Cyber defense in the era of digital car finance for automobiles
As the auto finance sector rapidly moves into the digital age, the industry is learning how to quickly adapt to new and growing security challenges. Chris Farnell speaks to Kevin Phillips from ieDigital, a software developer and financial services technology provider.
The aftermath of the pandemic and the rapid pace of technological change have combined to have a significant knock-on effect on increased customer expectations.
While it was once considered efficient to complete a car financing deal within a week, online solutions have led customers to expect trips that can be completed in minutes. Walking into a showroom and driving away in a new, finance-funded car is quickly becoming the norm. Even going to a showroom is less common than before, and customers expect to apply for financing, service deals, and switch providers anytime, anywhere, and from any device.
“It is becoming increasingly common for manufacturers and non-captives to sell motor finance online,” said Kevin Phillips, Head of Solutions Engineering at ieDigital.
“Giving customers the ability to select and configure a vehicle, select add-ons and upgrades, and purchase a vehicle with HP or PCP financing from the comfort of their own home is an attractive proposition.”
Most car financing deals last on average between two to three years, so it’s important for providers to build relationships with customers as quickly as possible with an eye toward renewing or purchasing a new car. One of the best ways to do this is through digital self-service channels, much like how banks offer online and mobile banking.
While customer expectations are rising, meeting those expectations comes with new challenges, many of which customers may not have expected.
The Financial Conduct Authority (FCA) requires that appropriate cybercrime measures be taken and maintained at all times. In addition to protecting customer data, UK financial providers must protect their networks from attacks to keep their services up and running. Failure to do so may result in the provider losing its license.
Many of the countermeasures that auto finance providers need to put in place are common across the financial industry, such as securing the online portals and mobile apps that customers use to fulfill their contracts.
However, there are also industry-specific issues that need to be considered.
kevin phillips
“Auto finance providers use brokers, such as mortgage and asset finance providers, which require additional considerations to counter the threat of cybercrime,” explains Phillips.
the story continues
“Perhaps unique to the auto industry are auto industry dealerships and independent showrooms. Away from more secure office locations and retail spaces, these showrooms allow dealers and customers to use automated underwriting services and electronic signature processes. Now you can obtain financing, obtain credit scores, and complete financing auto finance deals on behalf of your customers.”
Because many dealers have complete access to customer data, preventing data theft of personally identifying information is just as important as stopping external threats hacking remote servers. This risk is further exacerbated by the presence of third parties. Third parties can make devices used to access the Service vulnerable to threats such as keystroke logging, remote access, and infection with ransomware threats.
Cybersecurity, real world assets
One of the things that sets car finance apart from other financial products is that it is secured against high-value mobile assets.
The amount can be higher than an unsecured personal loan, especially for luxury cars, caravans, vans and trucks.
In risk assessments for fraud and other criminal activity, this means that even if customer data appears legitimate, the vehicle itself does not exist, has been recently scrapped, or is being used to enter into multiple simultaneous contracts with different providers. This means that you need to take into account that there is a possibility that
Providers must not only protect their networks, online portals, and databases, but also ensure that they are not used as gateways for other forms of cybercrime.
A new arms race
As solutions have improved, so have the challenges, and while large banking providers may have once been the primary targets, they have become better at keeping themselves safe, and criminals people are shifting their attention elsewhere.
“Cybersecurity has become an arms race. As top banking providers spend enormous amounts of time and effort securing their sites, attackers are more relaxed and less secure, with smaller, potentially We’re looking at large scale financial services providers,” Phillips said.
“Accessing the auto finance contract portal does not give hackers direct control over checking or savings accounts, but they can obtain PII and banking data, including bank account and card details stored for repayments. Therefore, it is important for auto finance providers of all sizes to make cybersecurity a top priority.”
To provide the necessary level of comfort, especially among small development teams and small businesses that don’t have the means to build and maintain their own secure solutions, Phillips believes that benchmarking services should be ISO 27001 or PCI Insist that it must be compliant with DSS standards. operations team.
“Enterprises need to outsource the development and support of such solutions to third parties, and therefore rely on these organizations to build, host, and support these services in the best way to keep cyber threats at bay. ” Phillips says.
“As top-tier banking providers spend significant time and effort securing their sites, attackers are turning their attention to smaller financial services providers.”
Kevin Phillips, Head of Solutions Engineering, ieDigital
“Because providers hold both customer PII and banking data, both of which are exactly what cybercriminals are trying to obtain, direct server-side attacks and through front-end platforms such as You need to protect your data from attacks both on your dealer portal and on your customer banking app. ”
With the rapid growth of self-service, there are also threats to portal access through sheer brute force attacks or social engineering of usernames and passwords.
Technology continues to advance at an astonishing speed. The introduction of products like smart leasing could open the door to new crimes such as drive-by hacking to steal payment data and car theft, which steals the data on the car rather than the car itself. .
“The automotive industry is undergoing a period of high innovation, both with the evolution of electric vehicles and the connectivity of cars to the internet,” Phillips points out.
“Sales competition is fiercer than ever, with new car prices under pressure and exacerbated by rising global inflation and rising manufacturing costs. “Leasing and pay-to-drive options are becoming more attractive.”
Owning a car outright is no longer the default option. Manufacturers are noticing the rise of toll bikes and electric scooters and are hoping to expand their models into cars. Opportunities abound for businesses and criminals alike.
“This inherent link between assets and financial models has led manufacturers to look to embed financial payments within the vehicle itself,” explains Phillips. “But once a vehicle is linked with PII and payment data, it becomes an attack target, and cybercriminals have new ways to hack connected vehicles, such as downloading financial data while in the garage or coming up with a drive. Through wireless hacking, the arms race is only going to get more intense. All of them are under the FCA’s watch, so serious breaches can be devastating. The penalties are significant enough to seriously harm the ability to continue a viable business.”
Toyota Financial Services launches digital portal and mobile app
Intelligent Environment rebranded as ieDigital
“Cyber Defense in the Age of Digital Car Finance” was originally created and published by Motor Finance Online, a brand owned by GlobalData.
The information on this site is published in good faith and for general information purposes only. It is not intended to constitute advice on which you should rely, and we make no representations or warranties of any kind, express or implied, as to its accuracy or completeness. You should obtain professional or specialist advice before taking, or refraining from, any action on the basis of any content on our site.