How to Protect Your Customer’s Personal Data Against Security Breaches in the Digital Age – Pete MacInnis, eLend Solutions

data

Pete MacInnis, founder, and CEO of eLend Solutions joins CBT News to talk about digital retailing, and the changes it has caused from the traditional world of customer information. Pete talks about how PII, personal identifiable information, has transitioned not only to online transactions but also to more considerable data, such as customer’s social security numbers.

However, the industry seems to look at this data as more enhanced, without the consideration of protecting this data. In addition, Pete says that fraud doesn’t happen where dealers expect it to, such as during an online credit application. But rather fraud actually happens when the data is sitting unused within the company’s servers or when it is being accessed through these servers, and Pete says that it is here that proper authentication and security is crucial.

To hear more from Pete check out our full interview above.

VIDEO TRANSCRIPT: 

Jim F.:
Hi everyone. I’m Jim Fitzpatrick. Thanks so much for joining us on another edition of CBT news. We’re so happy to have back on our studios Mr. Pete McInness at eLEND Solutions. I know that you know that name and that face. You’re always on our channel and we appreciate all of the input that you give to us.

Jim F.:
Let’s kind of jump right in with consumers wanting to move more of the car buying process online and moving towards e-commerce. Consumers are providing more information about themselves online. That includes PII. Let’s talk about digital retailing, and is that addressing the data security needs out there?

Pete M.:
Yeah. Well, so when we refer to PII that means … that’s the acronym for personal identifiable information.

Jim F.:
Great. Right.

Pete M.:
So when you think about that in the traditional world of digital retailing and lead generation, it was always about lead forms and getting customers’ information submitted.

Jim F.:
Yeah. Yeah.

Pete M.:
But now there’s a lot less lead forms being submitted, but now people are moving to do more of the transaction online. So they’re moving from less lead information to information that is actually PII stuff. Social security numbers, things of that nature.

Jim F.:
Yeah, it’s huge.

Pete M.:
So now it’s a whole different animal of information that they’re transmitting online. And so there needs to … be addressed differently. But I think what’s happening … the industry is still looking a lot of that as it’s just an enhanced lead. It’s more better information. It’s enhanced without the consideration of, “We need to protect this data.”

Jim F.:
Right, right.

Pete M.:
And we have to do a better job with that. So with that being said, I think that when it’s not being taken serious from that standpoint, it’s a disaster waiting to happen.

Jim F.:
Oh, there’s no question about it. So explain to our audience where the biggest risks are and what to look for in partnering … or I should say in partners handling PII for auto dealers.

Pete M.:
Yeah. Well, let me just go back for a second and talk about … For example, when I say that it’s an accident waiting to happen, I’ll give you an example of our company specifically.

Jim F.:
Sure.

Pete M.:
Right? Our servers get hit by hackers. Robots attempt at least a thousand times a day.

Jim F.:
Really?

Pete M.:
Yes.

Jim F.:
Okay. Wow.

Pete M.:
And so for us, we take security compliance really seriously. We’ve invested a lot of resources into security, and compliance, and things in terms of your infrastructure, and all of that stuff. And certifications, third party audit firms, and stuff like that. So we know that it’s a real issue because we see it. And it’s our … we view it as it’s one of our fundamental responsibilities as a provider to dealers. That’s almost first and foremost, because if not the dealer is going to be [affecting 00:02:56] out of business and so will we.

Jim F.:
That’s right. That’s right.

Pete M.:
We take that seriously. I think that’s something that we personally have recognized and seen that how important that is.

Jim F.:
And it’s the real deal. I mean, there are so many people trying to hack into anything out there that’s got a valuable information. Right?

Pete M.:
Yeah. And yet there’s so many … Me Too movement people are going, “Hell yeah, we can do this and we can do all that stuff.” But you know, you’ve got to be careful because unless they built these … unless they put as much effort and time and resources into that part of their business-

Jim F.:
Yeah.

Pete M.:
You know, there’s a lot of companies that may have … their servers might be as less secure than Hillary Clinton’s was in her basement, or her closet, or her bathroom, or wherever the heck it was.

Jim F.:
Exactly. Right?

Pete M.:
You know? And there’s concerns there. So those are things that the industry has to be a little more conscientious about.

Jim F.:
Yeah. So what are the biggest risks? And what to look for a in handling … or I should say partners handling the PII for auto dealers?

Pete M.:
Yeah. Well, when it comes to the PII when you think about that … And we’re talking about initially digital retailing on the digital retailing online sites that they think, “Okay. Well, I’ve got this online credit application and it’s HTTPS. It’s a secure blank,” which means it’s encrypted. So between the web browser, the RON, and the web server of the entity … “Oh, it’s all encrypted. It’s all okay, because it’s secure.”

Pete M.:
Well, that’s not where the fraud happens. That’s not when that happens. When data breaches are is after that fact. And a lot of … maybe smaller companies might have it stored on the same server as where they collected it, where there really needs to be a separation of duties between web servers and data servers. Right?

Pete M.:
And you have to have the appropriate firewalls in place to do that and all the encryption at rest. So not only during the transfer, but all the data’s encrypted while it’s sitting on that server not being used. And then you got to make sure that when it is being accessed, it’s due authentication. You’re authenticating not just the user, but the device they are that’s been approved to access that information.

Jim F.:
Yeah.

Pete M.:
So there’s lots of those types of things that happen that have to happen. So it’s not just what’s happening on this site, it’s really what’s happening after it leaves the site and how to protect that.

Jim F.:
Yeah. Yeah. Things dealers need to know that their vendors are aware of. We’re seeing a lot of companies offering soft credit pull applications. Are there compliance issues dealers should be aware of?

Pete M.:
Oh, absolutely. So when you’re talking about soft credit pulls, you’re talking again about PII, credit report data. You’ve got FCRA rules, you’ve got credit repository guidance and compliance. Absolutely.

Pete M.:
So first and foremost, you have to understand the difference between when people talk about soft credit pulls … because it’s really good about qualifying customers and getting more information upfront in the journey to speed up process. But with that comes responsibility, accountability-

Jim F.:
Yeah, that’s right.

Pete M.:
And in order to make that happen … So I think first and foremost, you don’t need to understand the difference between prescreen and a [pre-qual, 00:06:04] right? And what their really objective is.

Pete M.:
And so the difference between those products are … the prescreen is really great for lead generation. However, it doesn’t require consumer consent but what it does require is offering that customer firm offer credit. So you’ve got to make sure that your vendor actually is handling that process for you to keep you out of trouble from a compliance standpoint.

Pete M.:
On the other hand, a prequalification does require consumer consent. But unlike the prescreen, which only gives you a few attributes, a pre-qual can give you up to an entire credit file.

Jim F.:
Yeah.

Pete M.:
Right? And your compliance requirements are less. So as long as you have the ability to do all of that … And it’s very important that if you’re going to use those tools with those vendors that those vendors actually have the rights to that data. So as we just talked about the security of that information, but then you’ll do the … When it’s originating from a credit repository, and that it ends up somehow downstream to some provider that’s helping a dealer on digital retailing or something, is that vendor certified with the credit repository? And have they gone through all the security protocols and audits to receive that?

Jim F.:
Wow.

Pete M.:
What scares the hell out of me is there’s a lot of companies out there downstream who has access or is touching that data that is not in the appropriate food chain of security compliance and all that.

Jim F.:
Right.

Pete M.:
And that’s where I think … that was some the dealers you have to say … If you’re going to use a provider with this, makes sure-

Jim F.:
Yeah. I was just going to ask you what are your recommendations for dealers when considering soft credit pull providers?

Pete M.:
Make sure that those things I just mentioned are there in addition to that. Real simple. Ask them to prove that they’re certified with credit repositories.

Jim F.:
Okay.

Pete M.:
If they don’t have some level of security compliance certification with them, proceed at your own risk.

Jim F.:
Really?

Pete M.:
Yeah.

Jim F.:
Okay. Could be a disaster.

Pete M.:
It’s a risk. When you think about for the dealers, they spend so much money building their brand, right? How much are they invested in protecting that brand?

Jim F.:
That’s right.

Pete M.:
You know, it doesn’t take that much to protect it. You pay attention to it, take care of it. That’s what we would recommend.

Jim F.:
Yeah. Because one major story that might hit the local news, or the 10 o’clock news that says, “I went to this dealership to buy a car, and guess what? All my information was out there on the internet.” And that’s a disaster for a dealer. Right?

Pete M.:
It’s a disaster online but in-store. I mean, you have issues. Identity fraud is rampant.

Jim F.:
Yeah, yeah. Let’s talk about that. Because I know that that’s still at the top of many dealers’ to-do lists every year to say, “I got to make sure that I’m covered in this area.” Right? And it’s still alive and well out there.

Pete M.:
Yeah. We’re seeing a lot of it now. We’re being exposed to it a lot now because we actually have a product that’s addressing this issue.

Jim F.:
Okay.

Pete M.:
So when you think about identity theft … Somebody can go online and buy a fake driver’s license for 200 bucks out of China. And to the common eye, you don’t know the difference.

Jim F.:
That’s right. That’s right.

Pete M.:
You can’t tell the difference. So they come into the store-

Jim F.:
And no sales department is going to be schooled in this area for the most part.

Pete M.:
They’re not only not going to be schooled, but they’re certainly not gonna advertise to the world that they’ve been taken advantage of.

Jim F.:
That’s right.

Pete M.:
They’re not going to invite more of it.

Jim F.:
That’s right. Good point.

Pete M.:
So nobody’s going to press it. You know?

Jim F.:
Right. Right.

Pete M.:
I’ll give you a couple of examples how bad it is.

Jim F.:
Sure.

Pete M.:
We developed … so we have a product called [ID Drive 00:09:27], and it actually authenticates the document, and it does a lot of this. We have one dealer group that just had a handful of stores that were piloting it. They identify we’ve saved them a quarter million bucks in the first 90 days.

Jim F.:
Oh my gosh. Wow.

Pete M.:
Just in identity theft, catching customers trying to buy cars with fake IDs.

Jim F.:
That is phenomenal.

Pete M.:
And so there happened to be an extremely large dealer group that’s rolling out the product nationwide now.

Jim F.:
Okay.

Pete M.:
Because it became … it’s just a non-event for them. So I’m going to give you one example of how it happened with them and another group in their local market. So they installed this product on a Monday in one store. The next day a customer comes in with a fake ID, and we flag it and it tells us if we’ve got a problem.

Pete M.:
So as they stall on that deal, the customer decides that they’re going to leave and come back the following morning.

Jim F.:
Okay. That’s [crosstalk 00:10:22] pick up their car.

Pete M.:
Right? To get their car. So they schedule the appointment. They go out and they get the customer’s license plate after they drive off, and they realize that car had just recently been bought by another different dealer down the street.

Jim F.:
Sure.

Pete M.:
And so they pick up the phone and call that dealer says, “Hey look, we’ve got a customer with a bad ID. He was trying to buy a car from us, and they’re driving a car they just recently bought from you.” And the bad news is you’re going to be buying a contract back from your lender.

Jim F.:
Right.

Pete M.:
Alright, so next morning … So they got the customer’s info. They’re figure are going to come back, or are they going to go find them? So the customer comes in for the ten o’clock appointment Wednesday morning-

Jim F.:
That’s how cocky they are today.

Pete M.:
Right? They’re coming back in with that fake ID and the salesman has now been replaced by the detective from the police department and they bust her. It turns out she’s got, like, 20 fake licenses in the car.

Jim F.:
Oh my gosh.

Pete M.:
And so they call the other dealer … So they catch her and they called back the other dealer and said, “Hey, we got good news for you. At least you’re getting your car back.”

Jim F.:
Yeah, yeah. We got it.

Pete M.:
Right? And they said, “Well, how did you figure all that out?” They said, “Well, we got this product that helps us do that.” And they go, “We need that now. Give us their number.” Right? So we ended up getting another customer out of it.

Jim F.:
Sure. But eLEND has the solution. That’s why it’s eLEND Solutions, right?

Pete M.:
We’re just there to help.

Jim F.:
You always come with great solutions and great insight whenever you join us here on CBT news. So once again, thank you so much for joining us, and hopefully we’re going to have you back to talk about these very pressing issues that the dealers are facing.

Pete M.:
Thanks for having me again, Jim.

Jim F.:
Thanks. Appreciate it.

Speaker 3:
CBT Automotive Network, the number one most watched network in retail automotive. This has been a JBS Business Media production.