GLBA Amendments Call for Change to Non-Compliant XML/ADF Format
OEMs and Dealership Service Providers (DSPs) across the market work with multiple types of lead providers who are collecting online consumer information also known as Personal Identifiable Information (PII) which includes Name, Address, Phone, and Email. In some cases pre-qualifying credit information or financial information related to a vehicle transaction is also being collected and exchanged by lead providers.
Consumer data from online forms is commonly exchanged using a universally known data format called XML/ADF. This data format uses a non-encrypted MIME/SMTP transfer mechanism meaning its open and readable data that is vulnerable to being intercepted or accessed. Simply put, XML/ADF is not secure and is a liability to your dealership.
Under the 2022 amendments to the Gramm Leach-Bliley Act, Dealers are now liable and subject to significant fines for any data that is sent unencrypted and insecurely.
This puts the onus on the DSPs to ensure they are providing their Dealer clients with proper protection when sensitive financial information is collected and moved downstream to non-affiliated 3rd parties.
But are all these DSPs equipped and ready to support the changes needed to be GLBA compliant?
To be ready for GLBA DSPs need:
- API endpoints to support a more sophisticated encrypted transmission of this data
- Protocols and processes put in place to enforce proper authentication and authorization
- Coordination with each company that is sending lead data, working to get them moved over to the more secure transport method etc…
These things take time to build, coordinate, contract and execute on. It will take a lot of work to manage it all day in, day out, but someone will have to make these technical changes to ensure that consumer information is being properly handled and dealers are not put at risk.
GLBA is yet another example of the increased requirements for system and data integration in the automotive retail market. These types of “requirements” will continue to challenge our ecosystem because the changes don’t just impact one company or system, they have a cascading effect that impacts many.
If the past holds true, we will attempt compliance by all going at the problem with a wave of proprietary technology and approaches brought forward by the systems consuming the lead data. The STAR data format could help but not without modification, it’s not an easy off the shelf solution either.
Do we really need an uptick in development work for lead providers who will need to hook into all of the systems that will now offer APIs so that XML/ADF data can be securely sent across the wire?
In other industries, Integrators play value added roles to solve these types of problems, yet automotive retail has routinely taken a different approach. One that adds cost, complexity and time to the equation.
Without a true standardized API gateway that helps to translate all of the lead form data into the downstream lead consuming systems, a bottleneck that prevents progress (and compliance) is inevitable. And the dealers will pay the price.
All of us, including OEMs, software companies and dealers need to be thinking smarter about how we can best solve integration problems as an industry. These types of requirements are not going away.
Motive Retail™ is a leading integrator focused on modernizing the automotive retail experience by enabling real-time data flow between all parties in the ecosystem. We can help ease the burden of becoming GLBA compliant using our Motive Integrator Suite™ of high-performance integration tools.
Leave a Comment