Skip navigation

Industry Debates DMS Security

So, what is the deal with the Reynolds and Reynolds Co.'s third-party integration strategy?

So, what is the deal with the Reynolds and Reynolds Co.'s third-party integration strategy?

Simply put, Reynolds wants to control and limit the access third-party application providers have to its dealer-management systems. That's not necessarily a bad thing but, ultimately, the strategy may mean fewer application providers for dealers to choose from along with higher costs. The plan started a hot debate that began last spring and is showing no signs of subsiding.

Several third-party companies are fighting to maintain their access to the Reynolds' DMS. They formed a coalition last year, Open Secure Access Inc., to create a united front and to put pressure on Reynolds. After several discussions last spring, OSA convinced Reynolds to reduce some of its pricing and to back off on its timing of fully implementing the strategy.

But Reynolds' strategy appears to have changed since Bob Brockman's Universal Computer Systems acquired it last October and that has created a lot of confusion.


Let's put some historical context to the debate. Access to the DMS has long been an issue for dealers but the problem was how to keep OEMs from having too much access to their data. The National Automobile Dealers Assn.'s technology committee published a paper on access to the DMS several years ago that dealt with that very question. “We never thought the DMS companies would be the culprit,” says one of the paper's authors.

The same author, though, admits he's not counting a certain southwestern vendor as one of those DMS firms. He refers to the early 1990s, when a dealer wanted to switch from that system to another vendor, the firm would make it almost impossible by charging an obscene amount of money to allow the other vendor access to download all of the data.

Some enterprising dealers downloaded the data before notifying the company they were switching. The vendor then countered by encrypting the data so when it was downloaded, it was unusable.

A Lincoln Mercury dealer in Ohio started the current fracas in 2005 when he ran a report of companies logging onto his DMS. He discovered Digital Motorworks, a subsidiary of ADP, whose specialty is data extraction and integration, was dialing into his system after hours. Further investigation revealed DMi had sold vehicle repair data it extracted to Carfax Inc., a firm that provides used-vehicle reports to customers.

Although DMI's practice did not exceed the law or the contracts ADP had with its dealers, many dealers felt it violated the spirit of their contracts. As a result, North Carolina dealers moved quickly to get their state to pass a law that established rules for the mining of data on the DMS.

Seeing an opportunity to take a shot at its rival, Reynolds began a marketing campaign in the fall of 2005 telling dealers, “It's Your Data.”

But Reynolds also saw the issue as a potential profit generator, according to several former employees. A few days before the NADA convention in 2006, Reynolds introduced its new data security strategy at a dealer Twenty Group meeting. The plan, called Reynolds Certified Interface (RCI), created varying levels of access for third-party firms.

The Plan

At the most stringent level, vendors, for a cost — reportedly as high as $20,000 (some firms have put the cost as high as $80,000) could apply to become certified by Reynolds and, as a result, have relatively open access to the DMS. In addition to the “entrance” fee, Reynolds also would charge a toll for each data type extracted from its system. Also, with Reynolds' new Data Security Check software, dealers would be able to monitor and control which companies had access and the type of data being accessed.

Dealers also could name specific vendors they wanted to have access, even if they were not certified. But there would be a significant cost for the vendor.

A third level provided dealers with complete control, also, made them completely responsible for any legal issues arising out of how the data was used.

Ironically, ADP announced a similar plan this year during a panel discussion I moderated with Wayne Fortier of Dixon Hughes PLLC with DMS vendors at the National Automobile Dealers Assn. ADP's plan, though, according to several vendors does not charge anywhere close to the amount Reynolds was proposing.

But Reynolds' plan appears to have changed now. Instead of three levels, there now are two. Reynolds wants to extract all of the data dealers want provided to their vendors, instead of allowing true integration. And apparently this extraction will come at a sizeable cost. Smaller vendors, such as Arkona and AutoSoft, will extract data for their dealers at no cost.

A second level, recently announced by Reynolds, is that it will allow dealers to download data to a PC in their dealerships. Dealers then can provide the data to their third-party application vendors. This method, essentially, is just running reports off the DMS. The problem here is that many dealers say Reynolds report builder functions leave a lot to be desired.

Reynolds plans to accomplish its goal by first removing the modems currently in all of its dealerships, which is a primary way third parties use to get access. This likely will take the company much longer than it plans. There are too many other issues resulting from the acquisition that are demanding the attention of senior management.

There are dealer groups and some vendors that say Reynolds' plan is a sound one. To Reynolds credit, security does need to tighten around the DMS. The lack of DMS security is one of the industries dirty little secrets.

Reynolds is the only company drawing attention to the lack of security in the DMS — even though, it is a situation it has helped create.

The complaint is the cost, which is prohibitive to many firms. And there is the Brockman factor, which creates a lot of uncertainty.

One thing is certain — this is a story whose ending has yet to be written.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.