Cyber Security: Your Customers’ Digital Data
As a company that helps auto dealers leverage online technology to buy and sell from each other, DealersLink is extremely committed to cyber security. We constantly monitor and upgrade our online security systems and encourage our members to do the same.
Whether you are a one-rooftop dealership or a regional chain, you are at risk for cyber attacks if your customer database can be accessed online. Dealerships of every size keep records of confidential customer information such as drivers’ licenses, insurance documents and payment receipts. This makes you a target for information theft and data breaches.
In one case, security experts discovered an exposed online database that contained the details of about. Hackers had been accessing this data to clone VINs and make stolen cars appear legitimate. No dealer wants to purchase a unit only to find out later it’s a hot vehicle.
Over the last year, identity theft tied to auto loans and leases increased 43 percent. This type of fraud could cost everyone $6 billion per year.
According to the Graham Leach-Biley Act, also known as the Financial Services Modernization Act of 1999, dealerships are considered financial institutions when they collect and store consumer financial information in their databases.
Dealerships are subject to the identity-theft-protection requirements of the Fair and Accurate Credit Transactions Act Red Flags Rule. This rule requires affected businesses to develop programs designed to detect the warning signs of identity theft in their day-to-day operations, and to properly train employees about these programs.
If your dealership provides financial services, thus collecting and storing customers’ financial information, your dealership is responsible for protecting cardholder data under the Payment Card Industry’s Data Security Standard (PCI DSS).
If your database is hacked and your data is compromised, you are required to notify government agencies and your customers. Data breaches will definitely impact your reputation and future business. The auditing firm Total Dealer Compliancein five states and found that nearly 84 percent of consumers would not buy another car from a dealership that had a data security breach at the dealership.
In 2015 thedeveloped and released a list of seven Best Practices:
1. Governance – Effective governance aligns a vehicle cyber security program with an organization’s broader mission and objectives.
2. Risk Assessment and Management – Risk-assessment and management strategies mitigate the potential impact of cyber security vulnerabilities.
3. Security by Design – Secure vehicle design involves the integration of hardware and software cyber security features during the product-development process.
4. Threat Detection and Protection – Proactive cyber security through the detection of threats, vulnerabilities and incidents empowers automakers to mitigate associated risk and consequences.
5. Incident Response and Recovery – An incident-response plan documents processes to inform a response to cyber security incidents affecting the motor vehicle ecosystem.
6. Training and Awareness – Training and awareness programs help cultivate a culture of security and enforce vehicle cyber security responsibilities.
7. Collaboration and Engagement with Appropriate Third Parties – Defending against cyber attacks often requires collaboration among multiple stakeholders to enhance cyber threat awareness and cyber attack response.
To see the full list of best practices and specific steps to take, visit.
If you have any questions about the security of our no-transaction-feeor dealership tools, feel free to call 844-777-7872 or email .