Security Standards

With the explosive growth of the Internet and e-commerce, DealerCentric acknowledges that personal privacy is imperative for a progressive relationship between Internet users and Internet-based commerce. DealerCentric Solutions is committed to protecting the personal privacy of customers while providing our clients and strategic alliance partners a web-based secured application service provider platform.

Preserving the integrity of consumer financial information is our most fundamental responsibility. We safeguard financial data according to established GLB, FCRA and Red Flag security standards and procedures. DealerCentric credit application products include detailed Disclaimers, Privacy and Security Policies along with consumer certification and authorization statements.

DealerCentric maintains a Certificate of Compliance for Security Standards and Audit Procedures from an independent security audit firm. The certificate ensures the security and confidentiality of consumer information and meets the highest standards in the industry, forgoing the scrutiny from state and federal law officials and Credit Repositories of data companies who buy, sell or store consumer data for its clients.

System Security

DealerCentric has taken extraordinary steps in protecting consumer data by encrypting the entire database while at rest. This means that even if thieves were able to penetrate the many layers of security firewalls between our web farm servers and database servers and gain access to the consumer files, they would not be able to unscramble the data into readable format.

Physical Security

The DealerCentric Solutions web and ASP platform is hosted and maintained at an undisclosed US Government Data Center's 65,000 square-foot facility. The facility provides IT systems for Counties, its agencies, municipal governments, and other multiple states county and city governments. Excess facility capacity has been contracted to provide physical technology security to certain private enterprises such as DealerCentric Solutions.

The facility operates as a regional government disaster recovery center built to withstand fires, damage to fire lines and destructive forces of nature. The facility is equipped with state-of-the-art air conditioning and cooling, flooring, humidity control, air flow and filtering, telecommunications, electrical, fire suppression, water detection and security systems.

The building is constructed to withstand earthquakes of up to 8.0 magnitude, supported by rigid, steel frame construction and earthquake-resistant bracing. At the center of the data center's catastrophic preparedness plan is an uninterrupted power supply (UPS) system. The UPS is a self-contained, parallel transfer system that consists of a Caterpillar generator with battery back-up, a 12,500 gallon diesel fuel tank, and fully redundant switching and power evaluation components. The system automatically switches from utility power to generator supply and back.

Is Your Online Credit Application Secured?

Preserving the integrity of consumer financial information and safeguarding financial data in a secured environment is a fundamental responsibility of auto dealers and their technology service providers. Incorporating the following three steps into security policies ensures protection of confidential consumer financial information.

First Step

Use secure browsers to protect consumer privacy while accessing dealer credit applications. The personal data that is conveyed between consumers PC's and the dealer must be encrypted during transmission. Encryption is the process of scrambling information (typically for data transmission) so it can only be reconfigured in its original format by someone with access to the appropriate encryption key such as the dealers technology service provider. An unsecured URL begins with http://www while a secured URL begins with https://www. Also, a secure certificate displayed on the web-page enables consumers to verify the identity of where their data is going.

Second Step

Protect consumer data by encrypting the entire database while at rest on Dealers' technology providers' computer servers. This means that even if thieves were able to penetrate the many layers of security firewalls and gain access to consumer files, they would not be able to unscramble the data into readable format.

Third Step

Assure physical security. Access to computer servers at the physical storage site must be restricted to authorized personnel with security badge identification checked at multiple security checkpoints before reaching server rooms. The server rooms must be constructed for disaster recovery, built to withstand earthquakes, fires, damage to fire lines and destructive forces of nature. The facility should be equipped with state-of-the-art air conditioning and cooling, flooring, humidity control, air flow and filtering, telecommunications, electrical, fire suppression, water detection and security systems.