It was fitting that the National Automobile Dealers Association (NADA)’s annual show be called the “Main Event,” as both sides of the data security debate squared off in a testy exchange that left many questions unanswered.


What was clear is Reynolds and Reynolds is not about to budge on its hard-line stance of guarding access to its customers’ dealer management systems, with Vice Chairman Fin O’Neil saying “the debate so far has been too simplistic.


“Like it or not, we can’t take a libertarian position on data security,” said O’Neil. “We have an obligation — and a responsibility — to partner with dealers to help keep their data and their DMS safe, secure and in compliance with the best industry practices.”

Opponents fired back, and said the discussion simply comes down to a dealer’s data being a dealer’s data. Allan Stejskal, president of Open Secure Access (OSA) a 30-member coalition that hopes to create safeguards for the free flow of dealer data — said he hoped Reynolds would have provided more information about its announced plans to shut off dealership modems, which the company uses to upload software updates. The modems are also used by third-party vendors to gain access to a dealer’s DMS.


“Reynolds, as far as I know, has not come out with a definite statement of what its strategy is,” said Stejskal. “Bob Brockman (Reynolds’ new chairman) made a number of statements around security and around the company’s position, but I don’t think they came out with a, ‘This is our position.’”


The NADA and the American International Automobile Dealers Association also weighed in with a joint statement of their own. The statement said dealers, not vendors, should control who accesses and extracts their data.


The data-security debate began simmering in January after a report from an industry publication detailed how Honda asked its dealers last year to allow a software vendor, called Digital Motorworks (a subsidiary of ADP), to extract daily service parts orders. The automaker’s request, however, put dealers in direct violation of Reynolds’ dealer contract rules.


Brockman said in a Feb. 19 Automotive News article that Honda and Reynolds had yet to come to an agreement, and said Digital Motorworks was unhappy with the price Reynolds charges for access to its DMS solution. Reynolds, which reportedly certifies third-party vendors at an estimated cost of $20,000, referred the magazine to O’Neil’s posted comments on the company’s Web site.


Most NADA show attendees, however, were more enthused about the innovations on display, but did have the debate in the back of their minds.


“It’s technology overload,” said Diana Pfeiffer of Alaska Sales and Services, Anchorage, Alaska. “There’s a lot of good stuff here at the show.” Pfeiffer said she’s in a wait-and-see mode in regards to the data security debate.


One-Stop-Shop Solutions


Walking through the DealerTrack booth, David Kelly, director of finance operations for Easterns Automotive, Reston, Va., liked the one-stop approach companies touted at the show.


“My main focus was on technology at NADA, and both DealerTrack and Reynolds are starting to turn the corner and produce some really useful tools,” he said. “There are several companies out there that have great systems in regard to menu selling, e-contracting, data security, data storage, etc., but all necessitate a new system and process. And for a company our size, that’s quite an undertaking.”


With Reynolds at the center of the debate, most other DMS and software solution providers, such as DealerTrack, JM Solution, MPK and ADP, said they stood on the dealer’s side, but also talked about the need for safeguards against unauthorized access.

“Data in a dealership belongs in the dealership,” said Scott Barrett, president of JM Solutions. “We’ll have tight controls, but we don’t want to be the gatekeeper.”


ADP, which Reynolds criticized for the hard-line stance it once took on guarding access to a dealer’s DMS, used the debate to unveil its new Third-Party Access Program. It consists of three different levels of access to a dealership’s data: Third-Party Basic Access, Subscriber Access and Third-Party integration.


“ADP has always understood that dealerships own their data,” said Dan McCray, vice president of product marketing for ADP Dealer Services, which is a member of OSA. “Through its Third-Party Access Program, ADP can provide varying levels of security and access, allowing dealers and third parties to choose the operation that best fits their dealerships.”



Microsoft Could Tip the Scale


The ongoing debate did provide the perfect platform for Microsoft Corp. to formally launch its Automotive Retail Solutions Initiative. So far, the company said its DMS solution will provide a platform for third-party providers rather than compete.

“What we recognized was that there are a lot of firms out there that are doing really innovative work, are very smart about their side of the business, and just need the right kind of DMS to plug into,” said John Reed, director of automotive retail solutions for Microsoft and a former Reynolds executive. “And that’s where [we realized] that working with those third parties collaboratively was just the right way to go.”


The main thrust of its announced initiative was to unveil the alliances it has made so far, which includes companies such as DealerTrack, JM Solutions, RouteOne, Manheim and the Cobalt Group. That list also includes several third-party solution providers, such as AutoBase, bridgeSpeak and Chrome Systems.


DMS Providers Skeptical of

Microsoft Venture


With automakers looking to decrease the number of new-car dealers, many DMS providers wondered if the market was big enough for another DMS provider. Reynolds’ Chairman Bob Brockman told one industry publication that he didn’t understand why Microsoft would be interested in the DMS marketplace when it was already “pretty well populated.”


Many also pointed to Microsoft’s venture into the automotive space in the late ’90s, which Reed admitted didn’t realize the results Microsoft and its then partner Reynolds expected to see. ADP’s McCray said he wonders how Microsoft expects to accomplish what took ADP 30 years to achieve. For other DMS providers, the competition is welcomed.


“They would argue that the market is shrinking and that there isn’t room for another DMS provider,” said Mark Stephenson, president and founder of MPK, which has been a customer partner of Microsoft for 14 years. “I think it’s quite the opposite, as I would say that a good 10 to 20 percent of dealers are actively looking for an alternative.”


Data Security Debate to Continue


The OSA’s Stejskal believes Microsoft can drive the debate in the dealer’s favor.


“[Microsoft’s venture] is a big undertaking, but there’s a huge benefit in the marketplace to have a robust competitive environment from a pricing standpoint,” he said. “If Microsoft can deliver on a very open access, that’s a homerun for the dealer, and definitely pushes the debate along.”


Microsoft’s presence, however, didn’t deter Reynolds’ tough stance on third-party access, as O’Neil reported how Reynolds recently helped 150 of its customers solve a data corruption problem caused by a third-party vendor. O’Neil also talked about one instance where a third-party vendor broke through an OEM’s firewall after gaining access to a dealer’s DMS.


“What other industry proposes to give unfettered access to confidential customer information?” Reynolds’ O’Neil wondered. “Since 2005, we’ve taken a patient, deliberate approach to enhancing system security in our DMS and for our customers. We have accomplished this without disrupting the dealer’s business and in a manner allowing third parties to continue to work with the dealer.”


Stejskal's OSA did refuse Reynolds’ offer to join the coalition. Stejskal said there were two key actions that made the consortium question whether Reynolds supported its cause: the letter sent to Honda dealers and Reynolds’ refusal to discuss its certification guidelines.


“We put out some pretty serious proposals for Reynolds that we felt got at the security integrity issues while providing Reynolds with a way to generate a revenue stream,” said Stejskal. “We’re going to continue to reach out to Reynolds to reengage in the discussion.”

Reynolds’ O’Neil, however, argued that the consortium’s plight only applies to DMS providers and not third-party software providers.

“That’s a narrow approach for an industry-wide issue,” he said. “That’s one reason we tried to join the dialog with Open Secure Access. We were denied that formal opportunity.”