As a company that helps auto dealers leverage online technology to buy and sell from each other, Dealerslink is extremely committed to cyber security. We constantly monitor and upgrade our online security systems and encourage our members to do the same.
Whether you are a one-rooftop dealership or a regional chain, you are at risk for cyber attacks if your customer database can be accessed online. Dealerships of every size keep records of confidential customer information such as drivers’ licenses, insurance documents and payment receipts. This makes you a target for information theft and data breaches.
In one case, security experts discovered an exposed online database that contained the details of about 10 million vehicles. Hackers had been accessing this data to clone VINs and make stolen cars appear legitimate. No dealer wants to purchase a unit only to find out later it’s a hot vehicle.
Over the last year, identity theft tied to auto loans and leases increased 43 percent. This type of fraud could cost everyone $6 billion per year.
Assume Responsibility
According to the Graham Leach-Biley Act, also known as the Financial Services Modernization Act of 1999, dealerships are considered financial institutions when they collect and store consumer financial information in their databases.
Dealerships are subject to the identity-theft-protection requirements of the Fair and Accurate Credit Transactions Act Red Flags Rule. This rule requires affected businesses to develop programs designed to detect the warning signs of identity theft in their day-to-day operations, and to properly train employees about these programs.
If your dealership provides financial services, thus collecting and storing customers’ financial information, your dealership is responsible for protecting cardholder data under the Payment Card Industry’s Data Security Standard (PCI DSS).
If your database is hacked and your data is compromised, you are required to notify government agencies and your customers. Data breaches will definitely impact your reputation and future business. The auditing firm Total Dealer Compliance surveyed 200 dealerships in five states and found that nearly 84 percent of consumers would not buy another car from a dealership that had a data security breach at the dealership.
Be Proactive
In 2015 the Automotive Information Sharing and Analysis Center developed and released a list of seven Best Practices:
1. Governance – Effective governance aligns a vehicle cyber security program with an organization’s broader mission and objectives.
2. Risk Assessment and Management – Risk-assessment and management strategies mitigate the potential impact of cyber security vulnerabilities.
3. Security by Design – Secure vehicle design involves the integration of hardware and software cyber security features during the product-development process.
4. Threat Detection and Protection – Proactive cyber security through the detection of threats, vulnerabilities and incidents empowers automakers to mitigate associated risk and consequences.
5. Incident Response and Recovery – An incident-response plan documents processes to inform a response to cyber security incidents affecting the motor vehicle ecosystem.
6. Training and Awareness – Training and awareness programs help cultivate a culture of security and enforce vehicle cyber security responsibilities.
7. Collaboration and Engagement with Appropriate Third Parties – Defending against cyber attacks often requires collaboration among multiple stakeholders to enhance cyber threat awareness and cyber attack response.
To see the full list of best practices and specific steps to take, visit https://www.automotiveisac.com/best-practices/.
If you have any questions about the security of our no-transaction-fee Marketplace or dealership tools, feel free to call 844-777-7872 or email info@Dealerslink.com.