Auto Dealers
FTC Safeguards compliance and cybersecurity for auto dealers
Auto dealerships handle credit applications, Social Security numbers, and financial records every day. The FTC Safeguards Rule requires a written information security program — and the FTC is actively enforcing. We build and manage your compliance program so you can focus on selling cars.
What the FTC Safeguards Rule requires of auto dealers
The FTC Safeguards Rule (updated June 2023) requires auto dealers — as financial institutions under the Gramm-Leach-Bliley Act — to implement a comprehensive information security program to protect customer financial data. This isn't optional, and the FTC has signaled aggressive enforcement with consent orders and fines against non-compliant dealers.
Beyond the federal mandate, cyber insurance carriers now require many of the same controls — MFA, endpoint detection, tested backups, and an incident response plan. Dealerships that can't demonstrate these controls face higher premiums or outright denial of coverage.
Note: The FTC has already taken enforcement action against auto dealers for Safeguards Rule violations. Every dealership that handles customer financial information — credit applications, financing paperwork, insurance forms — must comply.
Key requirements
- Designate a Qualified Individual to oversee your information security program
- Conduct a written risk assessment of all systems handling customer financial data
- Implement access controls — limit who can view credit applications, SSNs, and F&I records
- Encrypt customer information at rest and in transit
- Implement multi-factor authentication on all systems accessing customer data
- Develop and test an incident response plan
- Provide security awareness training for all dealership staff
- Monitor and log access to customer financial information
How we get your dealership compliant
We don't just hand you a checklist. We build and manage the entire compliance program so it actually works — during your busiest sales months and every other week of the year.
FTC Safeguards Risk Assessment
Comprehensive written risk assessment covering your DMS, F&I systems, credit application workflows, and customer data stores — mapped to the specific controls the FTC requires.
Security Policy Development
Written information security policies and procedures customized for dealership operations — from the sales floor to the finance office to the service department.
Technical Safeguards
Endpoint protection, email security, MFA, encryption, and network segmentation implemented and managed across your dealership — including desktops, tablets, and shared workstations.
DMS & F&I System Security
Security controls for your dealer management system and F&I platforms — access controls, monitoring, and data protection for the systems that handle your most sensitive customer data.
Staff Training
Security awareness training tailored for dealership teams — sales, F&I managers, service advisors, and office staff each get role-specific guidance on protecting customer data.
Ongoing Compliance Management
24/7 monitoring, annual risk assessments, policy updates, and incident response planning to keep you continuously compliant with FTC Safeguards requirements.
"When we heard the FTC was cracking down on dealerships, we knew we needed help fast. LevoySec got us compliant with the Safeguards Rule and now we have real security in place — not just a policy document collecting dust."
Why auto dealers choose LevoySec
We understand dealership operations
From DMS platforms to F&I workflows to service department systems, we know the technology dealerships rely on and how to secure it without disrupting sales.
Customer data protection
Credit applications, SSNs, driver's licenses, and financing records — your dealership handles highly sensitive data. We implement the controls to protect it end to end.
FTC Safeguards + cyber insurance
The FTC mandate and insurance carrier requirements overlap heavily. We satisfy both with a single managed program — no juggling multiple vendors or duplicating effort.
Ransomware prevention focus
Dealerships are high-value targets — a single ransomware attack can shut down sales, service, and F&I for weeks. Our layered defenses are designed to prevent and contain attacks before they spread.
Flat, predictable pricing
No hourly billing, no surprise invoices. You know exactly what security and compliance costs each month, making it easy to plan and budget.
Veteran-owned, remote-first
We serve dealerships across the US without geographic limitations. Veteran-owned and built on integrity — we say what we'll do and we do what we say.
Protect your dealership and your customers
Book a 30-minute discovery call. We'll review your current FTC Safeguards posture and outline exactly what your dealership needs to stay compliant and secure.