By Lyubena Smith, CTP, Treasury Sales Manager and Pamela Garrison, Treasury Consultant for Truist, and Paula Mashburn, CPA, CFE, Partner with HHM CPA firm.

Auto dealerships are attractive targets for fraud and other cyber threats. Adopt the mindset of a tech-savvy criminal and it’s easy to see why—dealerships have sizeable deposit balances, make frequent high-dollar transactions (i.e., ACH, checks, and wire transfers), and have numerous employees who use systems with sensitive customer data.

Dealer management systems contain a treasure trove of information that hackers can sell or use to commit other crimes: social security numbers, bank account information, credit applications and scores, and insurance data. And auto dealers’ information technology systems often lack the latest firewalls, updates, and security patches, giving criminals an easy path to cyberfraud.

Given the sluggishness of digital security measures adoption, hackers know the odds of a successful cyberattack on a dealership are high. Roughly half (47%) of dealers surveyed lack confidence in their level of cybersecurity protection.Disclosure 1 Similarly, 46% said their dealership had experienced a cyberattack in 2023 that negatively impacted business operations or finances.Disclosure 2

With threats so prevalent, dealers must work to better understand the complex fraud and cyber threat landscape—and adopt proactive strategies to effectively mitigate their risk.

Understand the varied threat landscape.

Although many types of fraud pose risks for auto dealers, payments fraud is most common. Four out of five organizations reported an attempted or completed payments fraud in 2023—a 15% increase from 2022.Disclosure 3 Of those, 65% involved checks, making checks the most fraud-prone form of payment. ACH debits were next at 33%, while fraudsters used wire transfers (24%), commercial credit cards (20%), and ACH credits (19%) somewhat less often.

Business email compromise (BEC) is the primary source of attack for payments fraud.Disclosure 3 Relying on social engineering attacks, scammers trick employees into providing sensitive information, making fraudulent payments, or opening email attachments that contain malware. Criminals can then enter a system and gain access to sensitive data or impersonate another member of an organization. 

Regularly review your online user entitlements to make sure rights are legitimate and appropriate.  All users do not need access to everything, particularly personally identifiable information such as your customers’ Social Security numbers.

Accounts payable and treasury teams are primary marks for BEC, since they manage and approve outgoing payments. Others target legitimate, outsourced service providers or vendors to get into an organization’s systems or pose as a new vendor to obtain fraudulent payments. Synthetic fraud based on false identity is an increasing threat as well.

Be alert to synthetic fraud.

Synthetic fraud is on the rise at auto dealerships, up 38% in 2023.Disclosure 1 Criminals use stolen or “synthetic” identities to facilitate vehicle theft by securing approval for a loan in someone else’s name. Synthetic fraud combines information available for purchase with stolen or falsified documents to “prove” an identity.Don’t let today’s decisions lead to surprising repercussions.

Recognize common risks quickly.

Auto dealers identified email phishing, including BEC, as the most prevalent cyber threat in 2023.Disclosure 1 Other top threats dealers experienced in 2023 included (in descending order):

  1. Ransomware
  2. Infection by PC viruses and malware
  3. Theft of business data
  4. Criminals entry to email and systems using stolen or weak passwords

Regardless of the method, it’s important to uncover, and remedy, a problem as quickly as possible. Fraud doesn’t always trigger immediate alarm bells, but the longer it’s left undetected, the higher risk it presents.

A recent survey showed that organizations identified 31% of reported fraud incidents within one to four weeks, while 22% took a month or more to discover.Disclosure 3 Early detection is important, but preventing fraud and cybercrimes from happening in the first place is ideal. 

All major dealer management systems provide a daily reconciliation module, which is an effective tool to catch fraud faster.  As an example, it recently took a dealer 45 days to identify a fraudulent attack, which could have been found in ten minutes if they had reconciled their account.  

Shore up your defenses. 

Auto dealers, like all businesses who handle consumer financial data, must comply with the Federal Trade Commission’s Safeguards Rule which took effect in 2023. Your defensive actions should align with the security measures you’ve already taken for compliance with the Safeguards Rule. Consider people, processes, and technology to create a comprehensive plan.

People are your first line of defense. Make employee education a top priority. Train all staff to recognize the latest social engineering schemes and follow these security basics:

  • Don’t open suspicious emails or unexpected email attachments.
  • Be cautious when sharing personal or dealership information online.
  • Conduct online business via secure networks and internet connections only.
  • Verify any suspicious requests that purportedly come from staff, vendors, suppliers, or other business partners.
  • Design financial process task to maintain strict segregation of duties—the staff member who initiates a task should never be the same one who approves it.

Processes to safeguard company finances are another critical defensive measure. Start with the payment methods you choose. When possible, replace checks with a more secure medium, including credit cards, ACH, and Real-Time Payments (RTP®). And always store checks safely, even canceled checks.

If your dealer management systems have the capability, moving to Integrated Payables is another way to reduce financial risk. Integrated Payables allows you to streamline the payments process by sending all vendor payments in a single, secure electronic file to the bank, saving you from having to upload multiple files. As the bank distributes the payments based on predefined criteria, it can flag potentially fraudulent transactions. (Note: Seek expert help to ensure smooth platform integration with dealer management systems.)

Follow these safety guidelines when making wire transfers:

  • Don’t rely on emailed or faxed instructions alone. Always obtain voice verification from an authorized person, at a known phone number, to confirm wire instructions.
  • Implement dual controls before approving a wire transfer, have one person receive the instructions, and another authorize the release.
  • Use the bank’s wire template for repetitive transactions.
  • Be suspicious of urgent requests.

Scrutinize ACH payments:

  • Verify authenticity and ownership of bank routing and account numbers.
  • Perform daily reconciliation on ACH debit accounts.
  • Separate file processing from file creation and maintenance.
  • Restrict access to payment data forms and records.
  • Use Truist ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports.

Designate specific bank accounts for distinct types of transactions. Segregating accounts makes it easier to spot suspicious activity. You can block wire and ACH activity on accounts not designated for those purposes.

Technology is the third part of your cybersecurity program. Reduce the risk of fraud activity and cybercrime by following these technology best practices:

  • Keep technology systems, devices, and software updated with the most current security protections. Install patches and updates as soon as they are available.
  • Regularly back up dealership data and store backups securely.
  • Limit access to devices and sensitive data to authorized individuals.
  • Use single sign-on systems (SSO).
  • Mandate the use of strong passwords and two-factor authentication.
  • Establish a cyberattack response plan.
  • Get cyber insurance and work with your insurance provider to further reduce risk. 

Create and practice an incident action plan.

You’ll want to establish your game plan before a cyberattack happens, so you don’t waste precious time determining what you need to do if one happens.  

Designate an incident response team to develop and maintain your response plan. The team should extend beyond your IT department and include senior managers, as well as essential staff from key operational areas.

Make sure you know who you’ll contact for external resources and expertise. Your go-to list could include:

  • Cyber incident response experts
  • Communications and public relations professionals
  • Data forensics experts
  • Data privacy legal counsel
  • Your cyber insurance broker
  • Other professionals as needed

Once your plan is complete, remember to keep a copy offline—a cyberattack could lock you out of computer files and systems. Don’t just file your plan and then forget about it. Test it with practice runs that simulate various incident scenarios. Conduct periodic cyber-attack drills that provide team members an opportunity to practice their response steps.

This kind of “dry run” improves familiarity with response procedures, can help you identify potential barriers to execution, and can uncover gaps in the plan. It can also reduce stress levels after an actual incident, helping you act more quickly and effectively. Use these simulated incidents to update and improve your response plan.

Act immediately when an attack occurs.

Fast action is important if your dealership undergoes a significant cyberattack. This incident to—do list can help you move from problem to solution as quickly as possible.

1.. Activate your incident response team—Make sure that the individuals designated with oversight duties are all on board.

a. Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to insurer terms and conditions, so you receive your full policy benefits.

b. Engage your legal team. Some dealers will involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities, and prepare for the possibility of future litigation or regulatory investigation.

2. Conduct a thorough damage assessment and implement the appropriate response plan.

a. Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible.

b. Preserve and document evidence related to the incident so it will be available for future prosecution or law enforcement purposes. In your haste to restore data, take care not to destroy evidence that could help identify the attackers and be used in their prosecution.

c. Decide how to address the most urgent priorities: mitigating the impact of the incident, repairing systems, restoring data, and strengthening security.

3. Work closely with your forensic investigation firm and other incident response experts to assist with the negotiation process, prepare for secure and lawful extortion payment (if necessary), and provide support in restoring full operational status across the organization.

a.  Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation.

4.  Contact your bank if your account has been compromised

a. Report the fraudulent incident to your bank’s fraud response unit.

b. Work with your bank to try to recoup funds.

5. Craft your communications plan

a. Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with internal and public-facing audiences.

b. Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel.

Fraud is prevalent. Preparation is the key to prevention and fast response if it strikes.

Truist has expertise within the automotive retail industry, and can help you with your fraud prevention plans. Working together, you and your Truist Dealer Services relationship manager can identify steps to reduce risk of attack, defend against threats, and respond promptly to problems when they arise.

Truist Dealer Insider

Insights for auto dealers

Proactive, strategic advice—wherever you are in your dealership’s lifecycle

Related resources

Women in auto retail with Stacey Gillman, Gillman Automotive Group; Jodi Kippe, Crowe; and Sarah Seedig, Holland & Knight.

Auto dealer

Women in auto retail: Driven to succeed

Auto dealer

A financial partner to help build your dealership’s value

Auto dealer

Planning for dealership succession

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Helpful links



Sign up for the Truist Dealer Insider

Receive our quarterly Truist Dealer Insider - straight to your inbox and stay up to date on industry news and trends.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option