During the past few years, the big DMS providers have been tightening security and limiting outside access to DMS data. Recently, CDK (ADP) announced their SecurityFirst program that includes the new Dealer Data Exchange. According to CDK’s website, “DDX is an innovative, easy-to-use suite of integration tools that allows dealers to monitor and manage data access on their DMS. Designed to give dealers more visibility of their data exchange with OEMs and third-party vendors, DDX is the first comprehensive data integration application offered by a leading DMS provider. “ DealerTrack DMS was one of the first DMS providers to provide this type of “self service” 3rd party access tool on their Data Exchange menu which expanded to be called “OpenTrack.” What does this mean for dealers? With the recent changes in DMS ownership and the pressure for profit, most DMS providers are looking for ways to increase revenue. I can remember the days when DMS providers charged dealers for each page that came out of a printer. Is it possible that the dreaded “click” charges will apply to sending and receiving data? Many web hosting sites and cell phone providers charge based on how much data is sent and received. Will data access be a new revenue source for the huge profit hungry DMS providers?
With today’s sophisticated hackers, everyone is terrified of a security breach. I just bought a card that goes in my wallet to mask the data being sent out by the new chip-enabled credit cards. Fortunately for dealers, the data in a DMS is not as desirable as data held by other retailers like Target and Home Depot. Some of the largest security breaches have involved credit card data. I don’t know any DMS system that holds credit card information and you should make sure your cashiers do not collect this data. If cashiers do take a credit card number over the phone, they should enter it into the reader while the customer is on the phone and do not write it down or enter into the DMS. Other past security breaches had an objective of gathering non-public information for identity theft. DMS systems can hold social security numbers of customers and employees, so that should be encrypted. Two of the larger insurance company breaches were minimized because the social security numbers were encrypted. Make sure your DMS system provides this feature. I still haven’t heard about a dealership’s DMS being hacked, but the best time to start thinking about what data your DMS holds is before it happens. According to Warren Buffet, “Only when the tide goes out do you discover who’s been swimming naked.”
What will these new DMS security measures mean for dealers? There might be a new liability shift. If a dealer’s data does get hacked, we’ll have a lot of finger pointing of who is responsible. When a dealer agrees to a program like CDK’s SecurityFirst and limits access to their data to only approved vendors, does this mean that CDK will provide dealers with liability protection in the event the data sent to a 3rd party is hacked or used in identity theft? Does their approval of a vendor mean that the vendor is safe for the dealer to use? No matter what, these new measures and certifications will probably mean that all 3rd party integrations will cost dealers more money per month or per customer.