LAS VEGAS – Experts in auto finance fraud and cybersecurity paint an alarming picture of bigger and more sophisticated waves of digital scams at the recent American Financial Services Assn.’s Vehicle Finance Conference just before last week’s NADA Show here.
I don’t think everybody here should be sleeping well at night,” says Justin Oesterle, CEO of RouteOne, in a panel discussion “Sleep Better at Night: Executing a Resilient Cyber Program.”
RouteOne, Farmington Hills, MI, is an F&I software provider for dealers and lenders. It’s a joint venture of Ally Financial, Ford Motor Credit, TD Auto Finance and Toyota Financial Services.
Lenders and dealers should be concerned about fraud, but they can’t afford to be so scared and uncomfortable with the topic that they fail to act. They still need to do whatever they can to limit fraud, such as training their employees, Oesterle says.
“It’s not going to end. Don’t be scared into inaction,” Oesterle says. “And act!”
Experts say much of the latest activity in auto finance fraud and cyberattacks revolves around thieves playing technological leapfrog with lenders, dealers and consumers.
For example, lenders and dealers are starting to use artificial intelligence to predict which accounts might be fraudulent. But thieves are also using AI to find ways to hack into lender, dealer and consumer data, says Richard Tsai, market head for Product Marketing for Global Fraud Solutions at Chicago-based credit bureau TransUnion.
“Criminals are using AI against lenders,” Tsai says in a separate panel discussion, “Lies & Loans: What’s on the Vehicle Finance Fraud Horizon?” For example, AI can be used to produce convincing but phony photo identities for so-called synthetic identities.
Synthetic identity means cobbling together an identity out of stolen fragments of legitimate identifying information, such as one person’s name and another person’s address.
Capt. Brian Cole of the Las Vegas Metropolitan Police Dept.’s Theft Crimes Bureau says fraud attempts are definitely on the rise in his area. He says the police usually catch would-be identity thieves once the police are called, but they rarely nab higher-ups who set up the purchases.
“The more we see AI involved, the more (security experts are) going to have to work” at lenders and dealerships to corral scams, Cole says during the “Lies & Loans” panel discussion.
Even with all the emphasis on new technology, it still holds true that the vast majority of computer system intrusions begin with a legitimate employee breaking or neglecting internal rules against opening emails and attachments without verifying they are legitimate.
That’s according to Carolyn Purwin Ryan, a partner with Mullen Coughlin, a Devon, PA, law firm that specializes in cybersecurity.
“The human factor is a big part of it,” she says during the “Sleep Better” panel. “It ultimately comes down to whether you are going to click on that email.”
William Orange, vice president, Information Technology for Nissan Americas, says in the same panel that 86% of stolen credentials are the result of insider users clicking on phony emails, downloads and other phishing attempts.
Orange says, “I try to drive home to everybody at Nissan, to think before you click.”