The Federal Trade Commission (FTC) recently issued new amendments that require certain financial institutions to meet information security standards for consumer data protection.  Many DMS software providers have already begun changes to ensure compliance before the (now) deadline of June 9, 2023. For dealerships, it is equally important to ensure your CRM is in line with the FTC Safeguards Rule amendments.

Protecting consumer data is at the core of these changes.  More specifically, nonpublic personal information, or personally identifiable financial information, that a consumer provides to obtain a financial product or service.  Put simply, anyone accessing sensitive customer data, such as SSN and DOB, need to follow security protocols on top of other business implementations.

The FTC instructed dealerships to follow a series of five steps:

  • Designate a qualified individual
  • Perform a risk assessment
  • Implement safeguards and perform audits
  • Oversee service providers
  • Update and adjust info security program as needed

Here we will dive into sections of these that apply to your CRM and how cyclCRM helps you comply.

Multi-Factor Authentication (MFA)

Implementing mandatory safeguards places accountability at the forefront of operations.  One important implementation is MFA per the Code of Federal Regulations, Title 16 CFR 314.4(c)(5).  cyclCRM provides two types of factor authentication: a secure password and email authentication using a one-time code.  These satisfy both knowledge (knowing a password) and possession (such as a one-time code sent to email or cell phone) successfully meeting the MFA requirements.

Along with MFA, cyclCRM provides new device login notifications and tracks IP addresses for extra security measures. This allows qualified individuals to perform security checks ensuring normal account activity.

Encryption and Access Controllability

Though compliance is everyone’s responsibility, it is important for every business under the umbrella of the FTC safeguards rule to have proper data protection and procedures in place.  One of the greatest threats to consumer data security is employees.  The FTC amendments provide steps to take to avoid this threat.  Per Title 16 CFR 314.4(c)(1)(i-ii), specific access should be granted to users for acquisition of customer information only as needed to perform their duties. cyclCRM not only encrypts DOB and SSN but allows only authorized users to view this information. Administrative users decide on a case-by-case basis what specific users can see and do in cyclCRM.

For instance, users can be blocked entirely from seeing DOB, SSN, and purchase details while also being limited on the ability to export this data. Qualified individuals can review each user and determine what is relevant to their role.

Secure Practices Involving Customer Information

16 CFR 314.4(c)(4) outlines steps to take towards securing practices for transmitting, accessing, and storing  customer information. cyclCRM provides many more security measures to keep customer data safe. It is common knowledge that data is more easily stolen in transit.  cyclCRM’s integrated features, including the credit application and full integration to Deal Pack DMS, provide an extra level of protection of customer information.  When customers submit their credit applications from dealer websites, the data is transmitted via secure encrypted pathways for optimal safety.

Did you know? Images of Driver’s Licenses are non-public information and by keeping this customer information on a personal phone, your team will be in direct violation of the safeguards rules.

cyclCRM has two-way texting and emailing through secure cloud-based software.  Users can obtain documents, such as a Driver License picture, without them ever being stored to their personal phones.  Furthermore, users can be blocked from accessing these documents once securely received to cyclCRM’s e-Vault.  A Digital Loan Jacket integration provides safe transit of these documents to Deal Pack while being securely stored on the cloud.

Security for BHPH DMS and CRM

Keeping customer data safe is still everyone’s responsibility, but with amendments to the FTC Safeguards Rules, your dealership is now more responsible than ever before.  While you are safeguarding the processes in your DMS, make sure your CRM is up to code as well.

For more information on steps you can take in your dealership or with your software, check out this Deal Pack blog