In June 2024, a prominent software-as-a-service (SaaS) solution provider for automotive dealerships faced two severe cyber attacks. These incidents disrupted operations for approximately 15,000 car dealerships that rely on the solution for various operations, including sales, customer relationship management (CRM), back office administration, billing, financing, inventory management, service, and support.
Compromised customer data included names, addresses, social security numbers, driver's licenses, credit card numbers, and bank account details. Criminals often exploit stolen data for fraud or identity theft.
The data breach underscores the importance of robust cybersecurity practices for companies handling such information. Auto dealerships should remain vigilant and proactively safeguard customer data against future attacks. This article explores ways to protect sensitive payment data to soften a breach's financial and reputational impact.
Protecting Payment Data at Your Dealership
Maintaining compliance, establishing business access controls, and taking payments securely at your dealership are top priorities, but these aren’t the only responsibilities you may own as a controller. So, how do you delicately balance and maintain the tasks you oversee daily in your role?
Leaning on processes and tools to streamline and automate some of your workloads is one of the best ways to tackle issues such as theft, embezzlement, cybersecurity threats, and fraud. There are three key focus areas regarding payment security.
Control User Access
Many people throughout a dealership are involved in processes related to accepting and managing payment data.
Systems without user-level access and business controls hamper a controller’s ability to understand employee-level activity and address issues through training, management oversight, or other measures. Audit controls are essential for multi-location dealerships that manage multiple brands, locations and departments.
Automating access controls across your dealership staff is nearly impossible without a reliable, cloud-based payment solution. Using an old-school payment terminal leaves your dealership vulnerable, providing zero structure for duty separation and little oversight. You can manage your dealership’s staff more effectively with a cloud-connected solution that customizes and tracks user access and activity.
Grant user access by location or department to ensure transactions are associated with the correct batch, simplifying end-of-day processes and reconciliation.
Protect your dealership from employee fraud by limiting the type of transactions and data users can see. For example, only allow administrators to perform refunds or enroll customers in a recurring payment plan. Establishing the proper hierarchy for your dealership means staff can access transaction histories, batches, and cumulative reports on a need-to-know basis, and every action is associated with the user who performed it. Employees are held accountable, and audits uncover workflow patterns that can catch suspicious behavior before it’s too late.
Narrow PCI Scope
For dealerships, there are several payment-related laws and standards to abide by. Yet, compliance spans beyond payments, so why wouldn’t you utilize a tool that could alleviate some of the work for you?
Let’s focus on PCI compliance for any business that stores, processes, or transmits cardholder data within PCI scope. If you internally store any customer payment data, whether in a filing cabinet or on your servers, you are within scope and likely in breach of PCI standards. Failure to comply can pose a heavy cost to your dealership.
As a controller actively working to keep costs down, it is in your best interest to opt for a secure, cloud-based payment system that significantly reduces your dealership's PCI scope.
Using a cloud-connected gateway with a Virtual Terminal that supports tokenization means card data never passes through—nor is stored on—computers and other systems at the dealership, which protects the business from data breaches and simplifies PCI compliance.
Fight Fraud
The 2015 EMV liability shift means businesses may be liable for lost and stolen counterfeit card fraud when a chip card is used on a magnetic swipe terminal. The incentive to upgrade your credit card processing software and hardware, along with the rollout of EMV and the liability shift, offers additional security to protect your business from fraudulent transactions.
A chargeback typically occurs when a customer disputes a transaction with their bank. Disputes can arise from various reasons, such as dissatisfaction with the service, billing errors, or fraudulent credit card use. When a chargeback is initiated, the bank refunds the transaction amount to the cardholder, and the business must provide evidence to contest the chargeback if it believes the dispute is unwarranted.
You can take an extra step to ensure payment security for payments taken over the phone by employing remote signature capture. Emailing or texting a digital invoice lets your dealership obtain a signature and gain buyer intent. These signatures are helpful when a customer disputes a transaction, protecting you from chargebacks.
Opting for fraud-fighting payment tools can elevate your dealership’s payment security and give you peace of mind that you’re keeping up with the industry.
How PayJunction Helps
PayJunction gives controllers tools that allow them to quickly and easily set controls and monitor, assess and address issues related to errors, security, and fraud. They gain knowledge of user-level access and activity related to cash drawers, payment systems, and customer details.
PayJunction protects card data through advanced security technologies, including EMV, encryption, and tokenization. All transactions are securely processed and stored in the cloud. We operate a Level 1 PCI Compliant data center, the highest level of compliance for a Service Provider under the PCI-Data Security Standards.
Visibility into system access, user roles, and audit controls of the entire payment process mitigates risk, reduces fraud, and delivers peace of mind.
Ready to upgrade your dealership’s payment security?
How do you maintain your dealership's payment security today? Tell us in the comment section below!
Editor's Note: This post was originally published in October 2019 and has been updated for comprehensiveness and accuracy.
