Like many cities in the U.S. we have several local network affiliates, ABC & NBC are IndianasNewsCenter and CBS is WANE. These local affiliates have short news segments that do investigative journalism. The most notable report recently was an expose on whether or not you are really getting the fish you ordered from local restaurants.
The journalism is good if not a bit wasted on the frivolous. True, I want the fish I ordered not some generic whitefish at tilapia prices but granted not something that would ruin my life or finances. However, recently WANE ran an investigative report on online fraud via CraigsList or eBay. This is certainly an important report if nothing else it raises awareness and gives people some critical thinking tools to use. Unfortunately the Internet in this case is nothing more than a new mechanism for the same old kinds of fraud.
What I think is a bit more interesting when it comes to online fraud is the new ways businesses can cut corners and therefore become grossly negligent. It was recently brought to my attention that several local used car dealers have online credit application forms. Nothing unusual there. However these dealers are asking for extremely personal financial information and are not providing any security for your information.
Before I continue let me provide just some of the most basic online security information. When you fill out a form on the internet, for example, an online credit application and click the Submit buttton you are packaging your information into an envelope (technically a whole bunch of little ones) and transmitting it back to the retailer, in our instance the car dealer. However, in order for your letter to go from your computer to their computers your envelope must pass through a whole bunch of intersections, highways and traffic cops, we’ll call them “hops”. Most legitimate “hops” will simply look at the address on the letter and send it on it’s way, however, anyone of those “hops” has the option to actually open that letter and read the contents.
Well that’s obviously not very safe for private information, so someone invented a way of sharing a password or key between your computer and the car dealers computers. This password is then used to scramble the contents of the envelope so that now your letter contains a bunch of gibberish. The only thing anyone is allowed to see at those “hops” is the address, if they look inside the envelope all they see is gibberish. When your envelope arrives at it’s destination the car dealer’s computer knows which password to use and it unscrambles the message into something readable. Your private information is being transmitted securely through a public space. Think of it like a Brinks armored truck, the most you could ever find out is that something very important is going from Point A to Point B.
So what I tell people when they ask me how do they know whether their online transactions are “safe” is the following:
- Do you trust the company you are doing business with? Are they well known?
- When you are putting your credit card or personal information in the computer, does it say https:// in the address bar? And, most importantly, does it have the Gold Padlock?
If you answer No to any of these questions then I would not proceed. The answers to #2 aren’t quite as black and white but for the average Joe, I say “It’s a no go!”. It rhymes so it must be so. Ha, I rhymed again. Doh!
So now that you are armed with that bit of information let’s continue our conversation about our local car dealers. In order to provide this level of security your car dealer of choice must set themselves up to swap those passwords or keys between your computer and their computers. This method generally involves the exchange of an SSL certificate (this is the secret password or key). But because of how important these certificates are they can be a bit expensive and require some special setup to get them to work on a car dealers website.
I did an informal survey of local car dealers with a website in the Fort Wayne, Indiana area. Most of the used car dealers (even some dealerships like O’Daniels) simply provide a downloadable form that you print out and fill-in. Some used car dealers provide a secured, online credit application Best Deal Auto Sales and Preferred Auto Group. I give them kudos for providing excellent customer service even if their customers may not know it.
Bart’s Car Stores, a fairly well known local dealer, appears to be trying but fails to give me confidence that their online credit application is actually secured. When you go to their online credit application you get a warning that both secured and unsecured content appears on their credit application and no padlock is provided in my browser (which means my browser does not believe this is a secured transaction), despite the https:// in the address bar. As an uber-dork I can tell this page is actually protected but the average Joe could easily get scared off.
Dimension Ford provides a secure online application form but does it in such a way as to actually hide the fact that their form is secure. It is but it sure doesn’t look like it. Sure you can scroll to the bottom and it tells you it’s secure. I’m also a rainbow-farting unicorn.
But by far the absolute worst offenders and I would say the most negligent are the following, Instant Auto Finance (the one my friend told me about) as well as State Automotive Group and Professional Auto Sales. Each of these 3 websites appear to be professionally-created so one of 2 things has happened (or both), either the professional web development companies that were employed to provide these websites are unaware of the risks in transmitting people’s social security, address and employee history through Internet, which I doubt, or the individual car dealers “opted” not to pay for this additional service.
Gross negligence and the cutting of corners will always outweigh the overt frauds in the world. At least in a fraud situation there is an obvious victim and bad guy. When it comes to negligence, there are only the uncaring and uninformed.