Physical Audits Support Compliance Software in Thwarting CARS Rule Violations and Other Auto Dealership Cyber Crimes

CRYSTAL LAKE, IL, May 22, 2024 - As cyber crimes against auto dealerships escalate, dealers must recognize the importance of conducting frequent physical security audits to supplement any software-driven compliance tool they may be using. This advice comes from Terry Dortch, a leading dealership compliance expert at Automotive Risk Management Partners, whose knowledge in this field is unparalleled.

The need for physical audit scrutiny is how dealership electronic and manual processes ensure the integrity of the Safeguards/CARS Rule designed to protect customer information from theft. The Federal Trade Commission’s CARS Rule adds truth and transparency to the car buying and leasing process by clarifying that certain deceptive or unfair practices are illegal.

"While data and cybersecurity breach prevention are undeniably crucial for dealerships, it's important to note that much of the information that identity thieves seek is not deterred by software security in these systems alone," Dortch explained.

One typical issue dealerships experience is the occurrence or appearance of disparate impact or discriminatory action, which can lead to run-ins with the Federal Trade Commission (FTC). To get around such situations, implementing physical audits should be a priority. Regular audits help nip potential threats and identify complicit behaviors quickly. Dealers who prefer less stringent compliance increase their risk of incurring penalties that can significantly impact a dealership's financial health and reputation.

Potential opportunities for physical data breaches include personal information on documents in deal jackets that are not secured but stacked on F&I office desks and floors, left near photocopy machines, and written on sales and service paperwork left unattended on sales staff and service advisor desks. Malicious eyes of individuals – even customers – wandering the dealership may be enticed to commit these crimes if access to valuable personal financial information is presented so readily to them.

Dortch said a dealer's compliance needs are best served when both aspects of data security are adequately addressed to protect against these crimes.

The potential fines for negligence in physical compliance can reach several million dollars, and they are not just a possibility, they have occurred. This stark reality should dispel any notion that software-based compliance protection alone is adequate in this business environment. Compliance is an all-encompassing process that demands meticulous attention and consistency, emphasizing the urgency of the issue.

Automotive Risk Management Partners, Inc. (ARMP) combines more than 40 years of automotive industry compliance experience. Founding partner Terry Dortch created the first GLBA auditing process for sales and finance centers within dealerships. The firm serves automotive and RV dealerships throughout North America. www.autorisknow.com