2 December 2022
Q&A with a Product Expert: The FTC, New Safeguard Rules and Multi-Factor Authentication

By: Victoria Lieber
December 2, 2022

 

In a world where technology is everywhere from your doctor’s appointment to your showroom, it is important to keep your personal information safe and secure. Here at Gubagoo, we are constantly working to ensure that your data is safe and protected.

 

Recently, the FTC (Federal Trade Commission) imposed a new Safeguards Rule. In response to the new regulations, we are taking more measures to protect your personal information by implementing a Multi-Factor Authentication (MFA) system.

 

To answer your questions, we have conducted an interview with Tony Fowler, the Vice President of Product at Gubagoo. He is one of the team members in charge of overseeing the completion of this project and is our resident expert on MFA.

The Interview

Q: Hey Tony! It is great to have you here with us to help answer some questions about the new MFA system. Let’s start out with a basic question: what exactly is MFA?

A: Thank you Victoria, it is great to be here! MFA, or Multi-Factor Authentication, is a system of validating that the online user is who they are claiming to be when logging in somewhere. Traditionally, most log-ins only require a username and a password. If their information is compromised somehow through either negligence or a security breach, anyone could use that information to log in and steal that person’s account and related information. MFA combats this by adding another layer of security on top of the traditional login credentials. There are many things you can use for the extra layer of security, like fingerprints, security questions, email verification or facial recognition. 

 

MFA is made of at least two of these layers:

  • Something You Know – Your Username, Your Password, Security Questions
  • Something You Have or Possess – Your Phone, A Passkey Generator, Your Email Account
  • Something You Are or Inherit – Your Fingerprint, Facial Recognition, Other Biometric Scans

 

Q: How does the MFA login process work with Gubagoo?

A: We start off with the “Something You Know” section, which is going to be your username and password.  Once those are accepted, we will ask for “Something You Have,” which we will soon be able to do by sending a code to your phone via text or to your email. A valid code will then grant you access to your account.

 

Q: What is the benefit of adding MFA?

A: The answer to this one is simple— the added layer of security means that even if your password is stolen, no one will be able to access your account without also having access to your phone or email.

 

Q: Why are we required to have MFA?

A: The easy answer is we want MFA protection to make us more secure. Having additional layers of security naturally protects us, our customers, and the data we hold. We hold in our database some of the most sensitive consumer PII. We have a responsibility to protect that data for our customers and for us.

 

Q: What exactly is the new FTC Safeguards Rule?

A: In 2022, the Federal Trade Commission issued amendments to its’ Standards for Safeguarding Customer Information Rule, or Safeguards Rule for short. These amendments forced the auto industry in the US to adopt several processes, contract, and technology changes to meet the requirements for protecting their customer’s and other personal data. The specific requirement in play for this document is:

  • 314.1.C.5

Implement multi-factor authentication for anyone accessing customer information on your system.

For multi-factor authentication, the Rule requires at least two of these authentication factors: a knowledge factor (for example, a password); a possession factor (for example, a token), and an inherence factor (for example, biometric characteristics). The only exception would be if your Qualified Individual has approved in writing the use of another equivalent form of secure access controls.

 

Dealerships are required to comply with all tenets of the Safeguards rule by June 9, 2023 (this date was recently extended).

Access the FTC’s official resource here: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know
https://www.ftc.gov/legal-library/browse/federal-register-notices/16-cfr-part-314-standards-safeguarding-customer-information

 

Q: How long should it take to receive a MFA code?

A: We try to deliver MFA codes as quickly as possible. The delivery could take anywhere from a few seconds to several minutes depending on the speed of your email service. If you don’t immediately receive the code, try refreshing your email and checking your spam folder. 

 

Q: What should I do if I don’t receive a code?

A: After waiting a minimum of 5 minutes, you can select the resend option on the login screen. After two resend attempts, the system will notify you that you have reached the maximum number of attempts and will provide you with instructions for restoring access to your account. You should also notify your direct supervisor of the incident.

 

Q: Thank you so much for taking the time to answer these questions, Tony! My last question for you is, do you have any final tips or suggestions as to how to keep your login information secure?

A: It is my pleasure to help out, Victoria! I think the biggest tip I can give is to always follow security guidelines. When choosing a password, do not reuse one from another application. If you do, you risk having all of your accounts compromised if one account’s credentials are stolen.

 

Have a question that wasn’t answered in this article? Contact us at support@gubagoo.com