FAQ: DoubleCheck®

WHY DID I GET AN EMAIL ABOUT WALRUS DoubleCheck?

Because someone wants your payment instructions – probably they are investing in a vehicle you control, making a distribution in connection with an investment that you made, or wish to pay an invoice to your organization.

DoubleCheck® lets you share instructions securely.

OR

Because someone wants to share their payment instructions with you – probably you are investing in a vehicle they control or paying an invoice to their organization.

DoubleCheck® lets you get their instructions securely.

WHY SHOULD I USE DoubleCheck?

Because hijacked payments are a huge problem. Here’s an example:

You are expecting a payment, so you send an email to your counterparty with your wire instructions.

But then a scammer who has infiltrated the email chain sends another email, pretending to be you, with new wire instructions.

Result: your counterparty pays the scammer.

Exchanging payment instructions through DoubleCheck® ensures that the right person gets the right instructions.

HOW DOES DOUBLECHECK MAKE SURE I AM NOT THE VICTIM OF FRAUD?

DoubleCheck® uses a variety of authentication techniques to make sure that you are dealing with the right person.

WHAT DOES DOUBLECHECK DO WITH THE INFORMATION IT COLLECTS?

We collect information for the purposes of authentication only. We never use this information for any other purpose, and we never share it or sell it.

WHO ARE YOU PEOPLE?

We are a team of security experts (led by professors in CS and math) who became very concerned about this fundamental flaw in the architecture of the web. The founders:

Michael Walfish

Andrew Blumberg

Max Howald

WHY DO YOU ASK FOR A VIDEO?

Video ensures that DoubleCheck® is interacting with a live person. It also provides a nearly unforgeable record, which protects you and us. This is much stronger than email, “secure email,” or text messages alone.

WHO WILL SEE MY VIDEO?

We don’t show your video to anyone, not even the person trying to pay you.

WHAT HAPPENS TO MY VIDEO AFTER THE TRANSACTION IS DONE?

We delete it.

HOW LONG WILL THIS TAKE?

The whole thing should take you about two minutes. It’s even less for your counterparty.

WHAT IF I DON’T HAVE A WEBCAM OR MY COMPANY POLICY PROHIBITS ITS USE?

That’s okay — if you have a landline, we can use that instead.

DO I NEED TO SIGN UP TO USE DOUBLECHECK?

You don’t need to sign up to respond to a request. If you want to use DoubleCheck® to send out your own requests, you need to create an account.

DO I HAVE TO GO THROUGH THE WHOLE PROCESS EVERY TIME?

No. Once you’ve established a connection with a counterparty, the process is significantly streamlined.

IS THIS LIKE A CAPTCHA?

Some parts of DoubleCheck®’s verification process achieve similar goals, although the approach is different.

HOW CAN THE FRAUDSTERS GET IN THE MIDDLE OF COMMUNICATION FLOW?

By getting into the email account of one of the participants.

HOW MANY PEOPLE HAS THIS REALLY HAPPENED TO?

The problem was $50 billion over the last few years, according to the FBI.

WHY DON’T I JUST CALL THE PERSON I’M EXCHANGING MONEY WITH?

If you know them and recognize their voice, you can do that. But phone calls are cumbersome, surprisingly easy to do wrong, and subject to fakery.

WE USE SECURE EMAIL, WHY DO I NEED THIS?

Secure email solves a different problem! When you send someone a secure email, they are assured that no one but the two of you read the email. But they don’t actually know who sent the email, any more than they would if you send them a regular email. Fraudsters can (and do) send secure emails that purport to be from you! When you send someone payment instructions, they need assurance that the instructions really came from you. This is what DoubleCheck® does for you.

I HAVE A REALLY GOOD FIREWALL, WHY DO I NEED THIS?

That's good! But no firewall can protect you from fraudulent emails from your counterparties who were the victim of email takeover.

MY EMPLOYEES WON’T GET PHISHED, WHY DO I NEED THIS?

Even if your employees are phish-proof, it’s impossible to prevent your counterparties from being phished. Meanwhile, if your counterparties get compromised, you are at risk.

DOESN’T MY BANK PROTECT ME AGAINST THIS ISSUE?

​Sadly, no. Their policies only protect themselves. But it’s not their fault, because they can’t know who your counterparty is supposed to be. Only you know that.

WHERE DID YOUR COMPANY NAME COME FROM? (WHY WALRUS?)

Long story.