Subscribe

Auto dealer | June 2024 Protect your dealership from fraud and cyber threats

Learn about the latest fraud and cyberthreats, how to defend against attacks, and what to do if you’re a victim of cybercrime.

By Lyubena Smith, CTP, Treasury Sales Manager and Pamela Garrison, Treasury Consultant for Truist, and Paula Mashburn, CPA, CFE, Partner with HHM CPA firm.

Auto dealerships are attractive targets for fraud and other cyber threats. Adopt the mindset of a tech-savvy criminal and it’s easy to see why—dealerships have sizeable deposit balances, make frequent high-dollar transactions (i.e., ACH, checks, and wire transfers), and have numerous employees who use systems with sensitive customer data.

Dealer management systems contain a treasure trove of information that hackers can sell or use to commit other crimes: social security numbers, bank account information, credit applications and scores, and insurance data. And auto dealers’ information technology systems often lack the latest firewalls, updates, and security patches, giving criminals an easy path to cyberfraud.

Given the sluggishness of digital security measures adoption, hackers know the odds of a successful cyberattack on a dealership are high. Roughly half (47%) of dealers surveyed lack confidence in their level of cybersecurity protection.Disclosure 1 Similarly, 46% said their dealership had experienced a cyberattack in 2023 that negatively impacted business operations or finances.Disclosure 2

With threats so prevalent, dealers must work to better understand the complex fraud and cyber threat landscape—and adopt proactive strategies to effectively mitigate their risk.

Understand the varied threat landscape.

Although many types of fraud pose risks for auto dealers, payments fraud is most common. Four out of five organizations reported an attempted or completed payments fraud in 2023—a 15% increase from 2022.Disclosure 3 Of those, 65% involved checks, making checks the most fraud-prone form of payment. ACH debits were next at 33%, while fraudsters used wire transfers (24%), commercial credit cards (20%), and ACH credits (19%) somewhat less often.

Business email compromise (BEC) is the primary source of attack for payments fraud.Disclosure 3 Relying on social engineering attacks, scammers trick employees into providing sensitive information, making fraudulent payments, or opening email attachments that contain malware. Criminals can then enter a system and gain access to sensitive data or impersonate another member of an organization. 

Regularly review your online user entitlements to make sure rights are legitimate and appropriate.  All users do not need access to everything, particularly personally identifiable information such as your customers’ Social Security numbers.

Accounts payable and treasury teams are primary marks for BEC, since they manage and approve outgoing payments. Others target legitimate, outsourced service providers or vendors to get into an organization’s systems or pose as a new vendor to obtain fraudulent payments. Synthetic fraud based on false identity is an increasing threat as well.

Be alert to synthetic fraud.

Synthetic fraud is on the rise at auto dealerships, up 38% in 2023.Disclosure 1 Criminals use stolen or “synthetic” identities to facilitate vehicle theft by securing approval for a loan in someone else’s name. Synthetic fraud combines information available for purchase with stolen or falsified documents to “prove” an identity.Don’t let today’s decisions lead to surprising repercussions.

Recognize common risks quickly.

Auto dealers identified email phishing, including BEC, as the most prevalent cyber threat in 2023.Disclosure 1 Other top threats dealers experienced in 2023 included (in descending order):

  1. Ransomware
  2. Infection by PC viruses and malware
  3. Theft of business data
  4. Criminals entry to email and systems using stolen or weak passwords

Regardless of the method, it’s important to uncover, and remedy, a problem as quickly as possible. Fraud doesn’t always trigger immediate alarm bells, but the longer it’s left undetected, the higher risk it presents.

A recent survey showed that organizations identified 31% of reported fraud incidents within one to four weeks, while 22% took a month or more to discover.Disclosure 3 Early detection is important, but preventing fraud and cybercrimes from happening in the first place is ideal. 

All major dealer management systems provide a daily reconciliation module, which is an effective tool to catch fraud faster.  As an example, it recently took a dealer 45 days to identify a fraudulent attack, which could have been found in ten minutes if they had reconciled their account.  

Shore up your defenses. 

Auto dealers, like all businesses who handle consumer financial data, must comply with the Federal Trade Commission’s Safeguards Rule which took effect in 2023. Your defensive actions should align with the security measures you’ve already taken for compliance with the Safeguards Rule. Consider people, processes, and technology to create a comprehensive plan.

People are your first line of defense. Make employee education a top priority. Train all staff to recognize the latest social engineering schemes and follow these security basics:

  • Don’t open suspicious emails or unexpected email attachments.
  • Be cautious when sharing personal or dealership information online.
  • Conduct online business via secure networks and internet connections only.
  • Verify any suspicious requests that purportedly come from staff, vendors, suppliers, or other business partners.
  • Design financial process task to maintain strict segregation of duties—the staff member who initiates a task should never be the same one who approves it.

Processes to safeguard company finances are another critical defensive measure. Start with the payment methods you choose. When possible, replace checks with a more secure medium, including credit cards, ACH, and Real-Time Payments (RTP®). And always store checks safely, even canceled checks.

If your dealer management systems have the capability, moving to Integrated Payables is another way to reduce financial risk. Integrated Payables allows you to streamline the payments process by sending all vendor payments in a single, secure electronic file to the bank, saving you from having to upload multiple files. As the bank distributes the payments based on predefined criteria, it can flag potentially fraudulent transactions. (Note: Seek expert help to ensure smooth platform integration with dealer management systems.)

Follow these safety guidelines when making wire transfers:

  • Don’t rely on emailed or faxed instructions alone. Always obtain voice verification from an authorized person, at a known phone number, to confirm wire instructions.
  • Implement dual controls before approving a wire transfer, have one person receive the instructions, and another authorize the release.
  • Use the bank’s wire template for repetitive transactions.
  • Be suspicious of urgent requests.

Scrutinize ACH payments:

  • Verify authenticity and ownership of bank routing and account numbers.
  • Perform daily reconciliation on ACH debit accounts.
  • Separate file processing from file creation and maintenance.
  • Restrict access to payment data forms and records.
  • Use Truist ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports.

Designate specific bank accounts for distinct types of transactions. Segregating accounts makes it easier to spot suspicious activity. You can block wire and ACH activity on accounts not designated for those purposes.

Technology is the third part of your cybersecurity program. Reduce the risk of fraud activity and cybercrime by following these technology best practices:

  • Keep technology systems, devices, and software updated with the most current security protections. Install patches and updates as soon as they are available.
  • Regularly back up dealership data and store backups securely.
  • Limit access to devices and sensitive data to authorized individuals.
  • Use single sign-on systems (SSO).
  • Mandate the use of strong passwords and two-factor authentication.
  • Establish a cyberattack response plan.
  • Get cyber insurance and work with your insurance provider to further reduce risk. 

Create and practice an incident action plan.

You’ll want to establish your game plan before a cyberattack happens, so you don’t waste precious time determining what you need to do if one happens.  

Designate an incident response team to develop and maintain your response plan. The team should extend beyond your IT department and include senior managers, as well as essential staff from key operational areas.

Make sure you know who you’ll contact for external resources and expertise. Your go-to list could include:

  • Cyber incident response experts
  • Communications and public relations professionals
  • Data forensics experts
  • Data privacy legal counsel
  • Your cyber insurance broker
  • Other professionals as needed

Once your plan is complete, remember to keep a copy offline—a cyberattack could lock you out of computer files and systems. Don’t just file your plan and then forget about it. Test it with practice runs that simulate various incident scenarios. Conduct periodic cyber-attack drills that provide team members an opportunity to practice their response steps.

This kind of “dry run” improves familiarity with response procedures, can help you identify potential barriers to execution, and can uncover gaps in the plan. It can also reduce stress levels after an actual incident, helping you act more quickly and effectively. Use these simulated incidents to update and improve your response plan.

Act immediately when an attack occurs.

Fast action is important if your dealership undergoes a significant cyberattack. This incident to—do list can help you move from problem to solution as quickly as possible.

1.. Activate your incident response team—Make sure that the individuals designated with oversight duties are all on board.

a. Consult your insurance broker to discuss insurance policy incident notification requirements. Your insurance broker can work with your cyber insurance carrier to outline the appropriate first steps and the optimal process to engage carrier-approved vendors. This ensures you’ll have the right resources charging the right rates and that you’re adhering to insurer terms and conditions, so you receive your full policy benefits.

b. Engage your legal team. Some dealers will involve approved breach counsel at the onset to determine appropriate actions that fulfill legal obligations, manage potential liabilities, and prepare for the possibility of future litigation or regulatory investigation.

2. Conduct a thorough damage assessment and implement the appropriate response plan.

a. Identify the threat and try to isolate affected systems to prevent further damage. Resolve the vulnerability that allowed the incident, if possible.

b. Preserve and document evidence related to the incident so it will be available for future prosecution or law enforcement purposes. In your haste to restore data, take care not to destroy evidence that could help identify the attackers and be used in their prosecution.

c. Decide how to address the most urgent priorities: mitigating the impact of the incident, repairing systems, restoring data, and strengthening security.

3. Work closely with your forensic investigation firm and other incident response experts to assist with the negotiation process, prepare for secure and lawful extortion payment (if necessary), and provide support in restoring full operational status across the organization.

a.  Report the incident to appropriate law enforcement and regulatory agencies. They may be able to assist in the investigation.

4.  Contact your bank if your account has been compromised

a. Report the fraudulent incident to your bank’s fraud response unit.

b. Work with your bank to try to recoup funds.

5. Craft your communications plan

a. Talk to an insurer-approved public relations and communications team about the best ways to communicate about the incident with internal and public-facing audiences.

b. Verify and comply with legal requirements to notify those affected by the incident and offer credit monitoring and/or identity theft restoration services as approved by your insurer and advised by your breach counsel.

Fraud is prevalent. Preparation is the key to prevention and fast response if it strikes.

Truist has expertise within the automotive retail industry, and can help you with your fraud prevention plans. Working together, you and your Truist Dealer Services relationship manager can identify steps to reduce risk of attack, defend against threats, and respond promptly to problems when they arise.

Truist Dealer Insider

Insights for auto dealers

Proactive, strategic advice—wherever you are in your dealership’s lifecycle

View the Truist Dealer Insider
Trending Articles

How AI is transforming the auto dealership business

Payment strategies for a changing auto retail world

5 factors shaping auto retail M&A in 2024 and beyond

Learn more about Truist Dealer Services

Related resources

Women in auto retail with Stacey Gillman, Gillman Automotive Group; Jodi Kippe, Crowe; and Sarah Seedig, Holland & Knight.

Auto dealer

Women in auto retail: Driven to succeed

Auto dealer

A financial partner to help build your dealership’s value

Auto dealer

Planning for dealership succession

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Helpful links

Business Insights
Truist Business Lifecycle Advisory
Business Resource Center
Sign up for the Truist Dealer Insider

Receive our quarterly Truist Dealer Insider - straight to your inbox and stay up to date on industry news and trends.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option
Component ID : "accordionGridLayout-1396148670"
Model : "disclaimer"
Position : "left"

Disclosure 1 Driving into Danger: CDK Global 2023 Cybersecurity Report Reveals Rise in Auto Dealership Cyberattacks. CDK Global.

Disclosure 2 Mark Hollmer, Dealerships slammed by multiple cybersecurity challenges in 2024, Automotive News, January 3, 2024.

Disclosure 3 2024 AFP Payments Fraud and Control Survey Report, Association for Financial Professionals, 2024.

Disclosures

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

Services provided by the following affiliates of Truist Financial Corporation (Truist): Banking products and services, including loans and deposit accounts, are provided by Truist Bank, Member FDIC. Trust and investment management services are provided by Truist Bank, and Truist Delaware Trust Company. Securities, brokerage accounts and /or insurance (including annuities) are offered by Truist Investment Services, Inc., which is a SEC registered broker-dealer, member FINRA, SIPC, and a licensed insurance agency. Investment advisory services are offered by Truist Advisory Services, Inc., GFO Advisory Services, LLC, and Sterling Capital Management, LLC, each SEC registered investment advisers. Sterling Capital Funds are advised by Sterling Capital Management, LLC.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist Financial Corporation and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank. Deposit products are offered by Truist Bank.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

  • Multilingual teammates available at our Multicultural Banking Centers
  • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
  • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

  • Limited English Proficiency Support
  • New York City residents

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2024, Truist. All Rights Reserved.