In the wake of Capital One Financial’s data breach, auto lenders should evaluate ways to tighten up cybersecurity and identify points of vulnerability.
The breach compromised 140,000 Social Security Numbers, and 80,000 bank account numbers were made available, according to the bank. However, the impact might be “somewhat contained,” said Brian Landau, TransUnion senior vice president.
“We believe it is unlikely that the information was used for fraud or disseminated by this individual,” the bank noted. “However, we will continue to investigate.”
Yet, the threat alone should be enough to prompt auto lenders to double-check their cybersecurity practices, said Jeremy Acevedo, Edmunds‘ manager of industry analysis.
“On the heels of a wave of massive data breaches, the auto loan industry needs to redouble security and search for any points of vulnerability,” Acevedo said. “With so many involved parties in the auto loan process, it is imperative to get buyers, dealers and lenders on the same page.”
To that end, lenders should ensure that dealer partners are taking the necessary measures to prevent cyber attacks, Landau said. The best tip for lenders is to move away from sharing consumers’ SSNs on the internet via their dealerships’ online financing. Landau also noted that consumers may shy away from a lender’s online portal if they have to share SSNs. In fact, a lender can give a consumer a prequalification with just a name and physical address, he said.
CreditMiner, a company that provides bureau data to dealership partners, argues that a consumers’ SSN should be shared in person at the dealership once the consumer is ready for a qualified offer.