Pub. 5 2024 Special Edition

Regardless of the method, it’s important to uncover and remedy a problem as quickly as possible. Fraud doesn’t always trigger immediate alarm bells, but the longer it’s left undetected, the higher risk it presents. A recent survey showed that organizations identified 31% of reported fraud incidents within one to four weeks, while 22% took a month or more to discover.3 Early detection is important, but preventing fraud and cybercrimes from happening in the first place is ideal. All major dealer management systems provide a daily reconciliation module, which is an effective tool to catch fraud faster. As an example, it recently took a dealer 45 days to identify a fraudulent attack, which could have been found in 10 minutes if they had reconciled their account. SHORE UP YOUR DEFENSES Auto dealers, like all businesses who handle consumer financial data, must comply with the Federal Trade Commission’s Safeguards Rule, which took effect in 2023. Your defensive actions should align with the security measures you’ve already taken for compliance with the Safeguards Rule. Consider people, processes and technology to create a comprehensive plan. People are your first line of defense. Make employee education a top priority. Train all staff to recognize the latest social engineering schemes and follow these security basics: • Don’t open suspicious emails or unexpected email attachments. • Be cautious when sharing personal or dealership information online. • Conduct online business via secure networks and internet connections only. • Verify any suspicious requests that purportedly come from staff, vendors, suppliers or other business partners. • Design financial process tasks to maintain strict segregation of duties — the staff member who initiates a task should never be the same one who approves it. Processes to safeguard company finances are another critical defensive measure. Start with the payment methods you choose. When possible, replace checks with a more secure medium, including credit cards, ACH and Real-Time Payments (RTP®). And always store checks safely, even canceled checks. If your dealer management systems have the capability, moving to Integrated Payables is another way to reduce financial risk. Integrated Payables allows you to streamline the payments process by sending all vendor payments in a single, secure electronic file to the bank, saving you from having to upload multiple files. As the bank distributes the payments based on predefined criteria, it can flag potentially fraudulent transactions. (Note: Seek expert help to ensure smooth platform integration with dealer management systems.) Follow these safety guidelines when making wire transfers: • Don’t rely on emailed or faxed instructions alone. Always obtain voice verification from an authorized person, at a known phone number, to confirm wire instructions. • Implement dual controls before approving a wire transfer, have one person receive the instructions, and another authorize the release. • Use the bank’s wire template for repetitive transactions. • Be suspicious of urgent requests. Scrutinize ACH payments: • Verify authenticity and ownership of bank routing and account numbers. • Perform daily reconciliation on ACH debit accounts. • Separate file processing from file creation and maintenance. • Restrict access to payment data forms and records. • Use the Truist ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports. Designate specific bank accounts for distinct types of transactions. Segregating accounts makes it easier to spot suspicious activity. You can block wire and ACH activity on accounts not designated for those purposes. Technology is the third part of your cybersecurity program. Reduce the risk of fraud activity and cybercrime by following these technology best practices: • Keep technology systems, devices and software updated with the most current security protections. Install patches and updates as soon as they are available. • Regularly back up dealership data and store backups securely. • Limit access to devices and sensitive data to authorized individuals. • Use single sign-on systems (SSO). • Mandate the use of strong passwords and two-factor authentication. • Establish a cyberattack response plan. • Get cyber insurance and work with your insurance provider to further reduce risk. CREATE AND PRACTICE AN INCIDENT ACTION PLAN Designate an incident response team to develop and maintain your response plan. The team should extend beyond your IT department and include senior managers, as well as essential staff from key operational areas. Make sure you know who you’ll contact for external resources and expertise. Your go-to list could include: • Cyber incident response experts. • Communications and public relations professionals. • Data forensics experts. 22 Virginia Auto Dealer

RkJQdWJsaXNoZXIy MTg3NDExNQ==