NASTF Brings VSP Management In-House For Improved Security

Effective Jan. 1, the National Automotive Service Task Force (NASTF) board brought the management of the Vehicle Security Professional (VSP) program in-house. The change follows widespread problems with credential sharing and related registry backups.

The goal is to significantly raise system security, NASTF executive officer Donny Seyfer said.

“It had become clear from our audit in June of 2018 that there were some fairly sophisticated bad guys in our system,” Seyfer said. “We have hired a speciality group to do our background checks and a new registry manager who comes from an investigative/law enforcement background and already has significant experience working with automakers and NASTF.”

NASTF is now doing an in-house security credential check. That, along with the efficiencies of having a software-driven communications and VSP registry, have made for a streamlined process and more secure interface, Seyfer said.

The support desk has been dealing with long lines, he said, but a team of eight has migrated over 5,200 VSPs and has almost 1,500 new ones coming onboard in the next three weeks, assuming they all pass the security screening.

“The bad actors are having an increasingly difficult time getting past our screening,” he said. “NICB has been a great partner all along, but now, with our data-crunching capabilities, we are able to take automaker data, [Secure Data Release Model (SDRM)] data and let NICB and our background team look at thousands of transactions and link car thefts to individuals or groups of individuals.”

NASTF has investigated and suspended more than 50 accounts that it says were involved in code brokering, interstate or international code sharing, or theft. 

“Our bottom line goal is this: We want the good guys to win,” Seyfer said. “The SDRM is about maintaining the integrity of vehicle owners private data. We require our VSPs to confirm that the individual they are doing security work for is truly responsible for the care and custody of that vehicle. If they are unwilling to take that seriously, we will revoke their access to SDRM. That is the agreement we made with the automakers back in 2006 and now we have modern tools to make sure it happens that way.”   — Sarah Hollander