COMMENTARY: Considering data security in the times of COVID-19
The global outbreak of COVID-19 and the subsequent shutdowns across our nation have made an unprecedented impact on lenders and the way they conduct business. From the pandemic’s onset, lenders have faced multiple external and internal challenges, and they continue to struggle months into the outbreak.
For auto lenders, this means that previously developed processes and long-established ways of conducting business may no longer work. To adhere to stay-at-home orders and social distancing requirements, auto lenders have had to quickly pivot to create new, touchless processes to work with borrowers remotely and account for possible delays at Department of Motor Vehicle (DMVs) locations. The implication of such a pivot is the need for the rapid adoption of automation. This includes process digitization, rethinking customer experiences, and scaling internal teams to accommodate the growing amount of work from new lending opportunities, like the Small Business Administration’s Paycheck Protection Program, or the increase in auto repossessions. Many lenders are looking to their vendors to help manage the auto titling work and adjust to the imperatives of digital business processes.
With any change, challenges are sure to follow. As the number of defaults grows, so does the need for automation to ensure auto lenders minimize errors and properly manage regulatory compliance — something that is now more critical than ever. Lenders, and by proxy their vendors, must also keep data security top of mind while having teams working remotely. The pandemic has already prompted an increase in cybercrime and fraud, and that trend may only get worse as unemployment rates remain high. As auto lenders continue to adapt to a new normal in a COVID-19 world, where should they focus their efforts?
The new normal for auto lending
Auto lending was the second fastest-growing asset class pre-COVID-19, with $1.3 trillion in total balances. This strong growth stemmed from over a decade of slow unemployment and a stable prime market. Increased consumer confidence also led to higher than average loan amounts and strong sales in the luxury sector. Post-COVID-19, we are likely to see a drop in auto loan originations, many payment deferrals put in place, and refinancing to help offset auto loan debts for consumers.
It’s important to remember that DMVs are also adjusting to the new ways of business by prioritizing transactions based on their criticality. For example, an expired driver’s license would likely take priority over a vehicle lien. Rules are being tightened and enforced more vigorously than before, leading to a surge in rejected titles. Some DMVs have updated the required forms, fees, and jurisdictional requirements.
Lenders are also operating in a new way, many with reduced staff or some staff continuing to work remotely. With both DMV and lender resources constrained or seriously stressed, auto lenders are at a greater risk of non-compliant titling. When lenders look to their vendors to handle titling work, capabilities in automation, data security, and process digitization can make all the difference.
The road to recovery starts with data security
For many lending institutions, the pandemic has fast-tracked their digital transformation. The ability to complete titling work effectively and efficiently, no matter the location, ensures customers have easy access to lending and banking services without having to visit a branch location. This shift has made it critical for lenders to move toward automation to remain competitive and profitable. Additionally, as more Americans lose their jobs, borrowers will have less liquidity, and lenders will likely see higher auto defaults and repossessions. This, too, will accelerate the drive to eliminate in-house, manual, and paper-based processes to better manage a higher volume of repossessions.
However, the transition to remote work has presented cybercriminals with new opportunities to steal personal identifiable information (PII) and other secure data. According to a recent report from Microsoft, COVID-19-themed cyberattacks spiked to nearly a million a day during the first week of March. Fortunately, those numbers have since declined, but it is a good reminder of how important it is to stay diligent with protecting client data.
Sending and receiving data is an essential part of vehicle and equipment titling. Each time a lender sends sensitive information outside of its network, the organization is exposed to risk. Partnering with a provider that ensures data security is imperative. Lenders should also strongly consider using Application Programming Interfaces (APIs) with end-to-end encryption to reinforce security. End-to-end encryption is the most secure way to communicate and share confidential information online. By encrypting data at both ends, it prevents anyone “in the middle” from intercepting private communications or PII that could lead to identity theft.
Consider your vendors’ adherence to your data security standards
All lenders recognize the importance of data security. Still, effective control must extend beyond the boundaries of your organization to include the various third parties that have access to your systems and data. Since an API is a gateway to your data, your vendors must use the most up-to-date Transport Layer Security (TLS), which provides end-to-end data security during communication over a network. Older versions are more easily comprised.
One way to ensure that your vendor’s encryption is secure and compliant is by partnering with a Service Organization Control (SOC) compliant organization. A SOC 2 audit evaluates internal controls, policies, and procedures that directly relate to the security of a system at the service organization. A SOC 2 designation confirms that the service organization is compliant in the following areas: security, availability, processing integrity, confidentiality, and privacy (also known as trust services criteria).
Remember, data security is only as strong as its weakest link. By ensuring that vendors are secure and compliant, lenders can more effectively control their risk.
In the best of times, titling is complex and challenging because of the varying requirements across all jurisdictions. Add a global pandemic and state shutdowns into the mix, and the challenges increase exponentially. The pandemic has also caused a massive spike in cyberattacks, and auto lenders are not immune to the risks. As more and more lenders move their business online, security has become an even greater priority for lenders, making it critical to choose the right partner for data security and transaction transparency. Vendors who become an extension of lenders’ teams must be subjected to the same level of scrutiny to ensure proper data security.
During this time of uncertainty, automation and working with the right partner can help alleviate the challenges associated with growing data security concerns, team scalability, and remote work. In addition, a sound data security approach can enable lenders to continue processing titles, even in those jurisdictions where DMVs are experiencing huge backlogs or only provide limited services.
Travis Ellis is the product owner for motor vehicle at Wolters Kluwer Lien Solutions and can be reached at Travis.Ellis@wolterskluwer.com. Marina Hardy is the product marketing associate director for motor vehicle at Wolters Kluwer Lien Solutions and can be reached at Marina.Hardy@wolterskluwer.com.