Qore Conversations
Transforming Dealerships: How a Unified Operating System (OS) Enhances Efficiency and Security
What if you could transform your dealership operations with a single, unified system? Join us as we sit down with Todd Smith, Founder and CEO of QoreAI, and Maarten Sundman, QoreAI’s CTO, to discuss their groundbreaking vision for a Dealership Operating System (OS). This episode uncovers the chaos and inefficiencies dealerships face with over 27 disparate software products and illustrates how a unified OS can streamline workflows, enhance data consistency, and bolster security measures.
Imagine reducing redundant information requests and enabling seamless collaboration between sales and used car managers. Todd and Maarten share compelling examples of how integrated workflows can elevate customer experience and trust, leading to higher lead quality and profitability. Learn how advanced tools like video calls can refine appraisal accuracy and how simplifying data entry can significantly cut down errors and transaction times.
Security is paramount, and this episode dives deep into the latest measures to protect Personal Identifiable Information (PII). Discover QoreAI’s innovative strategies like self-onboarding for consumers, zero trust security models, and robust permission-based access controls. We also highlight the importance of minimizing insider threats and adopting a least-access stance to ensure your dealership remains both efficient and secure.
Don’t miss this opportunity to gain essential insights into future-proofing your dealership operations.
For more information about QoreAI, visit our website: www.qoreai.com.
Follow Us:
www.LinkedIn.com/company/qoreai/
www.Facebook.com/Qoreai
www.x.com/qoreai
What if you could transform your dealership operations with a single, unified system? Join us as we sit down with Todd Smith, Founder and CEO of QoreAI, and Maarten Sundman, QoreAI’s CTO, to discuss their groundbreaking vision for a Dealership Operating System (OS). This episode uncovers the chaos and inefficiencies dealerships face with over 27 disparate software products and illustrates how a unified OS can streamline workflows, enhance data consistency, and bolster security measures.
Imagine reducing redundant information requests and enabling seamless collaboration between sales and used car managers. Todd and Maarten share compelling examples of how integrated workflows can elevate customer experience and trust, leading to higher lead quality and profitability. Learn how advanced tools like video calls can refine appraisal accuracy and how simplifying data entry can significantly cut down errors and transaction times.
Security is paramount, and this episode dives deep into the latest measures to protect Personal Identifiable Information (PII). Discover QoreAI’s innovative strategies like self-onboarding for consumers, zero trust security models, and robust permission-based access controls. We also highlight the importance of minimizing insider threats and adopting a least-access stance to ensure your dealership remains both efficient and secure.
Don’t miss this opportunity to gain essential insights into future-proofing your dealership operations.
For more information about QoreAI, visit our website: www.qoreai.com.
Follow Us:
www.LinkedIn.com/company/qoreai/
www.Facebook.com/Qoreai
www.x.com/qoreai
Welcome back to Core Conversations, where we discuss innovation and technology advancements and how they are shaping the automotive industry. In this episode, we'll be talking about the future of dealerships, operations, including dealership OS you heard that right integrated marketplaces, and dealership security and PII protection. That's personal, identifiable information for those noobs in the audience. Joining the conversation are Todd Smith, founder and CEO at Core AI, and Martin Sundman, who's a CTO at Core AI. Nice to see you guys.
Speaker 2:Hey, great to be here today.
Speaker 1:Yeah, excited to chat. Yeah, me too. I think this is going to be a great episode. We've broken this down into two segments, and segment one really takes on the future of dealership operations, something that you guys are really brand new to the taking as something brand new into the marketplace of dealers, the introduction to the dealership OS vision Like there must be a problem here that kind of sets that up. So I guess that'd be my first question Is there a problem with the current dealership software ecosystem that kind of made you guys go in this direction and, if that's the case, share a little bit of the vision there?
Speaker 2:Yeah, absolutely, Sean. It's a great question and we really looked at it from. Dealerships have lots of software. Average dealer has 27 plus products that they use to complete sales transactions and manage customer relationships, obviously, and the DMS space. So those spaces over the last 20, 30 years have been pretty well developed. But it left us what we call a messy middle of software that's disconnected and we felt a huge opportunity to start connecting up tools that the dealership uses every single day in their daily workflow inside the operations for us to really streamline and create velocity around deals. So we wanted to start by building this OS that would focus on a few key attributes for us. One was to start around identity verification critical, obviously, with all that's happened recently in the industry with hacks and fraud, et cetera. We wanted to also focus around secure document movement. So, as we're selling cars today and some people are remote, we found it super important how do we get information from the consumer?
Speaker 2:into the dealership securely, and depending on text and email is a terrible idea, as well as depending on the salespeople's individual and personal devices to transmit that kind of data. And finally, we saw also another opportunity around credit to be able to help streamline once you ID a customer, streamline credit and affordability and approval to match to the right inventory and ultimately move them through the credit app experience seamlessly. So we saw those first three as the core of our operating system and through that we know we'll expand through time.
Speaker 1:Very interesting. So this vision sounds like you guys saw an opportunity for a lot of unification and integrating. That you know. Right now, I think dealers still probably don't always realize even how difficult it is when all of these pieces are not connected. There isn't a place where all of that comes together seamlessly. That really helps with operational efficiencies and it sounds like that was a big part of what kind of your catalyst for wanting to put something like this together. Does that sound? Do I have that right?
Speaker 2:Definitely. The word seamless and automotive are not in the same universe.
Speaker 2:I mean, let's be real here Automotive is the master of disconnected technology and gated to me fortresses as well as using antiquated ways to even move information, ftp or let's say, secure FTP, flat filed movement versus a more natural API environment, which again is pretty common outside of our industry. So for us it was really helping the dealer just pretty common outside of our industry. So for us it was really helping the dealer just unify the technology, making it easier for them to administer and manage as well as manage their employees, because it's hard when you fire someone and you have to knock them out of 15 or 20 different systems. Most dealers forget to do that. That alone creates a security hole and flaw that we thought we could fill by connecting all services that dealers are already using inside one operating system.
Speaker 1:Yeah, it's exciting. I think the more that dealers find out what you guys are doing, I think they'll realize that this is something that's been long overdue. I'd like to move along to this part of the integrated marketplace concept. I think that's been long overdue. I'd like to move along to this part of the integrated marketplace concept. I think that's very interesting. I'm curious to know why you're building an ecosystem like that. Tell me a little bit about that. I think the audience would be very curious.
Speaker 2:Yeah, another great question. I think when we looked at creating the marketplace again, I think when we looked at creating the marketplace again, we looked outside the industry and we looked for inspiration. That inspiration was you cannot build everything to the best quality product and expect it to stand the test of time, and we knew that. So for us, we wanted to be able to open our architecture to allow best in class automotive or even non-automotive products to be built onto our ecosystem. We don't want money, we don't want a toll road like other people. Try to charge, or you need to. You know we're going to charge you for API access.
Speaker 2:We really just want to help the dealers leverage the tools they're already using in a connected fashion that they get the best out of it. And our real goal behind that is to help centralize the customer data in a way that the dealer can better manage it. Because, when you think about it, having a marketplace allows us to centralize one consumer profile and move that profile amongst the many systems the dealer is using, instead of having to constantly ask the customer to re-enter their information or, worse, have the salespeople do it over and over again during the transactional experience. So that integrated marketplace to us, we think, is the future of our business, just like it's the future it has been outside of. The industry has been outside of the industry.
Speaker 1:So I'm curious and I bet you, the listeners are as well what types of tools will you be planning to integrate into this marketplace concept?
Speaker 2:Yeah, I'll turn this one over to Martin so.
Speaker 1:I feel like he's the tool master. You are the tool master, so I'm sure the audience can't wait to hear a little bit about that.
Speaker 3:Yeah, so we're looking at integrating in a lot of different types of tools. Um, some of the early ones that we're expecting would be uh applications to help with verifying things like income verifying information. But with how we've built this platform, we can have it where third-party software developers can go and build best-of-breed solutions on top of us that they wouldn't normally be able to bring to the automotive space. Because maybe you're a survey monkey, maybe you're a MarTech company, it would be very difficult for you typically to come in and work with the automotive space because it's not familiar to you, you don't have the right hooks to go pull in all the data.
Speaker 3:So what we've done is we've brought a four-tiered approach to a marketplace, depending on the level of complexity and the level of information that a company needs and how they want users to come and work with it, from being able to surface a third party's tools inside of dealership websites to having it where it's integrated into the customer experience, inside of core, or into the dealership and agent side experience. We're able to handle it all the way from low code and no code to high touch, api driven, modern software development, methods of integration and kind of everywhere in between. So we're trying not to be opinionated. We're trying to make it so that we're able to provide the easiest on-ramp for third parties to go and leverage our platform. The easiest on-ramp for third parties to go and leverage our platform similar to how an Apple App Store or Google App Store builds their marketplaces, where they're providing an easy on-ramp to go ahead and bring their software tools to as wide of an audience as possible.
Speaker 1:This does not sound like you're a normal automotive tech play to me, boys, gentlemen, however, you'd like me to address you. Just what you shared there, martin and obviously Todd, you and I have been talking about this for a little while. This is, you know, for the listening and or viewing audience. There's more than a few reasons to get excited about this, because that's not the type of talk that you hear in terms of inclusive, big tent. We don't want to be the ones that are driving the opinion. We want to be like an Apple or Android store, open marketplace, allowing people to build on top of our technology.
Speaker 1:There are so many walled gardens in the automotive industry. There are in lots of industries but what you guys are embarking on is it's a fascinating topic because it's just not what people normally talk about, but it's been needed. I mean, think about all the frustrations. I'm curious. We could do a whole episode on you guys helping to backfill the frustrations that dealers and companies that work with and on behalf of dealers have to deal with in terms of the frustrations of all these things that don't work well together or at all, and you guys, seemingly, are trying to bring a lot of correction to that and a place where that can actually happen on the behalf of dealers, which is, I think, it's great. But rather than railroad the episode, I want to keep going and keep you guys on track a little bit. So let's talk a little bit about anticipated benefits of integration. How are you guys expecting first? I guess the first question would be how are you expecting to streamline something like workflows for dealers?
Speaker 2:Yeah. So, looking at this, obviously you're right, it is a big, ambitious task to do what you want to do, but we saw the benefit of being able to integrate dealers' best-in-class products that they're already using and open up the dealership marketplace to use what we consider global best in class products, like Martin also mentioned, whether it's the MailChimp Quartrax, like take a pick of type of company. But, bringing it back a little bit, we see this as a really powerful opportunity for dealers and how this marketplace is being designed, where and ultimately, I think it benefits the consumer that we need to ingest the information once and we can pre-fill the tools that the dealership is using. So let's talk about a workflow example, a very specific one. Let's talk about a trade-in process inside a store. So typically, let's say, this starts on the website and I fill in a form with my information and it gives me a trade appraisal. That trade appraisal then goes into the CRM and now a salesperson is going to call and try to schedule an appointment. So you think of that and that's the same process you would see inside a digital retail platform and any other platform.
Speaker 2:We thought it would be better if we could, once we onboard the customer through our system and identity check. When the customer starts the trade process, half their data is already filled out. We already have their name, email, phone number and basic information. We don't need that any longer. In fact, sometimes we might not even need their VIN number of the car they own. We could say which one would you like to populate. Doing these things will take steps out of the process. We're acting as a what I would consider a tool to help fill these systems with the right data once. So I don't have to ask for the consumer's data three or four or five times during a sales process. I can ask for it once to auto-fill those additional tools that are built on top of core to speed that process and create a better workflow. So back to what I consider the trade-in process.
Speaker 2:For us it could start with a conversation with the consumer. Customer wants to know the value of their trade. Good, we send a basic information collecting tool. Whatever they're using, whether it's a KBB trade pending, take your pick right through messaging. Customer fills out only the needed information. An auto appraisal could go or not, right through messaging. And at that point, let's say the consumer, like typical, says I have a better deal from CarMax or Carvana. So at this point, most deals break apart. So at this point, most deals break apart With core and how it's built. We can have a sales manager, a used car manager, hop into the same conversation with the salesperson and the customer to continue the conversation and make it much more dynamic and maybe even reappraise the car, turn it into a video call. Go outside, turn on the car, show me your dashboard and all the lights that light up. The possibilities are endless on redesigning workflows that are more customer centric, as well as helping the dealer organize their data.
Speaker 1:Yeah, and you just hit on a couple of things that also get into improving, enhancing the experience for the customer, right these? I mean there are countless workflows within the operations of a dealership and many of them are centric around how the customer interfaces with the store, and it's kind of exciting to think about after so many years, really decades, where it's kind of the same old, same old, even recently. You know, so many years, really decades, where it's kind of the same old, same old, even recently. So many of these dealers that had some issues with their DMS side of their business trying to figure out if they remembered how to do things without that. It just highlights the fact that there are all kinds of areas that still need improvement that we've been complacent with for really far too many years. I'm curious, martin I'm going to throw this to you a little bit but do you see potential improvements around data consistency here relative to integration?
Speaker 3:Yeah, I think that both data consistency and trust from the customer in information management and trust on the dealership that the information that they're getting is accurate at all times.
Speaker 3:So, extending off of Todd's example with the trade-in flow, if we go through the core verify and core identity end-to-end flow for that we start off by being able to abstract different service providers, whether that's KBB, trade pending, autofi, blackbook, whomever in a consistent experience for the end user. So they're able to, instead of them going to one system for part of their transaction part, another system for a different part of their transaction, they get the experience that this is a well-guided workflow. Additionally for being able to provide all that information, nobody likes filling out something that can potentially be construed as a lead gen form. So we're able to even do things like integrate in with credit bureaus to go ahead and automatically onboard and detect customers and all of their requisite data in a way that provides ease of use for the customer and gives the dealership a lot more confidence in the veracity and accuracy of information that they're getting from this potential customer and feed them that customer all the way through their entire journey with that level of automation. I don't think anybody else has really attempted it yet.
Speaker 1:See for me even the example that you guys are utilizing on the trade-in workflow and that experience. That makes me excited for dealers, because I know exactly what a well-executed trade-in tool on the website for your dealership. You're harvesting one of the highest quality leads at the lowest cost possible, and what you guys are talking about in making that process even better for a dealer. You literally can say to a dealer this not only helps you reduce cost, but it improves your output. It improves profitability. Everyone says their stuff sells more cars Just what you guys described right now.
Speaker 1:Although it's much more technical, it absolutely will help a dealer sell more cars, and profitably, and what's beautiful about it is it's not lip service. So it's exciting, and it's sometimes hard to make technical topics like this exciting, but for people that have been in it and they're really paying attention to what you guys are talking about, it certainly makes, I think, a really compelling case for dealers to think, wow, like how soon can we be working on this with you guys? So I want to spin back a little bit, because I did mention Todd, as you were sharing that you're definitely talking about things that enhance the customer experience. Do you guys have any particular goals that you're trying Anything within the customer experience that really is like those are goals we really hope to help dealers with. Or is it just you know? Right now it's still, you know, there's not as much certainty. I'm just really curious to know if there's already things that you guys are kind of keen on.
Speaker 2:Yeah, I think we would look at ourselves as a B2B or a B2B to C, right Like we're not just a B2B company. We know that our job is to help the dealer but that dealer's job is to serve the customer. So we need to be thinking all the way through the process to the customer. So we kind of started with the customer first in all of our thinking and said how do we just make it easy for the customer? Because if we make it easy for the customer and remove to us friction to go forward with a deal that's not confusing. I'm not changing multi-channels from text to email to voice calls through some other video call system, I'm not spread all over and the dealer is hitting me up three or four times hey, I need this again and again and again. Or, hey, please fill this out again and again and again.
Speaker 2:If we can unify that piece for the customer piece experience, then downstream it makes it much easier for the dealer to do business with their consumers. And, as I said and Martin said, we're not looking to replace the dealer's technology, we just want to integrate it into a way that's easy for the consumer to consume and easy for their sales team to utilize. That's it and that's why I said our goal is to partner with all vendors inside the dealership. We don't have any competitors. We believe in automotive because we're willing to integrate all their services on top of our platform and do it for nothing. And the real goal is to benefit the consumer and the people trying to sell cars each and every day and connect them up conversationally.
Speaker 1:Yeah, I said it before. I don't know that you guys particularly like the analogy or the big tent, but it feels that way to me when I listen to that. It feels like it's truly inclusive, truly collaborative and really not something that and I've been in this industry for a minute I just don't hear a lot of people talking about. Bring it all in. We want to benefit. We understand where we fall between the business to business side and then we're serving those, something that has a huge effect on the direct to consumer part of the dealership industry or the automotive industry, and you guys seemingly have thought through this very carefully and I think it's. You know it's a fascinating topic. Last thing, on kind of anticipated benefits around the integration piece, that I did want to ask is if you guys have any kind of projection around increases in operational efficiencies that you see with this.
Speaker 2:We have no idea, but I can say, like I can't imagine, things are going to take longer to do when you operationally create a more efficient mousetrap.
Speaker 2:And let's think about this for a few things that have always come to me like top of mind. By integrating any dealer service into a single unit, we're able to collapse the amount of times we need to ever ask for data to one. So that, to me, is an efficiency for the consumer as well as the dealership. Second, that eliminates to us fat fingers or mistyped stuff in dealership systems that a salesperson or customer had to do it a second or third time. So we can eliminate that as well. So we think that it's going to be super helpful.
Speaker 2:Three, it helps salespeople. They'll only end up learning our system and whatever tools a dealership is using, the dealership will be able to change tools and not require a whole new learning curve for salespeople to figure it out. So if I changed from a trade pending to a KBB right now, I have to retrain all my team how the new system's going to work. I have to do that's a lot of work and with turnover at over 66% in sales on average annually inside dealerships, we felt solving this problem to make it easier and less burden on the dealer to be able to train his team to make them more productive faster. This was also a key attribute.
Speaker 2:And finally, I'll say security, as I alluded to before. I believe that it's very hard to knock all your people out of systems. When you do let them go, you always seem to forget one, and we all know what happens. When you forget a system and you have a disgruntled employee, that is a huge opportunity for fraud to begin from within, for fraud to begin from within, and 60% of all fraud starts within the store Disgruntled employee, someone who gains access to a system. So our goal is to help secure the dealership and ultimately streamline the process for the dealership users as well as the consumers.
Speaker 1:So let's talk a little bit about the road ahead on this part. Martin, curious to know your thoughts on what your kind of development timeline looks like.
Speaker 3:Yeah, so we have the core platform live. We have dealerships using it today For the marketplace. We're kind of ready for doing private preview and we're talking with a multitude of companies to have it where they can be, launch partners as we bring it, bring the full version of the the marketplace to the world. Um, and in general we're with how we've built out core. We tend to move very, very quickly. We do updates and changes to the platform on a daily basis and I think any of our pilot dealerships that look at it every time that they look at it again, there's always some improvement that they're seeing.
Speaker 1:Yeah, that's excellent. How would you guys say right now, dealers can get involved. I mean, is there a preferred way for people that are going to be consuming this or hearing about this, whether they're seeing a short clip of this or they watch the whole episode and they say I'm kind of interested? How do I get involved with you guys? What do I need to know? What would you tell them?
Speaker 2:Yeah, I think for us it's super easy. We're obviously on LinkedIn. They can DM us, they can go to our website, they can call us, they can email us. You know, any way, we're completely open. We are looking for partners. I think even on our site in the bottom there's an email link that says partners, they can email us. So we know it'll get routed right to Martin and team that they can start those dialogues. I think you know, like any, like startup, which is what we are, you know our goal and ambition rests on just empowering a lot of these other automotive companies to gain more stores and ultimately get their product in front of more eyeballs. And I think for us we're just a connective fabric in making that piece happen with our marketplace.
Speaker 1:Well, all of that is extremely exciting. All of that is extremely exciting. Before I move into our next segment, I do want to ask either of you if you have any final thoughts there, before we move into segment two.
Speaker 3:Martin, I think the big one is that our approach has been to largely driven by the idea that customers want and expect modern tools to be very easy for them to use and if you don't have that app style interactivity, then users tend to want to step away. And if the customer steps away from the dealership because they're frustrated with the tools, the dealer ultimately has a lower amount of sales that they can possibly get. So our approach of abstracting out the different automotive providers we believe strongly is going to lead to better customer engagement and therefore more sales, as well as reducing friction and increasing trust and dependability of data within the dealership.
Speaker 2:I'm going to double down on that and say one more piece, which is salespeople and managers inside dealerships are the Gen Z millennials who also want app style tools that they don't have today, and every person I talk to is frustrated inside retail because they're using antiquated systems and technology that's built on old architectural design and not up to speed with what they're using natively on their phones, which is why many salespeople in the dealership always default to putting customers' PII on their own phone and not use a system, and that is a thing that has to be fixed, especially under the new FTC rules and CARS Act especially under the new FTC Rules and CARS Act.
Speaker 1:Yeah, that is extremely important, for sure. And before we move on, I do want to say and I should have said it on your last response, todd about training that actually is a piece that really I think that the dealers need to strongly consider, because turnover, yes, is still, and maybe forever is going to be, an issue, especially around sales-related positions and dealerships. But hand-in-hand with it is the training issue and retraining, training and retraining. And when you have that kind of nonstop turnover happening at such a high percentage, that means that those people have to be retrained. And if you guys are helping to improve that, taking that to actually have a significant improvement and not having to do as much training and retraining of people Because that takes time, it takes money.
Speaker 1:Again, those are things that actually cut down on costs to dealers because it costs them in time. It costs them in paying people to have to be retrained, paying for the training time. It costs them in paying people to have to be retrained, paying for the training. It's a very interesting concept that I wanted to mention, or at least bring a little more highlight to that, because that's really huge.
Speaker 3:And adding on to that, how much time is lost in an average sale just from a agent or manager having to duplicate information across all these different systems themselves?
Speaker 1:Yep, great point, yep, great, great point. So operational efficiency a lot of people talk about it. A lot of things that you guys are doing here it certainly seems to check a lot of boxes solves a lot of problems, that it appears that maybe you guys are the only ones that are trying to fix these things.
Speaker 2:It's funny, Sean. It's all rooted in a Harvard Review article. They surveyed the Fortune 1000 companies. They put a clicker on everyone's monitor so they could see how many browsers they had opened and how often they switched between browsers. Between browsers and a very interesting study that was done and the average knowledge worker we put, which would be the same as a salesperson in a dealership was switching uh 378 times per day uh tabs. Now it takes seconds to not only just switch the tab with a click, they have something and I'll give you the fun technical term ocular reorientation. So the time it takes me to look at a screen and it hit my brain and now I understand what I'm actually looking at takes seconds.
Speaker 2:When you compile this, five weeks per year are literally just spent clicking. If that's not a problem to solve, there is no problem to solve. The average dealer payroll is $5.1 or $2 million a year. So take five weeks of that. You're talking a very good chunk of money that is wasted on their people just switching between systems and doing nothing, Not adding any value to the dealership, not adding to sales, adding to nothing except sucking money out of the store's profitability. It is a problem worth solving.
Speaker 1:Yes, it is. I'm glad you guys are about it. Yeah, it resonates. It's definitely a message that resonates, for sure.
Speaker 1:Well, I'm going to take you guys into the second part of our conversation today, and so, for the audience, we're switching now to talk a little bit about actually quite a bit about dealership security and personal identifiable information, or PII protection.
Speaker 1:Okay, some have some working knowledge of this, but most people that know anything about PII and dealership security, you typically find that their understanding is maybe not as deep as they think it is, and definitely as it should be. It's not always one of the things that people like to talk about, because maybe it's not as cool and fun as talking about PMAX ads from Google and how much money you can waste there. This could have catastrophic consequences to your business if you don't pay attention and you don't actually have the right people on your side to help through it. So I'm really interested to get into this as well. The importance here is huge. I'd kind of like to start here with what are the current risks that dealers should know that are associated with PII breaches, and either of you can take it, this is where I could have just leave the building.
Speaker 3:this is all, martin martin, now we know why you're on this episode exit stage left, so uh, martin so to go through the risk first, it's important to understand that during the process of buying a vehicle, a customer has to go provide basically every piece of, not just PII but the even higher, protected version of SPII, which is specialized or sensitive PII, and with that information, anyone with it can go and effectively steal someone else's identity, causing financial harm and ruin or, beyond financial, potentially having it where they can be misidentified as the cause of crime.
Speaker 3:When an organization is the source of a PII information breach, there's a ton of federal regulations out there now and you hear it in the news whenever a large company runs into it that they're now having to face legal liability and cost to go ahead and recompense all of their customers' information that has potentially been breached, and they have to oftentimes do monetary compensation as well as provide services in the event that any of their information did end up in their identity being stolen If you break it down. You have their social security number, you have their banking and account information, you have their employment history, you have their income history, everything that a bad actor could possibly want to know about you the dealership has. So, um, a car dealership has roughly the same amount of risk for pii as a, as a bank does. It is very, very high risk and it has a lot of um social stigma to an organization when there is a breach and it is difficult to say how well protected you are.
Speaker 1:So are there some reasons why the traditional methods that have been around for a long time, why they are really failing? They're just not quite doing the job.
Speaker 3:So there's a lot of different traditional methods for securing PII.
Speaker 3:First one tends to be I'm going to print everything out, I have it in an offsite, potentially secure storage, or I have a shredding service, but it's easy for information to fall through the cracks there side.
Speaker 3:There is oftentimes protection within individual tools, saying tool A is protecting your information, but in order to go and integrate that over to your CRM or into your dealer management system, you're oftentimes taking it out of that protected system and transferring it in a way that is less secure, such as ADF XML, where it doesn't have in transit, the protections to make sure that your customers or yourself as an organization are protected.
Speaker 3:Additionally, there's not a lot of barrier to entry to getting access to this information inside of a lot of dealerships or inside of a lot of dealer facing tools. So if you're a sales agent, you can potentially get access to information that you don't really need to go ahead for selling a car, such as social security number and credit history, but it's not difficult for you to get access to that information. So what we've done is in core is we've reduced that risk by having it where, based off your job role, we limit how much information you get based off what you really need to know. So, sales agents they know that you passed it, they get a swag at what your pricing capabilities are for monthly spend, but they don't get your full history as a customer.
Speaker 1:Interesting. You know, several years ago I got a call at about three o'clock in the morning from the authorities I think it was a sheriff, I can't. It was late at night. It was either the police or a sheriff and they were looking for my wife uh, because the car that she uh used to drive, uh like four months prior we had traded in on a new car, but her old uh, her old toyota had apparently been involved in a robbery and oh yeah, um, and at first they were like they thought, well, we got them because clearly the paperwork wasn't handled correctly at the dealership.
Speaker 1:You know obviously some sort of security issue and I'm wondering if you guys also think about how that can maybe be remedied with some dealers. When I think of personal identifiable information breaches, I always start to think has this happened with me? A little bit, and that's one of the first things that I think about is what other information could have been gotten out there by the dealer, when they don't even handle how the car came in? And then now the authorities are thinking that it's my wife who robbed the 7-Eleven and left her Toyota in the parking lot. It's like what.
Speaker 3:I think that goes to some of the data standardization and syndication things that we were talking about in the previous segment of. By having it, where you have a single tool that's able to orchestrate workflow between system A and system B, you help to mitigate some of the human error where someone is busy and they forget to file something like the transfer of title, which should be very difficult ordinarily to go ahead and forget about, so that you can avoid cases like what you ran into. But if you're having to do that across a multitude of systems, human error tends to crop up and by having an integration platform like Core, it can help mitigate those kinds of risks as well, Because we don't rely on the person to go oh, I need to remember to go do this step. We can see systemically this person is at this portion in this workflow. We need to go and send information to this other system and make sure it gets done.
Speaker 1:I appreciate you sharing on that. It helps me realize that you guys are going to make that part of the dealership better too. So I got a question a little bit on and Todd mentioned this in the previous episode a little bit when sometimes the threats are coming from the inside. So, regarding the let's call it, the insider threat challenge, and either of you can help us in this regard but perhaps share a little bit on the statistic on insider threats- insider threats.
Speaker 2:Yeah, so right now, if you look at regular fraud in businesses like 60% is internal, starts internal. Now it could be disgruntled employee. It could be an employee has access to certain data is selling it to someone else. We've seen instances recently where salespeople are just taking photocopy or taking copies with their phone of customers' are just taking photocopy or taking copies with their phone of customers' driver's license, selling them on the dark web. They get about $500 or more a piece. So if you think you have a, let's say, average salesperson and he gets five, six of them a month, it's an extra $2,500, three grand a month in his pocket. So it's not a little bit of money, especially when new car know new car sales are probably minis at 100 bucks a piece. So there's money to be made from that data.
Speaker 2:So we thought through this and we believe a novel way that we don't want anyone at the dealership, especially salespeople, to have to touch the consumer's PII, especially salespeople to have to touch the consumer's PII.
Speaker 2:We want the consumer to onboard themselves and be verified and then inside our system the manager knows that this customer is a legitimate customer or potentially fraudulent. Salespeople get a very limited view on anything because, as Martin said before, it's all permission based so we can determine who sees what, when, where and how much. I think there is a future, even within our system, where we won't even expose salespeople to the consumer's email or phone number. They'll have buttons that they could easily contact the consumer through any channel, but exposing the data and the private number or email address below that is unnecessary. So again, I think part of our goal ultimately is to de-risk the dealership by limiting exposure of PII across the board. That is a guiding principle of ours that we truly believe that. You know, I don't need to know your email address to contact you, I just need the capability to do it.
Speaker 2:And you know, think about it from the fraudulent point where I could walk into any CRM today, download a file full of my customer records that's going to contain a host of PII, and I'm going to take it out and go sell it. And it happens and it will continue to happen unless dealerships put different systems and processes in place that prevent these types of actions.
Speaker 3:And, adding on to that, 60% of all data breaches are caused by insider threats. Not all of those are malicious. A lot of those tend to be due to improper usage of information going between systems. So we mitigate a lot of the improper usage. It's also important to recognize that, out of that 60% number, that's risen by 47% since 2018. And the cost in that same period, per insider threat incident has increased to an average of 11.5 million dollars. It is a massive cost. When something happens that's bad also inside of our platform, outside of the, the permissioning, we start from a default stance, stance that we don't trust anybody or anything, including ourselves, and that process is called zero trust security. So instead, we look at every action that's being done with the expectation that it's potentially a hazard and it only is allowed to happen, whatever that action might be, if it passes all of our checks and balances on each part of our system. To say that this is something that is kosher.
Speaker 1:So that's a good segue. You guys clearly have this innovative approach to PII protection and you mentioned zero trust. Sounds like that's part of a larger vision for, kind of your next generation security features. Is there more about that in the vision? I mean you're sharing a lot of things here, you know, trying to make sure that some of those are highlighted for dealers that like just that alone the zero trust thing is really critical. But are there other components of the vision around security features that are really passionate things that you guys are focused on?
Speaker 3:Absolutely, and I think that one thing that is important is knowing what the traditional state is for, why this is different. State is for why this is different. A lot of organizations will have it where they have. You'll hear about their firewall or their DMZ, where they have this outer perimeter to the company that's supposed to protect everything inside of it. But the difference between that and our approach is we don't trust that edge either. If you're inside, we give you the exact amount of rigor for whether or not we're going to let something go through or happen, as that traditional firewall approach is, and that makes it so that by default, we have to stand from a position of least access at all times, of least access at all times, and we have to explicitly allow an action versus the traditional method is kind of, if you're logged in, you can go do the action.
Speaker 3:So we believe strongly that this model will go ahead and mitigate a lot of accidental insider threat issues. Combined with our permissioning model for just accessibility of information, we're hoping that that together greatly decrease the attack surface for any dealership. Additionally, we also do a cybersecurity assessment on every customer that's interacting with the dealership. So if you're talking to a dealership out of New York City but you're connecting from a VPN out of North Korea. We're able to pick up on those kinds of activities and say that you're not allowed to go forward because you're misrepresenting yourself. And say that you're not allowed to go forward because you're misrepresenting yourself. And the same thing goes for a sales agent. If a sales agent is in Minnesota, generally and we see a connection attempt from Uruguay or any other country, it raises red flags and we stop that person from being able to continue forward. And we also make sure that the dealership is aware when those kinds of issues come up so that they can go in action on it appropriately.
Speaker 1:That's one of the things that's going to-.
Speaker 2:That's a really interesting thing about what's called browser fingerprinting, what Martin is discussing. So technology today exists that with our widget being starting on dealer websites starting a conversation for verification there or for a QR code at the dealership. We understand the browser the consumer begins those conversations on and by analyzing that browser and well over 200 attributes around that browser, we can determine a lot of very interesting things, not only location, vpn are they incognito? Are they coming from a known, already fraudulent source All those things we can see very early on, are they even?
Speaker 2:human. Yeah, all those things we can see very early on in the process. That allows us to put up what we call the spidey senses, to start the protection wall, to begin, and we think again there's no way you stop fraud with one bullet right. You got to shoot a whole arsenal at it and you have to continually change that arsenal because fraud is dynamic and it's always evolving, adapting to any situation and circumstance. So we have to match that cadence with levels of what we call multi-signaling right, using multiple different traps along the way to try to identify bad actors.
Speaker 1:If it can be corrupted, it will be eventually right, absolutely Well.
Speaker 1:I was going to ask you know kind of how you guys are planning to limit employee access to sensitive data, but you already kind of answered that question, which I think is also really important.
Speaker 1:I mean, the people that are going to be consuming this type of content at the dealership level are going to want to know why, why would all of that matter, and how are you going to go about some of these things?
Speaker 1:I think that's important. I don't want to skip over because sometimes, as we're getting into this, you guys will have secondary and tertiary thoughts on all this. But as I get a little bit closer to the end of this segment, I do want to talk a little bit about what you guys would consider. You know, and I know people like best practices were at one point they were not even any practice, but you guys, as you are at the vanguard really for some of these things, you must have things in mind around recommendations for enhancing things like internal security measures. You've talked a little bit about some of those things, but would love to hear a little bit more of your thoughts on that, and either of you can take this, but I really want to get a little bit of an idea of things that you would recommend to dealers for that very purpose.
Speaker 2:I'll leave this to the security expert, Martin.
Speaker 3:All right. So the first recommendation is to try and make sure that any sensitive information, whether it's PII or otherwise, to your dealership is never on unmanaged devices so not on sales agent cell phones, not on their laptops, not going through their personal email and to help mitigate that, providing tools that make it so that the tool has a similar level of barrier to entry as the, even if it's opening up your organization to legal liability and financial risk, as well as opening up your customers to similar liability.
Speaker 1:What if you wanted to keep this information on a personal AI assistant?
Speaker 3:A personal AI assistant follows into that same bucket of it's an unmanaged, untrusted source. Additionally, if it's inside in but it's potentially being reused and resurfaced outside of your organization and outside of your co-pilot because you're exposing it to a public service, here I thought I was being humorous interjecting that question and there's a real, legit answer behind it, martin.
Speaker 1:That's like extra 5,000 bonus points. That's 5,000 bonus points to you in the episode for taking what I thought was going to be a humorous addition and saying, no, there's actually legit answers to what you're talking about. I love it.
Speaker 2:Now you've got to double down and Martin will explain how you actually do it to be able to interact with those tools, with PI.
Speaker 3:Oh, I was going to first talk about some of the co-pilot tools that are getting more popular and some of the issues that have come up because of them.
Speaker 3:Yeah, feature on top of their co-pilot, but it ended up getting so much blowback from the security community that they had to roll back the feature altogether, where they could do a point-in-time look at your behaviors over time to say, hey, we're going to predict what you're going to want next so that your workday is easier.
Speaker 3:But unfortunately, all of the predictions were publicly available as well as the historical view on your information was also very, very easy to go in and retrieve, exposing passwords, usernames and all the information on your screen. At those times it was a really big issue. Adobe, who's famous for having Photoshop and Acrobat and a bunch of other tools, is getting in trouble right now because of the same exact issue. It's a very big issue right now with the generative AI community on private information or proprietary information ending up in public systems. Now there are tools now to go ahead and mitigate that, but they're still fairly early in their life cycle, just like generative AI itself is only about two years old for being really usable, and we use those systems whenever we're trying to do things with AI, so that we're not potentially leaking sensitive information to a public provider like OpenAI.
Speaker 1:Yeah, that's next thing you know somebody's making their own custom GPTs and here's your information's being utilized in ways that you don't want it to be.
Speaker 3:Yeah, very interesting and the barrier to entry for shadow IT operations on it it's very low. Like I want to go ahead and start asking an AI information about my CRM database so that I can make predictions and maybe provide better customer service. And the act of uploading all that information, I've now caused a data breach unintentionally, with the best of intentions. I want to provide better customer service.
Speaker 1:Yeah, interesting. How about the importance of making sure your employees are trained so that their level of awareness gets raised here? Do you guys have thoughts on this, any recommendations, or is it just a foregone conclusion that they need?
Speaker 3:to do something, but there has to be controls in place to make sure that any training and awareness is up to date.
Speaker 3:If I were to look around right now for most information security training services that I've looked at over the last year, they don't even mention any of the newer stuff around AI concerns and they also may not always be up to date with industry needs.
Speaker 3:So calling out the importance, not just to the dealership and the agent, but to the customer around what the level of risk is and why it's so important to protect it, not even if it causes you potentially to use a little bit more time using a tool that isn't necessarily on your phone Core in our case. We're on your mobile device, so we're trying to make sure that we're easier to use so that we don't run into that case. But even if you're at a dealership that's not using a tool like Core, the importance to the dealership and to the customer to not use unmanaged services for storing PII is incredibly important and it needs to always be a front and center part of training any new person, as well as reminding people once a year. There was a case where a large game company, blizzard Entertainment, a few years ago found that every one of their customer service agents who'd been there three plus years would accidentally leak sensitive custom company information at an 80% rate.
Speaker 3:And it ended up being that, their security training. They only got the day they joined the company. As soon as they started doing 12 month and six month reminders on that security course, their rate went from over 80% of those employees leaking company information to less than 2%. So it has to be an ongoing strategy that's always maintained to be effective.
Speaker 1:I'm just listening to you share, martin.
Speaker 1:I don't think I'd be surprised if it got to a point where companies are maybe doing updates maybe once a quarter maybe becomes the minimum. I mean especially in as it relates to what's going on in the um. You know the explosion of ai, whether people are using it for you know graphics and you know people are using the large language models, all the different things you could do. Obviously there's so many um, and even our agency, we use a lot of different ai tools. But, um, I've had people reach out to me and ask me all kinds of questions about hey, I've got this huge database that we use. It's got all these dealers in it, it's got their names, addresses, phone numbers, email addresses and it's typically tied to their big database for their email marketing.
Speaker 1:And I was thinking about doing this and dumping this into one of these and I'm like, oh, I wouldn't do that, don't, do not do that. That just makes me so nervous because there's already so much, you know, a compliancy and regulation around just having clean email databases. That you know. Listen to you share about this. I'm thinking, yeah, I wouldn't be surprised if dealers need to adopt a more frequent update to their employees just to stay up on these things, and obviously I think I would be curious to know if you guys would agree with me. But I think that that's one of the things that you guys can also bring to the relationships that you have with your dealer clients is helping them to stay up on that so they don't cause I can imagine just a dealer thinking how am I going to keep up with all of the unfolding? You know technology and the AI world and what we need to know and not know that, partnering with you guys, that you guys can also help dealers know what they need to know there as well.
Speaker 2:Yeah, I look. Our goal from the beginning is to be a partner to our dealers and to help them however they need it, obviously, with data and security, it's very core to who we are and protecting that, but also extending that knowledge into our dealership partners, organizations. I'll use the term core part of who we are. I love to be able to use our name in almost everything I talk about, so it's really good. It was a good pick and I think the other thing to mention, not only the AI piece is just phishing schemes inside dealerships.
Speaker 2:Dealerships are highly vulnerable to phishing opening up emails or text messages, clicking links, especially when they're using these systems that don't have really good, strong security protocols on them. So I think, in the end, dealers should constantly be looking at phishing schemes inside their store, testing like monthly testing their users. I think there's already trading companies do some of that today. I think it's a good investment that the dealer it takes one employee clicking one link. I'm certain that this recent giant automotive CDK hack will result that somewhere, somewhere, someone clicked on something and it was the wrong something to click on.
Speaker 2:They had to get in somewhere, or it could have been through a disgruntled employee at the other company, or whatever it is, it's always going to resolve down to a critical moment in time.
Speaker 1:Somebody opened what's on Stranger Things? What's the thing they opened the portal into?
Speaker 2:Oh the portal yes, Somebody.
Speaker 3:To the upside down right.
Speaker 1:Yeah, somebody's responsible. Well, last couple of things I want to ask and either of you can take it, or maybe I got a couple of questions and either of you, maybe each of you, will answer one of these. But just for dealers that are thinking about this in terms of dealership security going into the future, yeah, we have not just gone through the threat, but literally a terrible attack on the CDK situation. What do you guys see as emerging threats, potentially, and how are you preparing to tackle some of those? And then part two, or the second part of the question. Last one I want to ask you guys is how are you guys planning to stay ahead of the curve?
Speaker 2:Yeah, I'll let Martin take that first part.
Speaker 3:So emerging threats. One of the big ones is AI and data leakage. It's very, very easy to, with the best of intentions right now to cause insider leaking of private information, as we just went through. Insider leaking of private information, as we just went through. To help mitigate that, we do a lot of audit logging on our own system to make sure that if someone does an action that could potentially be used for exfiltrating data even if they're authorized to go do it and everything looks good we log that and alert that so that someone who's in charge of compliance at the dealer group can go ahead and see an action on that and say, hey, what happened here? Was this actually reasonable?
Speaker 3:Additionally, for things to mitigate like the CDK breach, we have a on top of our zero trust process, we default to a stance of serverless, so we don't have access to our own servers. Instead, we manage just the little tip of the system that is our custom code. Everything else is abstracted from us. So even if someone within core accidentally clicked on a link that included a rootkit and encrypted and tried to encrypt something, there's nowhere for the rootkit to actually latch onto that we have access to. So we try and mitigate the issues before they can become an issue by just not having those pieces, and I think with that approach we'll be able to continue to stay ahead of security threats. But we always keep an eye to the future on this. Things like AI-based information security are still very much in their infancy, but we try and stay on the front lines of it as much as we possibly can.
Speaker 1:Todd final thoughts before I recap this episode.
Speaker 2:I love this. I feel like I learn every time I come on our own episodes. Yes, I think more important. You know we're just.
Speaker 2:This is a very dynamic, changing space. Technology is one of those things and fraud prevention is a constant moving target. Technology is a moving target. Ai is a moving target. I think the best way to always stay on top of this is to continue learning, continue to keep the open mindset, continue to look at best practices, but they're constantly evolving. They're dynamic. Today there's no set it and forget it any longer, and dealerships who take a stance that I put this in place, I don't need to think about it anymore that risk will continue to grow. So I think they have to take a constant what I consider evolving stance on all this and re-look at it consistently. I don't think you can. There will be no more set it and forget it, and I'm always protected. A great example that I'll end on right now we've spent a lot of time focusing on our multi-signaling process around fraud and part of that.
Speaker 2:Just like other vendors in the industry, everyone wants to take pictures and take a liveness interaction of the consumer's face to match the driver's license. Just recently, I saw another fraud guy and they were discussing a new app that is out today that allows to grab the picture of the driver's license and it allows you to take and create an AI clone of an actual. It's you moving your mouth, lips, but the other driver's license that fraud face on it and it will pass the liveness test. So it's not enough and I can't like you. We think we're doing the best we can and the fraudsters are just keeping pace with what we're doing. They have access to the same tools, the same technology, so they're fighting to get past the systems and we have to fight twice as hard to keep them out.
Speaker 2:But it was amazing to see the AI tech live pass. So basically in the software, you can project it to your phone so I could be in a FaceTime call with someone pretending I'm an old man or whatever. Well, I'm already old. Let's just say I'm pretending I'm a young, 20 some year old man with a man face buying a car, and I could completely change my voice, change everything and created the frauded experience. This is going to be incredibly important as more dealers sell cars farther away from home during remote transactions. You need a multi-singling process in place. No one thing is going to catch all the bad actors that want to do business with your store.
Speaker 1:It's amazing. It's I mean, I learn on these episodes as well. I'm fascinated by it. I oftentimes I've already done it on this episode, once with the old story of my wife's car situation, thinking that she robbed a 7-Eleven I also can tell you that some of the tools that our company uses from an AI perspective. You just mentioned a few things that made me realize. We have a new AI voice capability within software that we're using right now that we use on an episode where I don't know what I said, but it wasn't what I wanted to say, and so we said, okay, well, how well does it learn what I sound like? And you guys have seen all the examples of where this has been being used for nefarious reasons. I used it so I could clean up an episode, and our whole team couldn't tell that. I went in and let it train from my voice, typed in what I wanted it to say, and it sounded just like me. They didn't even know they were like. Were like what, and so I think it's really important and I'm glad that there's at least core ai out there that you're telling the dealer world that it isn't going to be good enough to just say, hey, we figured it out and now it's good like set it and forget it. We've updated ourselves and now we can go into the 30 years without paying attention to these things. That's not good enough, because I guess one of the things that you're saying, todd and it's true, there's a good and an evil side of it you guys are on the good guy side, right, trying to help dealers in an area that's very critically important, because all of the same technology and capabilities are in the hands of the people who want to do evil with it as well, and you need to know that. So what an awesome conversation.
Speaker 1:Gentlemen, let me do a quick recap. Our first segment audience. You guys, I'm sure we're loving this. This is good stuff. We discussed the future of dealership operations with the dealership OS and the integrated marketplace. We talked about the problems with current software, core AI's vision for a unified platform, all the benefits of integrating automotive-specific and best-in-class non-automotive applications into this marketplace. I think that's super exciting and, todd, you mentioned too that a lot of the generation now that sits on the retail side of automotive that they're going to love that as well. That's what their expectation is. So, todd and Martin, I really appreciate all the insights here. You guys also highlighted the development timeline. I appreciate that, todd. You were right. It's good to have Martin on for some of the deep dives and getting into the weeds.
Speaker 1:Second segment we focused on the dealership security side and PII protection. The growing risks of PII breaches is a real thing. It has been and it's only been accelerating for years. There is also that insider threat challenge. You also have to know about that, and I bet you some dealers that are consuming this content might even have their own personal examples of that happening at their store. Core AI has got an innovative approach to that. So I think that's really important because they shared a lot of information about securing sensitive data. We also talked about the best practices for enhancing the internal security measures and the importance of that with your employee training and how frequent you're going to make sure that they stay up on those things. And then, finally, we looked at the emerging trends, really of where you guys plan to stay ahead, of what's going on in security PII dealership operating system. I think it's awesome.
Speaker 1:So, to the listeners, be sure that you connect with Todd and Martin on LinkedIn. They're both there. They share a lot of insightful information. It's one of the best places to connect with them as thought leaders. If you're watching the episode on YouTube, hey hit the subscribe button, so then you're the first to know when we launch new episodes. And thanks again for tuning in. We'll see you again soon, right here on the core conversations podcast.
Speaker 2:Awesome. It's funny that I.