Background

In the UK consumer finance expert Martin Lewis has sparked a wave of inquiries in Mar-2024 with his recently launched car finance mis-selling tool.

At the heart of the issue are banned “discretionary commission arrangements” that allowed car dealers and brokers to inflate interest rates for personal gain. The Financial Conduct Authority (FCA) is conducting a thorough investigation, prompting Lloyds Banking Group to set aside £450 million for potential liabilities.

Lewis predicts that car finance mis-selling could become the UK’s second-largest mass compensation payout, potentially exceeding £10 billion – a scale comparable to the PPI (Payment Protection Insurance) scandal. While companies grapple with the volume of claims, Lewis emphasizes the urgent need for streamlined complaint-handling.

This scandal has the potential to significantly impact the economy. It serves as a stark reminder of the importance of consumer protection and fair practices in the motor finance industry.

Cybersecurity considerations for car finance companies

  1. Phishing Attacks:  Scandals attract attention, and cybercriminals may capitalize on this by launching phishing campaigns. Victims could receive fraudulent emails or messages related to car finance investigations, leading them to malicious websites or disclosing personal information.
  2. Brand impersonation: Car finance companies are also at risk of brand impersonation by fraudsters. Fraudsters may create fake websites or social media profiles that look like they belong to a legitimate car finance company. They may then try to lure unsuspecting members of the public into providing their personal or financial information.

In order to protect themselves from brand impersonation, car finance companies should:

  • Be vigilant about monitoring the internet for fake websites and social media profiles that are impersonating their brand.
  • Take steps to make it clear to customers how they can identify legitimate communications from the car finance company. This could include highlighting  information about the company’s email addresses and phone numbers on their website.
  • Warn customers about the risk of brand impersonation and advise them to be careful about clicking on links or opening attachments in emails or text messages that claim to be from a car finance company.
  • If they find a fake website or social media profile, report it to the relevant platform provider so that it can be taken down.

By taking these steps, as a minimum, car finance companies can help to protect themselves and their customers from the risk of cybercrime given the context of this case.

Get in contact with CyberSolace if you would like assistance with Digital Brand Protection advice and monitoring services.