Digital credit solutions deliver convenience, speed, and flexibility. Along with its benefits, however, comes risk. Protecting consumer data has always been a priority for dealerships. It’s now a more complex initiative as cyberattacks in the industry increase due to more sophisticated hackers.
Automotive finance stands at a crucial point. You want to increase your lead-to-sales ratio, reduce friction in the process, adhere to the FTC (Federal Trade Commission) Safeguards Rule, and apply the best cyber protections. There are learnings to take from known breaches and proactive plans you can make to achieve these objectives.
The State of Data Breaches and Cyber Threats in the Automotive Industry
The automotive industry is under attack by opportunistic cybercriminals. They target these businesses because of the extensive amount of PII (personally identifiable information) available. Customers who go through a credit pull now have their PII within databases and platforms.
Unfortunately, this PII isn’t always as secure as it should be. Hackers are always looking for easy ways to infiltrate a network, and they are finding success.
One of the biggest stories of automotive cybersecurity was the CDK attack. It was a ransomware incident. Hackers took control of the entire platform, causing disruptions across dealerships, from sales to service operations to loan processing. In all, it impacted over 15,000 businesses.
This incident wasn’t a direct attack on dealerships. It was a side-door approach of breaching a vendor to get to all the valuable PII. It’s one example of a growing trend of ransomware, which has cost the industry over $920 billion since 2021.
A favorite mechanism to enact ransomware or malware is phishing. Cybercriminals have found success here, as well. Research concluded that 36% of dealership data breaches started with a phishing attack.
The auto industry has a target on its back, and most in the industry feel unprepared to battle these threats. A cybersecurity study by eLend revealed that only 42% of dealers feel prepared to manage a breach.
What does your dealership need to do to be prepared? It’s vital since the probability of one keeps increasing.
Dealership Best Practices to Safeguard Consumer Data
Cybersecurity, as an operational initiative, continues to try to stay a step ahead of hackers. It’s a volatile environment because what worked today may no longer do so tomorrow. Adapting to cyber-criminal techniques is an ongoing strategy.
Your best defense is actually a strong offense. The protocols to put in place include:
- Encryption: Whether PII is in transit or at rest, it should always be encrypted. One challenge you may find is that legacy systems don’t offer this. If that’s the case for you to achieve this cybersecurity best practice, you may need to update your tech stack.
- Secure data storage: Your databases are ripe with PII, and this data needs to be in a “digital vault.” It includes regular backups of this sensitive data offside or in a cloud environment. You should also test the integrity of these storage mechanisms often.
- Security auditing: The two most important auditing tactics to perform regularly are vulnerability assessments and penetration testing. Conducting these should identify weaknesses, misconfigurations, or other security concerns. From these findings, you can take action to fix them before hackers exploit them.
- Employee training: Your staff can be your weakest link or strongest ally. Recall that many breaches result from phishing, which means there was a human element to the incident. Regular and consistent cybersecurity training for employees is crucial in preventing successful phishing.
All of these components are internal safeguards. Dealerships must also address consumer awareness around data privacy issues.
Consumers Become More Aware of Data Privacy and Expect Transparency
It would be hard for the average consumer to be unaware of data privacy and security. Headlines of breaches come almost daily, and 37% of U.S. adults said they received a notification of a breach in 2023. As a result, 73% are more concerned about data privacy than they were a few years ago.
With awareness comes doubts about the security of businesses and their use of consumer data. Dealerships provide the required disclosures about data use, but it doesn’t hurt to explain those in simple terms. Doing so offers greater transparency over how dealers collect and use consumer data.
In fact, doing this could be another way to build trust and loyalty. In considering other ways to strengthen data privacy and security, you can look to other industries that are more mature in their cybersecurity journey.
What the Auto Industry Can Learn from Finance and Healthcare
Finance and healthcare are two of the most regulated industries, and they generate, use, store, and analyze lots of consumer data. Cyber criminals are constantly trying to breach these organizations for PII and PHI (protected health information).
Both have layers of protection, but they aren’t immune to attacks. What they do have are frameworks, protocols, and laws that govern how they must treat consumer data. The auto industry does have to adhere to regulations like the Safeguards Rule and PCI-DSS (Payment Card Industry Data Security Standard).
There’s much to learn from finance and healthcare since they’ve been early adopters of innovative cybersecurity practices. The auto industry has things in play but could fortify them for even better protections, including:
- Stricter protocols for consumer data sharing: This is important because you have to send PII to other systems for credit pulls and lender qualification.
- Access controls on top of encryption: Instituting and continuing to improve access controls helps you comply with the GLBA (Gramm-Leach-Bliley Act) while also working to prevent unauthorized access.
- Managing third-party vendors: The software you use could put you at risk, as demonstrated by the CDK attack. Vetting your vendors based on their cybersecurity and data privacy initiatives would be a good practice to establish.
By being security first, you have the opportunity to make this a differentiator. Consumers have reason to be distrustful about sharing PII since they’ve likely experienced a breach that included their data.
Prioritizing security and privacy could be a trust builder with consumers who will be less hesitant to use digital credit solutions. Emphasizing how you protect their information could be good for business and industry growth.
There are more considerations for building a cyber-secure digital credit solution. Innovations in Digital Credit Cybersecurity
Innovation is building secure digital credit solutions that can adapt to new threats. The most promising are AI (artificial intelligence) and machine learning. There is great potential for this technology to revolutionize digital credit cybersecurity.
Using AI to analyze real-time data for threats is becoming a common practice. It can identify patterns that cause concern. It helps you take action immediately instead of after a breach has occurred.
In addition to exterior threats, AI could be a tool to find insider threats. It could look at transactions or activities by your staff if they don’t follow the rules.
AI can also play a part in protecting data storage, specifically the cloud. AI, as a monitoring tool within the cloud, can uncover anything that seems abnormal or suspicious.
If AI locates a threat, it could be the first response to deflect low-risk threats. Another possibility is AI delivering useful advice to security professionals on what actions to take.
Machine learning, a subset of AI, can be valuable in your cybersecurity plans, as well. Machine learning algorithms have the capacity to review massive amounts of data quickly. The outcome is the ability to detect and predict security issues.
Embracing this innovation allows dealerships to scale cybersecurity measures, take advantage of intelligent automation, and stay ahead of attacks.
Achieving Proactive Consumer Data Protection
With these best practices, learnings from other industries, and new innovations, dealerships have a collection of tools to protect consumer data. However, threats evolve, so you must, as well.
You’ll never be 100% risk free, but you can be consistent and continuously enhance your cybersecurity program. These efforts are worth it, as they work to protect your reputation and your operational framework. Stay informed, vigilant, and ready to pivot at the intersection of cybersecurity and digital credit solutions.
About the Author
Pete brings 40+ years of experience in Automotive Finance and Technology as Founder and CEO of eLEND Solutions™, an automotive FinTech company providing a middleware solution designed to power transactional digital retailing buying experiences. The platform specializes in hybrid credit report, identity verification, and ‘pre-desking’ solutions, accelerating end-to-end purchase experiences – helping dealers sell more cars! Faster!
