host and renters have positive experiences. Airbnb might have offer options for background checks, credit check, or renter references. Regardless however, Airbnb cannot guarantee there will never be criminal activity. This is a risk every host must understand is part of their business.
Airbnb’s handling of the crisis should be centered on public communication on their sympathy for the host, that criminal activity is the responsibility of the criminal and Airbnb is helping in every way possible to find the criminal. Airbnb’s cannot accept responsibility for the criminal act. Airbnb can use their rating system to discontinue accounts, extend secondary insurance as they have, and provide information and education to host on ways to protect their business. Airbnb must establish themselves as caring and helping but not as responsible for someone else’s business decisions. Hosts will rent to customers through a number of sources; online, word of mouth, flyers, and Airbnb. Though Airbnb has no more responsibility in the Hosts choices in renting to individuals, Airbnb establishing a concern and supplemental insurance helps maintain host willingness to use their posting service.

Premier online marketplaces and online reservation systems have clearly become the wave of the future for today’s consumer. Nearly every type of service from room rentals to transportation can have an online transaction facilitated. In the case study regarding Airbnb, security precautions, the disclosure of extensive, detailed consumer and service provider information, and adequate public reviews appear to be the three key major components to prevent incidents. In the case of Airbnb, it was obvious that the company had faults within the system after certain members of the site suffered from disturbing incidents which involved vandalism and theft when renting out their homes to travelers.

I agree that Airbnb needed to implement several initiatives to ensure safety within it’s online marketplace in addition to improving its overall reputation as a loyal and trustworthy service. First and foremost, they must gather additional information about both the hosts and potential renters to maximize security and prevent future detrimental outcomes. Complete profiles for both parties should be mandated by the service. For example, a renter cannot continue on to requesting from a host until all of the required fields are filled in. The site can use a red label or asterisk showing that the field is mandated. In addition to this, prescreening is a potential option to ensure adequate background checks prior to allowing them to continue with the transaction. There may be several hosts and renters who do not feel comfortable with this due to invasion of privacy and also financial costs. Airbnb needs to outweigh the pros and cons of implementing this. In my opinion, if pre screenings are implemented, the company may lose some customers due to resistance, yet by not implementing it, Airbnb may potentially lose a great amount of members due to the continuation of negative events as previously mentioned. Insurance for hosts is also an option as companies such as eBAY have implemented this and found success. I am also in agreement that Airbnb needs to get rid of their policy which penalizes hosts for rejecting renters and putting them lower on the search engine as a result. This really does put the host in a precarious situation as they feel pressured into hosting an individual that they may not feel comfortable with. Again, all these initiatives are needed as the primary focus should be on customer safety. Overall, Airbnb needs to implement a new customer safety policy which elaborates on all of these key initiatives which should have already been implemented and disclose them prior to new customers joining.

As far as customer reviews, this can really make or break an online reservation system such as Airbnb. Airbnb appears to be behind when it comes to having a top of the line reviewing system such as Yelp and even TripAdvisor. Reliable reviews are essential as they can also assist Airbnb’s security process. I agree with the recommendation of implementing elite reviewers. These types of reviewers are deemed credible and the average consumer is more likely to take their review seriously than an unreliable resource such as a one time user who used the review system for personal gain or to just simply vent. A reward system for reviewers is also a good initiative, but must be carried out wisely and with caution. Again, the idea is to encourage the consumers to provide adequate, reliable reviews which will ultimately result in future customers and overall business growth for Airbnb.

Airbnb’s concept being quite new and the potential concerns being present from the outset opened them up to the potential hazard of the EJ incident. Certainly, more precautions could have been taken but perhaps to what effect and detriment to their success and growth as a young business. I have used Airbnb only once for trace in Paris and noticed that there is more uptake and acceptance as a relatively safe and reliable alternative to standard hotels. The process I had to go through to be able to rent a room involved getting 2 other users to sign up and write personal reviews about me as a person and as a host. The more information is detailed and verifiable, the safer the renter can feel about a user. To some extent, Airbnb could consider implementing a more formal background check process but it would have to be subject to local laws in each jurisdiction they conduct business. I personally feel as a user of Airbnb and I suppose a would be potential renter if I wanted to make use of my apartment, that you have to consider taking adequate precautions yousef if you want to become a private hotel. First of all, EJ should never have kept any personal belongings on the premise or at risk for theft. Second, that individual is responsible for their own “background check” and review of data about their consumer. Airbnb certainly puts themselves at risk for this type of outcome, but I don’t believe they should be responsible. Unfortunately, the PR fallout as a result is something they are tasked with mitigating.

As a crisis consultant, the most important thing is counseling Airbnb to deliver accurate, thoughtful information information and response to the community of Airbnb users. First and foremost, you would want Airbnb to be discussing with police and their legal counsel what sort of recourse their renter will be able to seek and making sure other renters on their community feel as though they will be protected and assisted in the unlikely event of a recurrence of this type of event. Clear information and regular delivery via something like a blog would be appropriate for their community. As their crisis counseled it will also be necessary to suggest that they reiterate to their rentering community that they be vigilant about accepting thorough and meaningful reviews of potential customers. I would suggest a proactive response to improve the type of information required for customers to be able to rent inside the community and make it apparent that the change is taking place thoughtfully but as rapidly as possible. No matter what, you will want Airbnb to seem as though they deeply care about their customer’s safety before any consideration of profits or revenue.

If I were a crisis consultant, I would advise Airbnb executives to assume the risk and take responsibility for what has happened. First, they have to clearly articulate any risks associated with renting their properties and what they are doing to help mitigate these risks. Going forward, I would recommend they change their information systems to perform security measures to screen prospective guests when they perform a request to rent a property. Guests should be required to fully complete their guest profile, by entering their first and last name, and social security number for a background and credit history check prior to the host excepting the rental. If a credit history comes back lower than the average credit score, a co signer should be required in order to rent their property. If any criminal activity is noted from the background check, the system should automatically eliminate them from being allowed to apply for a rental property. Guests should have to complete a rental agreement similar to renting an apartment with Airbnb which includes signing a liability contract stating that they are responsible for any damage that is caused or stolen property. Airbnb should also prosecute guests for vandalism who damage property with the local and federal authorities. Airbnb could also provide users with insurance to further protect them from the risk of their property being damaged. This will make them feel more secure about using their services. A percentage of the 3% booking costs users have to pay for each transaction can be used towards paying for an insurance policy. Airbnb, has to make customer service apart of their culture to first protect their users and guests, in order to provide them with an enjoyable and safe experience.

When I think about the risks that hosts and clients take by using Airbnb they are essentially the same as in a traditional hotel or landlord type situation. The renter has the risk of not getting what was advertised and the business (host) has the risk of damage from the renter. In the business world the “hosts” have insurance to help deal with the risks associated with their line of work. Since I have never been a host for Airbnb I don’t know if they require their hosts to have some kine of insurance but that would be one thing they could start requiring. If they wanted to go a step further they could even help create or identify insurance companies to provide insurance directly related to this type of business. This would help transfer some of the risks to a third party and just by making insurance a requirement would bring the thought of security to the hosts before they agree to rent. This also makes me think that hosts should make sure they’re covered for liability should any renters be hurt on their property.
If I were a crisis consultant I would do what many others have already suggested. To address the issue as quickly and transparently as possible. Provide support for the victim to seek restitution and cooperate with the investigation. I would then advice that policies around security be reviewed and become a key component in their mission and visa. Their policies should be prominent on the Website and any and all information going to hosts and renters. I would also suggest adding security to the training and networking events they hold for their hosts to help solidify security as part of their corporate culture.
To help address the feeling hosts have about being ‘forced’ to take renters in order to keep high standings, they could introduce a way for hosts to raise concerns about the renters they are uncomfortable with. This would allow the company to do some due diligence to help collect more information from the renters if appropriate. They could also have a way for hosts to give confidential feedback on renters after their stay as a way to identify red flags for future hosts.
Ultimately there is no way to illuminate all risk but the company can take some steps to try and prevent as much as possible and provide support when incidents do occur.

Private lodging is generally a highly risky adventure that demands a height of personal responsibility from both the hosts and the guests. Obviously Airbnb had no sufficient risk management system in place prior to the “EJ” incident. The initial security screening process was vague and unreliable. Guests were not required to provide their full identification while applying; this alone was a catastrophic blunder without limits. Also, hosts were being penalized for declining reservation requests. Perhaps Airbnb should have investigated into such actions prior to imposing penalties. There may be valid reasons for a host to continuously decline reservations. For instance, a declined (suspicious) customer could attempt several requests under different identities, especially since there were apparent loopholes in the screening process.

Although the victim in this particular case was the host, it could have been vice versa. There could have been a burglary or robbery where the guest falls victim. There is even a possibility for unintended incidents such as fire, leaving both parties with valuable property with massive irredeemable loss. Thus, there is a need to implement improved safety and security initiatives for both the hosts and the guests. If I were a crisis consultant, I would advise the following:

• Allowing credit card only, no PayPal, etc. for rental payment and security deposit.
• Offering insurance options to suite both hosts and guests tastes.
• Implementing an enhanced internet security department and technology.
• Creating an investigation department that oversees declined reservation requests and triggers alerts when necessary.
• Accepting government-issued identity cards or passports only.
• Offering security surveillance options with instant feedback for hosts. At least an exterior surveillance to monitor suspicious activities.
• Providing security and safety training education for both hosts and guests.
• Installing alarm systems for hosts in certain areas of the residence.
• Implementing integrated profile security check with other rental services.
• Improved reward system for regular raters.
• Adding closed-ended features to reviews to pinpoint main security concerns.

Airbnb wants to get as many users signed up as possible in order to obtain a higher valuation from investors. I feel a lot of these users aren’t really prepared to handle such situations of renting out their houses and are just doing it for the cash. For example, someone in Calfornia rented out their house in excess of 30 days and because of California law, the rentee/renter is considered to have a month-to-month lease and the renter has to go through the eviction process to remove the rentee from their home (http://www.businessinsider.com/airbnb-host-cant-get-squatter-to-leave-2014-7). Airbnb has said it’s up to the renters to understand the laws of their state. However, recently they just paid millions to California in hotel taxes that the state assessed on the company (http://www.sfgate.com/bayarea/matier-ross/article/M-R-Airbnb-pays-tens-of-millions-in-back-6087802.php).

Even though it might deter potential renters from using their service, by properly educating potential renters on all aspects of renting out their houses would make the renter more educated and make smarter decisions. By making the initial investment, even if the renter has just one bad experience, I feel that the renter would still give the service another try in the future. It would also save the company money and resources in the long run by not having to counter bad publicity and fees to make the renters whole again. It also would make the service more credible for customers and investors.

I think that ultimately a similar fate that has beset Uber will likely begin to further impact Airbnb. As mentioned by Jon, the valuation of the company will continue to increase with increased usage. Additionally, the increased usage will also bring about increased scrutiny from those that compete with Airbnb, namely hotel chains. Similar to Uber, as Airbnb is considered to more of a threat, hotel chains will take action to force cease and desist orders.

It is very interesting to know the existence of such a company. I have been a renter for years. The information presented here is very useful. As a renter, I have been very cautious on online trade. As we know, some renters or hosts may specifically block some information with lots of bias, some hosts may pay some reviewers or renters to review them more favorably. On the other hand, the profile of renters could be faked. To provide insurance to both renters and hosts are absolutely necessary. They also need to screen renters and ensure they give deposit for possible damages as their business model increases vulnerability of hosts more than renters. In addition, increase prescreen of hosts and guests also help, as well as a bonus program for excellent experience of being a host or guest. Most importantly, the Airbnb should have some measures or policy to limit or minimize any damage from individual case. I think the most important part for any hosts are whether a renter had any credibility to maintain the property as it is and treat any property like their own. Otherwise, I would be very hesitate to lend my property. As a renter, I would expect what I paid for would match what they offer in Airbnb site, and get reimbursed if the property fail to provide what they promise in the listings. The trade has to be fair and reliably to both hosts and renters.

While it would be impossible to perform a risk assessment for every imaginable (and unimaginable) scenario out there, Airbnb could have implemented additional measures prior to the negative press that followed the “EJ” incident. Airbnb in is quite a predicament as it is merely the platform that links hosts/guests and does not own any of the properties. For continued success, it is vital that the integrity of the services they facilitate is safeguarded and that all parties have excellent experiences. Like Eric, I have friends that use care.com for daycare. Background checks at an extra layer of credibility for both renters and hosts. Guests should also be required to provide at least three personal references or previous landlord information to the host in order for them to make a more informed decision. As mentioned in the case, the company should also relook some of its policies that penalize the host for rejecting renters. After all, it is their property and, if they are not comfortable renting their home to a prospective guest based on their profile, they should not be punished for not confirming a request.

Airbnb cannot predict, prevent, or war-game every conceivable scenario that their clients could possibly encounter. No amount of risk mitigation planning can preclude human stupidity as evidenced by the nightly news. Unfortunate events will always occur, however, the company has enacted policies to discourage and limit its frequency. Crisis management needs to be effective, proactive, and sensitive to victimized party. Immediately the company should publicly address the incident and provide as much factual information as freely as possible. Pending the results of any initiated criminal investigation, Airbnb should consult their legal and public relations teams for additional strategies to get add of the negative publicity. Furthermore, the company should integrate internal processes and create training programs to help prevent future events.

I’m not sure that I would ever consider renting my home to short term guests. Like Diane mentioned, there is potential for significant earnings during large events like the Pope’s visit or the DNC (Eric’s idea). However, in situations like these, I tend to err on the side of caution as you never truly know who is entering your home (or who they’re bringing with them). Take these yahoos: http://orbirental.mysharebar.com/view?title=FOX+11+Investigates:+Triple+X+Rentals&iframe=http://www.myfoxla.com/story/27463355/tonight-at-10-pop-up-brothels. If I found out that a waannbe rapper/transvestite hooker used my place as a recording studio and then a brothel, I would probably list the place the next day because I wouldn’t know who knew my address at that point. I don’t want to say I’m unlucky but I could easily see myself giving the same interview as the guy at the 1:13 minute mark. On the other hand, imagine being these renters who were awakened by an incoherent host (http://www.businessinsider.com/bi-employee-has-airbnb-horror-story-2014-6).

I consider Airbnb to be a middleman between the host and renter. In my mind they are a website provider not really responsible for the content. That is the extent of their service. No different than Craigslist, really. Due diligence rests with the parties providing housing and those looking for a place to stay. I have, in the past, used similar services to rent apartments in France and Belgium via similar sites without any issues.
It would be not an easy task to forecast unpredictable behavior therefore highly unlikely to take any preventive measures by Airbnb. Instead the responsibility lies with the host. Most crimes are those of opportunity; leaving valuables on the property would not be a wise choice. Any damage or theft becomes a criminal matter for the local authorities and not something Airbnb could prevent or handle.

As far as consulting advice given, I would say that besides using common sense and removing personal valuables and artifacts, the recommendation would be for Airbnb to provide the option for insurance coverage- offered to both host and renter. Also, perhaps some coaching, including a checklist of dos and don’ts, would be helpful for both customers as be a prudent step in doing business

Looking back, this situation could certainly have been avoided or at least mitigated. As with any new organizational platform, Airbnb experienced a learning curve, which opened them up to this type of liability. Because they did not own the assets or employ the providers of the services they were offering, they is a certain level of control loss that Airbnb could have more properly prepared for. Despite the lack of traditional ownership, the end user (customer) has certain expectations that align with the hospitality industry at large. Clients expect their purchase to be consistent with their expectations, and the Hosts expect that clients will pay their bill and treat their rented property with due care. This assumed contract is difficult to enforce in a traditional hotel in some occasions, making this task even more daunting in an online environment. Had Airbnb required better and more complete profiles of their hosts and clients, implemented a more thorough identity verification system, while providing hosts with more latitude to reject offers from suspicious guests, this particular scenario in question could have been prevented. Much like EBay, Airbnb did not proactively address this risk and subsequently paid a penalty with the “EJ” incident. Additionally, their response time and crisis management process was woefully inadequate to address these issues; which could have been mitigated with a faster, comprehensive approach.

As the crisis consultant I would advise Airbnb to take steps to prescreen hosts and guests so they can minimize any bad experiences. However, Airbnb needs to have a plan in place to deal with these negative situations when they occur. They need to take action quickly and assume some responsibility for these types of losses. In the EJ case Airbnb was slow to respond. This creates an uneasy atmosphere for people using the service. As a renter you want some insurance against these types of damages. As a renter you want to make sure you are getting what is advertised. Airbnb needs to implement a review system and verify the legitimacy of the reviews in order to help identify problematic hosts and renters. Also they could implement a screening process for guests to help weed out problematic guests. This will give renters some comfort that Airbnb did an initial screening of renters. It is important for their future success that Airbnb be proactive in trying to eliminate problems.

As a crisis consultant I would advise Airbnb that they needed to handle incidents like this as transparently and as quickly as possible. My first question would be did any Airbnb representative personally go out to the site of the “EJ incident”? Does anyone from Airbnb go out to help deal with these incidents in person or do they exist only virtually? Airbnb is actively encouraging strangers to stay in stranger’s spaces. They promote it on their website with all the success stories of great places to see, but with none of the risk. You can argue that they are only a commission-based booking company and should not be held responsible for such incidents, but I would argue that their sustainable growth depends on it. There is nothing keeping criminal entrepreneurs from taking advantage of these exposed opportunities. In my opinion as a consultant, Airbnb was not prepared to respond to an incident such as “EJ”. They need to not only have a company incident response plan (media coverage, insurance coverage, legal assistance), but need to be investing in how to protect both their hosts and guests (providing risk education, screening personal information). There are legitimate risks for hosts that range from say the discarded condom wrapper in the bedroom or an illegal copied set of house keys to the theft of belongings and random vandalism to the possible assault. For guests the risks could range from inappropriate video recordings within the host dwelling to the unthinkable sexual assault. The bottom line is a host is allowing a stranger into their home and a traveler is entering into a stranger’s private space. There have been so many success stories though that no one wants to think that something so horrible can happen or happen to them. But if you are the victim, your world will forever be altered. What happens when there is a homicide at the hands of either a guest or a host? Airbnb encourages travelers to explore the world “where Airbnb hosts create a sense of belonging around the world.” (Quote from Airbnb website: https://www.airbnb.com/) Strangers at the hands of strangers. As a consultant I would advise Airbnb that they have an ethical responsibility to their customers, both hosts and guests. Airbnb expanded its global reach on the idea of a community built on sharing. So when incidents like “EJ” happen the company needs to get out in front of it and take care of their most important assets. Otherwise they are simply a space rental service based solely on making money (the hosts) and saving money (the guests). But that is not at all how they sell their website. Their website is all about social trust and I had a hard time finding anything that implied risk in hosting or traveling or any distrust among either. I’m not saying there has to be warnings all over the site, but there is a level of responsibility on Airbnb’s part when they create a utopian feeling of travelers being able to live as the locals do and homeowners willingly welcoming strangers into their private spaces. Any risks seem to be clouded by the inexpensive lodgings for guests and the extra income for hosts. So in additional to what a lot of other classmates have mentioned in regards to providing more information about both hosts and guests and Airbnb’s due diligence to properly screen users of their booking service, I think there is a need for them to be open about the risks of what their customers are doing. There appears to be little or no education on the risk being undertaken. To me it seems that sharing is not caring at Airbnb.

There are common sense precautions Airbnb could have taken to avoid the “EJ” incident, but damage and theft are always probable when renting to strangers. I was surprised to learn that the company started to prescreen guests and hosts only after this negative publicity occurred. It’s possible that a background check could have raised a red flag; however, it’s also possible that the renter might not have had a criminal record (yet). All too often, people are not held legally accountable for crimes. Although employment and credit history can be used to evaluate trustworthiness, you can’t ever truly predict how someone will behave. Sometimes people, who look good on paper, snap without warning. Conducting a background check, asking for personal references, and requiring a drug test might deter people who are already branded as criminals from applying to rent (that’s the low hanging fruit), but there’s no way to eliminate the risk of property damage or theft. Therefore it is important for hosts to purchase adequate insurance to protect their home and personal belongings. Airbnb could reimburse hosts for excessive damage/insurance costs. They could also offer hosts discounts on offsite storage units – so they can remove valuable/irreplaceable items from the home. Ultimately, it’s up to the host to decide if rent money is adequate compensation for the risk of renting to strangers.

If I were a crisis consultant, I would suggest that Airbnb assume the risk to preserve users’ trust in its service. The company in 2011 was valued at $1 billion, and it raised $112 milion in venture capital funding that year. This is enough to insure hosts’ losses in the rare instance of an “EJ event” in which a renter destroys the host’s property. This type of ‘peace of mind’ guarantee will encourage hosts to make nice properties available, and to not lock away every nice amenity in the home for fear of what harm renters may do.

Assuming the risk associated with bad apple renters also creates an incentive for Airbnb to carefully screen renters, verify their identities, and have collateral of some sort, even a security deposit on a credit card. If Airbnb did this type of guarantee, I know I would feel more comfortable listing my place for rent… for the DNC, or the pope visit…

I wondered if these guarantees exist as I was recently booking a home in the French Quarter for a bachelor party. On VRBO, it seems the host controlled the rates in ways that Airbnb did not allow, charging extra fees if you are staying there for a bachelor party, for example. Smart.

When reviewing this case one of the first things I had to remind myself of is that we have come along way with technology since Airbnb first launched in 2007. For example, in 2015, when you sign up for a website or service you link it to another account – such as using your Facebook account to sign up for Yelp or GrubHub. As an individual consumer our digital footprint is much easier to identify and verify then it was eight years ago. However, there are preventive measures that could have been taken to avoid the “EJ” incident such as:

>Holding a deposit on the credit card (this would then be released back to the customer after their visit)
>Having mandatory fields on profiles and also asking for more pertinent information (such as a driver license number to identify individuals)

As a crisis consultant, I would advise Airbnb to get ahead of the situation. Help the person wrong find the individual and bring them to court and repay damages. In any crisis situation, over communicating is key (as well as taking accountability). With every crisis there is the ability to implement change and move into a new direction. This is Airbnb’s chance to lead the way in terms of providing secure online services.

The EJ incident had a material impact on consumer confidence for an extended period of time and likely had an impact on both those willing to rent and those considering renting. Avoidance entirely would have necessitated an adjustment to their vetting policy. And while Airbnb’s responses was delayed, I believe the actions taken were proper to better protect both the hosts and renters. In order to enhance their review process and instill confidence and comfort, they took a similar disposition as Yelp and Trip Advisor in order to add features to better assist all parties. Additionally, they provided additional information regarding the renters to the hosts. This incremental information provided additional information required to make a more educated decision on the renter. Airbnb also simplified the process to reject renters and made efforts to adjust the pricing strategy to vary pricing and provide discounts. Additionally, they took additional methods to prescreen hosts and guests and also provide insurance for hosts.

If I were consulting Airbnb on how to handle situations like this in the future I would provide counsel regarding the criticality of addressing concerns immediately. And in addressing those concerns, I would recommend making every effort to compensate for any losses. Similar to the way a hotel chain reacts to a bad guest experience by providing remuneration in the form of points or complimentary nights, I would recommendation that Airbnb make every effort to compensate for a poor experience. If Airbnb neglects to react immediately to issues the media fallout could be much more pronounced. I believe that the delay was the major misstep that Airbnb made in reaction to the “EJ” incident.

I might be confused. Jury’s still out. Are you asking us to delete and re-post our “Favorite Things” as comments to your original post or is that for future reference? Also, the “Favorite Things” is the only question we’re working on until Thursday as far as discussion board goes, correct? Thanks.

Professor I am a little confused as to which tab we are posting in. I see a discussion question tab and a student post tab. Prior to the 19th, we are simply replying to the very fist post “Favorite Things”? Then, for the class work, are we posting in the discussion board or student posts? Also, we are creating new posts and then replying to other students as well as replying to their posts?

Thanks!

I can’t find the information about this week’s group assignment. I see on the assignment page and in the assignment drop box that we have to upload something as a group by next Thur. but I can’t find anything about the group members and what the project is. The drop box mentions that the assignment will be instructed in session, does that mean it’s in-class work that will be done and turned in during the WebEx on Thur. night?

The third and final piece advice in the article is not unique to ERP implementation, in my opinion. Any organizational change that could severely impact the operations of the business should be approached with adequate resources and expertise. The first two suggestions are a bit more specific to ERP. However, the lessons seem to be rooted in common sense and do not take a high IQ to figure out. What makes these suggestions important isn’t their complexity, but the magnitude of the consequences if they are not followed. This was clearly illustrated in the article with the Hershey, Sleep Comfort and the universities. Perhaps the mistakes these organizations made were not the result of ignoring the author’s advice, but that they couldn’t foresee how large of an ordeal it would be to institute the ERP system. I have to assume that even as recent as 1999, the level of ERP expertise in the business environment was nowhere close to what it is today. The recommendations made are applicable to many more business scenarios than just ERP.

Agreeing with just about everyone else, I believe that these are general business lessons that happened to fall under the realm of ERPs. Poor judgement on the part of people within the companies was merely channeled through ERPs but factors like poor timing, improper use, and poor implementation could be phrases used for almost any business system or function. That being said, some extra weight is carried by ERPs since they have the ability to affect every function within the business so it makes sense why so much attention is paid to them.

The author may be a bit pessimistic, but I agree with his general argument. I don’t think Twitter can reverse its cultish appeal to its users without alienating them, at least to some degree. Perhaps my outlook is further swayed by my personal experience – I never had a Twitter account and currently have no intention of creating one. I am one of those who “just don’t get it”; I simply do not see the benefit in having one and Twitter hasn’t done much to change my stance in that regard. If there are a lot of people in my boat, which I suspect there are, then I certainly agree with the author’s sentiment that Twitter is caught between two conflicting goals. The author suggested that Twitter can choose from two paths: it can continue to please its current “power users” or it can attempt to broaden its appeal, potentially losing many customers in the process. There is no way Twitter can accomplish both simultaneously. It must choose its path and stick by it. I don’t think Twitter will ever become completely obsolete, but the chances of it becoming as ingrained in our social environment as Facebook are very slim. Investors who want Twitter to become as large financially as Facebook are bound to be disappointed. Twitter has always been a niche social networking site, so trying to achieve the widespread appeal of Facebook would be a fruitless effort in my opinion.

While I believe Twitter needs to further adapt in the way that it presents information, the author is being overly pessimistic. He mentions nothing of how Facebook use has declined tremendously in our generation, and the main draw of Twitter is the ease of access to information. While my Facebook feed now mainly consists of people sharing Buzzfeed articles and commentary of societal issues by people much older than me, Twitter feels much faster and more relevant. As long as Twitter is able to refresh their user base and not grow stale like a lot of Facebook has, it will be able to remain relevant.

After looking through the visualization methods, I’ve discovered that my favorite type is data visualization. I tend to be very numbers-oriented, so I was more comfortable with the data methods than any of the other categories. Whenever ideas, processes or systems can be quantified, I would prefer them to be that way. I wouldn’t say I really had a least favorite type, but if I’d have to give an answer, it would be compound visualization. Many of the images seemed like they were attempting to accomplish way too much for one single image. Following this thought, I determined that what makes a visualization type desirable is its precision in what it intends the reader to learn. I found the compound methods to be generally ambiguous, and they took me a lot of time to understand compared to the other types. Still, the compound type has many useful qualities. I guess these qualities don’t fit my preferred method of visual interpretation. The data visualization methods were easily interpretable and had little to no degree of ambiguity. Metaphor and concept visualization also had many of what I consider to be the most desirable traits of these charts and graphs. But the quantifiable nature of the data visualization method is what made them my favorite type.

Generally speaking, my favorites are any of the types that fall under the “data visualization” classification and my least favorites are the “compound visualization” types. My reasoning is that it is very easy to see trends and differences between categories in the types to the point that if you showed it to someone who only had a vague idea about the nuances or ideas behind the data, that person could still understand the way something is changing or not on his/her own. The compound visualizations, while providing a lot of information, are too overwhelming and make it hard to pull away any key points in the data. When it comes to visualizations, simplicity should be the most important factor, so that anyone could pull information away from what they see, even if they don’t completely understand it.