GLBA Act:

The Gramm-Leach-Bliley Act

Shield protection

Background:

The GLBA Act: The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, including car dealerships, to safeguard sensitive personal/customer data.

GLBA-covered businesses, which include Automotive dealerships,  have until December 9 to implement significant changes to their information security programs as required by the recently amended GLBA Safeguards Rule, amended in Dec of 2021.

The changes to the rule took effect in January 2022, and the compliance deadline is December 9, 2022, however, to ensure compliance, we will be implementing our safeguards in mid-October.

Next steps:

As an auto dealership, you collect a range of personal information about your customers in the course of normal business. This includes information like an address, phone number, email, credit card number, social security number, and more. It’s important to understand that your dealership is subject to strict laws through the GLB Privacy Rule about how you can share this information.

As a result, any vendor or partner working with a dealer must make sure their  customer data, that may come in as a lead to our website, is protected under MFA (multi-factor authentication).  In addition, we can no longer send this data in an email to the dealer, this personal data must also be protected, which is why we will be sending a “notification of a lead” in the future, and asking dealership to log into the platform using MFA to access that data.

Learn More Here

Once implemented, the first time a customer or employee of the company that can access the location where this data is kept will need to choose to MFA (Multi-factor authenticate) in one of two ways.  They can download the Microsoft authenticator app and approve the request that way moving forward, or they can enter their phone number and receive a code each time they log in to the platform.

The first time a user logs in to the standard DealerSocket – DealerFire login page will get redirected to a page where it will ask the users to select their way of login, either by Phone or by using Microsoft Authenticator. User can select one or both the options, by checking one or both boxes.

Shield protection

Scenario 1:  Login Scenario by using Phone

While selecting Phone and clicking on Continue button, it should redirect to the page which asks for the registered number to send Verification code.

While selecting Phone and clicking on Continue button, it should redirect to the page which asks for the registered number to send Verification code.

Once we click on 'Send verification code' button, it asks to enter the code sent on the registered phone number. We also have additional functionalities to 'Verify Code' or 'Send New Code'.

Once you click on 'Send verification code' button, it asks to enter the code sent on the registered phone number. You also have additional functionalities to 'Verify Code' or 'Send New Code'.

Once we enter the correct code and click on Continue button, the login is successful.

Once you enter the correct code and click on Continue button, the login is successful.

Scenario 2:  Login by using Authenticator App 

Click on Authenticator App and click on continue button.

Click on Authenticator App and click on continue button.

It will redirect to the page that will ask for the code to verify.

It will redirect to the page that will ask for the code to verify.

Scan the below QR code using the Microsoft Authenticator App on your mobile phone to receive the code. Once we enter the correct code and click on 'Verify' button, it will take us to the home page.

Scan the above QR code using the Microsoft Authenticator App under Verified IDs on your mobile phone to receive the code. Once you enter the correct code and click on 'Verify' button, it will take you to the home page.