Importance of Regulatory Compliance in Automotive Retail
As automotive dealerships increasingly handle sensitive financial and personal information, they fall under related scrutiny. The two regulatory and compliance standards dealerships fall under include the Federal Trade Commission’s Standards for Safeguarding Customer Information (FTC Safeguards Rule) and Payment Card Industry Data Security Standards (PCI-DSS).
Impact of FTC Safeguards
One of the key regulatory challenges regards the ways dealerships are treated as organizations.
“Based on the type of data that they transmit and possess in taking information for credit applications and opening vehicle loans and leases, dealerships are now treated as financial institutions under the FTC Safeguards,” says Scott Spatz, CEO of Cooperative Systems. “As a result, they’re expected to maintain their IT infrastructures, including software systems and integrations, secure the data that they possess, and interact and verify with third-party service providers the same way any financial institution would. There’s a regulatory framework in place to account for all that.”
Under the FTC Safeguards, dealerships are required to secure sensitive customer information by implementing comprehensive security plans, conducting regular risk assessments, and ensuring that their data is protected from breaches or misuse. Dealerships must take proactive steps to comply with the safeguards rule in order to protect their customers’ data and their own reputation. The consequences of non-compliance can be catastrophic, as seen with Honda’s 2020 data breach, which led to regulatory scrutiny and a loss of trust from consumers.
From an infrastructure security perspective, those requirements cover a great deal, including securing network and wireless infrastructures, remote connectivity to their infrastructure, connectivity between different service providers, and more.
“It encompasses all the laptops and desktops, workstations, mobile devices, and any other device that touches the dealership’s infrastructure and transmits and processes the sensitive data,” he adds. “In working with dealerships, we play a role in securing and managing wide-ranging system integrity. That requires encryption, consistent testing and vulnerability scanning, and penetration testing to maintain the security and integrity of the entire IT environment, both inside and outside the dealership.”
PCI-DSS Protocols
While not as broad or recent as the FTC Safeguards, PCI-DSS establishes strict security protocols for any business that processes, stores, or transmits credit card information, covering both network infrastructures and devices.
“Similar to the FTC Safeguards, PCI-DSS compliance involves ongoing vulnerability and penetration testing to attest to the integrity and security of the dealer environment,” Spatz says.
Dealerships process a large volume of credit card transactions, making them prime targets for cyberattacks. In addition, failure to comply with PCI DSS can result in massive fines and damaged reputations, as evidenced by the Target data breach, which led to an $18.5 million settlement.
Benefits of Compliance and the Right IT Partner
Beyond avoiding penalties, compliance with regulations such as the FTC Safeguards Rule and PCI-DSS brings tangible benefits to dealerships:
- Protecting Consumer Trust: Secure handling of customer data builds long-term trust and loyalty.
- Preventing Costly Breaches: Compliance reduces the risk of a breach that could damage your business financially and reputationally.
- Gaining a Competitive Advantage: Dealerships that demonstrate strong data security stand out in a competitive market.
Still, the growing complexity of the automotive industry, combined with the integration of new technologies and third-party platforms, makes regulatory compliance challenging. Dealerships are no longer isolated businesses but rather integrated with financial systems and technological platforms that demand high levels of security. That’s where having a knowledgeable IT partner can help.
“There’s increased scrutiny around the automotive retail sector, so partnering with an organization that has specific regulatory expertise, like Cooperative Systems, makes a measurable difference,” asserts Spatz. “Keeping up with changing regulations such as the FTC Safeguards Rule and PCI-DSS is difficult, especially without dedicated resources or expert guidance. We take a proactive approach to adhering to the FTC Safeguards Rule and PCI DSS, ensuring our dealer partners customer data security and helping them build trust and maintain business continuity.”
Look for the next installment in our series, “Technology Optimization for an Automotive Retail Environment.”
Regardless of the type of business you operate, contact us to learn how Cooperative Systems can help you develop an IT plan that meets your specific operational and security needs.