The Federal Trade Commission (FTC) issued updates to its Safeguards Rule, which require dealers to undertake steps to protect consumer’s sensitive and other personal data. The amended Rule’s requirements must be completed by June 9, 2023.
What is the Federal Trade Commission (FTC)? The Federal Trade Commission enforces antitrust and consumer protection law. Its mission is to prevent fraudulent, deceptive, and unfair business practices. The amended rule addresses the technological advances since the initial release of the Safeguards Rule in 2003.
In compliance with the amended Safeguards Rule, DealerBuilt is implementing a multi-factor authentication (MFA) procedure when logging into our system. This multi-factor authentication will be a combination of different factors, or methods, of authentication with every single login. Providing multiple credentials to verify a person’s identity during the login process can help prevent unauthorized access.
As of November 15, 2022, the FTC has extended their compliance deadline for certain FTC Safeguards Rule provisions from December 9, 2022, to June 9, 2023. We are targeting to have our MFA solution available by May 31, 2023.
We will provide more information on this page as it becomes available. Information will also be sent to you by email to alert you to update.
MFA stands for multi-factor authentication, which is a combination of different methods of authentication for use to log into a system. There are three main categories of factors:
MFA significantly boosts the security as one of the main methods of hacking is by gaining access to a user’s basic credentials such as their username and password. MFA is becoming a basic security standard, and we believe it is important to enforce this level of security enabling our customers to feel confident in the safety of their data and their business. In addition, the FTC is mandating MFA for systems as a measure of regulatory compliance, and we want to ensure our customers can fulfill their legal obligation.
The FTC Safeguards Rule goes into effect on June 9, 2023, and we want to ensure our customers can become compliant in accordance with this rule.
The FTC Safeguards Rule was put into place by the Federal Trade Commission in 2003 to help protect customer information and covers a variety of businesses that handle customer information. This rule was amended in 2021 to keep pace with current technology. The FTC has published guidance around how to comply with the new expectations and includes a number of requirements around data management and controls. You can read more here: FTC Safeguards Rule: What Your Business Needs to Know.
Over time, we expect this to be mandatory at all of our dealerships, but we are not enforcing all of our dealerships to start using it immediately. We will be working with you to find the right time to deploy the solution to your employees.
If you have a specific date by which you want it enabled or if you do not want it enabled until after a specific date, please let your account manager know. We are rolling out the feature to our customers now and will be informing them as the feature is scheduled to be at their dealership. Please know that when we activate it for your dealership, it is then mandatory for all users to use.
DealerBuilt has built a solution using AWS technology which is a trusted, highly scalable, and highly resilient solution. This solution will be provided through DealerBuilt and all users have to do is login and set up a second factor to enroll in MFA.
As you add new users, they will be prompted to set up MFA when they log in for the first time, so you do not need to take any additional steps.
We intend on rolling out codes sent via SMS that will only require a phone number and expect that will be released soon after the first release with the authenticator app.
The Rublon solution has been replaced with a new solution based on AWS technology which is integrated directly into our DealerBuilt applications. Each user can easily login and set up a second factor to enroll in this new MFA solution.
Yes. MFA protects against a remote attacker that has obtained a username and password to DealerBuilt. Solely relying on the MFA login on your computer will not protect the DealerBuilt system and its sensitive data. Each user will need to setup MFA within DealerBuilt using the login workflow.
DealerBuilt Customer Support team is available to assist with MFA.