FAQ: DoubleCheck

Why did I get an email about Walrus DoubleCheck?

Because someone wants your payment instructions – probably they are investing in a vehicle you control, making a distribution in connection with an investment that you made, or wish to pay an invoice to your organization.

DoubleCheck lets you share instructions securely.

Why should I use DoubleCheck?

Because hijacked payments are a huge problem. Here’s an example:

  • You are expecting a payment, so you send an e-mail to your counterparty with your wire instructions.
  • But then a scammer who has infiltrated the email chain sends another email, pretending to be you, with new wire instructions.
  • Result: your counterparty pays the scammer.

Exchanging payment instructions through DoubleCheck ensures that the right person gets the right instructions.

How does DoubleCheck make sure I am not the victim of fraud?

DoubleCheck uses a variety of authentication techniques to make sure that you are dealing with the right person.

What does DoubleCheck do with the information it collects?

​We collect information for the purposes of authentication only. We never use this information for any other purpose, and we never share it or sell it.

Who are you people?

We are a team of security experts (led by professors in CS and math) who became very concerned about this fundamental flaw in the architecture of the web. The founders:

Why am I recording a video?

This gives us a record of who responded to a request. We believe that this is the best way to authenticate. Email can be spoofed, and video is more secure and less invasive than collecting social security numbers or driver’s licenses.

Who gets to see my video?

We don’t show the video to anyone, not even the person sending you the request. We’ll delete it after your payment is completed, or even earlier at your request.

Do I need to sign up to use DoubleCheck?

You don’t need to sign up to respond to a request. If you want to use DoubleCheck to send out your own requests, you need to create an account.

Is this like a CAPTCHA?

Some parts of DoubleCheck’s verification process achieve similar goals, although the approach is different.

How can the fraudsters get in the middle of communication flow?

By getting into the email account of one of the participants.

How many people has this really happened to?

The problem was $26 billion over the last few years, according to the FBI.

Why don’t I just call the person I’m exchanging money with?

If you know them and recognize their voice, you can do that. But phone calls are cumbersome, surprisingly easy to do wrong, and subject to fakery.

I have a really good firewall. Why do I need this?

That’s good! But no firewall can protect you from fraudulent e-mails from associates who were the victim of email takeover.

My employees won’t get phished, why do I need this?

Even if your employees are phish-proof, it’s impossible to prevent your counterparties from being phished. Meanwhile, if your counterparties get compromised, you are at risk.

Doesn’t my bank protect me against this issue?

​Sadly, no. Their policies only protect themselves. But it’s not their fault, because they can’t know who your counterparty is supposed to be. Only you know that.

Where did your company name come from? (Why Walrus?)

Long story.

Get started

To evaluate if DoubleCheck is right for you, please submit the form below; we will contact you within 24 hours. As part of the conversation, we will help assess the risks in your payment processes.

Don’t wait until you’ve been hit.