Security Policy
We protect your information in many ways—from ensuring that our buildings are secure, to proactively preparing for disasters and business interruptions, to using secure computing practices. Safeguarding your information’s confidentiality, integrity, and availability is one of our highest priorities.
The information for the accounts you have with Automotive Credit Corporation (“ACC”) is kept secure and confidential through multiple security features and procedures.
Our online security features help protect data
The account information you request from our website can only be accessed with your username, password and, in certain situations, unique verification codes. It is your responsibility to keep your login information confidential.
- • As part of the registration process, you'll be able to set up two-factor authentication to help protect your account even if your password is compromised.
- • Do not disclose your login information to anyone. Our employees and associates will never ask you for your password.
- • If you think your password has been compromised, or if your credentials were part of another data breach, log in and review your account activity. As a reminder, two-factor authentication can help protect your account even if your password is compromised.
- • If you see unusual activity in your account, contact ACC immediately.
Information you submit through our website, as well as the information we send back to you while you are visiting our website, is protected using strong encryption when necessary. Our secure server software encrypts information, ensuring that Internet communications through our website stay private and protected.
To allow you to process transactions on our website, we use cookies.
Your account information is not permanently stored on our web server. The information is processed by our web server while you view the information. It is, however, permanently stored on our secured corporate computer systems and retained according to our company record retention policy.
Security software keeps information private
To ensure the secure transmission of your confidential account information over the Internet, we use a secure communications solution called Transport Layer Security (TLS). All modern browsers support TLS , but if your browser does not, you will receive a message indicating that your session cannot be completed because of the security risk.
TLS establishes a secure connection between two computers (e.g., your browser and our web server). It is used to implement HTTPS, the secure version of HTTP, and is an open technology supported across various browsers. We require that you use a TLS-enabled browser to communicate with the secure area of our site. You know you are visiting the secure area of our site when the URL begins with "https://".
We recommend using the most current browsers to ensure a high level of security. Web browsers supported by Microsoft, Mozilla, Apple, and Google support the latest versions of TLS. Older and less secure versions of TLS may no longer be supported.
Security helps protect your data
Customer access to web and mobile applications requires the use of unique usernames and strong passwords. For accounts that support it, we recommend using two-factor authentication, which requires both your password and an additional code to log in to your account. The code, or a random number generated by an application, is sent to your phone. This helps protect your account information when logging in, in the event your password is compromised.
We limit access to your company data
ACC has a formal, documented process to grant and revoke access to company resources (systems, data, mobile, etc.) that is supported by administrative, technical and physical controls. Our employees may not access or disclose personally identifiable information for any reason except as authorized for company-related business purposes.
Other ways we protect your information
Our security program: Safeguarding your information
ACC has a comprehensive written Information Security Program that safeguards information against the unauthorized or accidental modification, disclosure, fraud, and destruction.
- • Security policies and standards, are documented and available to our employees.
- • Collection of personal information is limited to business needs and protected based on its sensitivity.
- • Employees are required to complete privacy, security, ethics, and compliance training.
- • Risk management processes and procedures are documented and communicated.
Business Continuity (BC) and Disaster Recovery (DR) programs
We also have a BC and DR program. Critical business functions, processes, and supporting applications have been identified and are regularly reviewed. Appropriate response and recovery plans have been developed. Testing is completed annually.
The basis for the program is professional best practices established by industry organizations such as Disaster Recovery Institute International (DRII), Business Continuity Institute (BCI), and International Organization for Standardization (ISO).The technology recovery plan leverages geographically distant data centers, while the incident management process facilitates response and recovery activities by appropriately implementing plans if a disruptive event occurs.
Antivirus protection
All Windows servers and workstations have antivirus software installed, and updates to definitions are applied frequently. Our information technology managers review recurring reports to ensure compliance levels are met. All alerts are reviewed by staff in the cyber defense operations center.
Patch management
We monitor for significant new vulnerabilities and attacks that have the potential to affect our systems and apply patches and mitigations as appropriate. We have a vulnerability management practice that regularly tests our systems to ensure that they are not open to attack.
Incident management
We have processes to track, manage, and resolve all incidents. If a data security incident is discovered, a response plan is promptly initiated and executed. We adhere to all applicable state and federal disclosure laws.
Cyber security insurance
ACC has cyber security insurance. Our policy provides Network Security and Privacy Liability insurance coverage. It includes any network security or privacy event discovered during the policy period affecting ACC and events originating from our third-party service providers.
Vetting third-party service providers
ACC has a defined Vendor Management Program, which includes processes for vetting, selecting, and monitoring third-party service providers. Third-party security profiles are completed when certain types of data are provided to and/or stored at a third-party location. Additional risk assessments may be completed based on the nature of the third-party service or solution provided. For example, a separate risk assessment is completed if a third party is granted access to our networks, systems, or data.
Additional security practices
- • Our Customer Service center has procedures in place to help validate the identity of callers.
- • Regular training is conducted with our employees on how to detect fraudulent activities.
- • Strict standards that limit access to data are followed.
- • Regular testing of our security controls is performed.
If you have questions or comments regarding any of our security policies, procedures, or practices, please contact compliance@automotivecredit.com,
You can help protect your data, too
In addition to the steps we take to secure your account information, your actions play a big part in protecting your data, too.
Protecting your personal information can help reduce your risk of identity theft. There are 4 main ways to do it:
- 1. Know who you share information with
- 2. Store and dispose of your personal information securely, especially your Social Security number
- 3. Ask questions before deciding to share your personal information
- 4.Maintain appropriate security on your computers and other electronic devices
Read more from the Federal Trade Commission about how to keep your personal information secure at https://consumer.ftc.gov/identity-theft-and-online-security
Choose a secure password
- • Choose passwords that are not a duplicate of other personal information (e.g., Social Security number, birth date, etc.)
- • Choose a password that is easy for you to remember, but difficult for others to guess. Do not use information about yourself that others can easily find out.
- • When possible, use a passphrase instead of a password, making it as long as you can without using any common phrases or quotes and include characters, numbers and upper and lower case letters.
- • Using a mobile device? We highly recommend setting a device passcode/password of at least 6 characters or using biometric features on your device.
Protect your account numbers, PINs, and passwords
- • Never share your PINs, usernames, or passwords with anyone. Be cautious of emails or individuals who ask for this information. We will never ask for your personal password via email or telephone.
- • If you do need to write down login information, put it in a safe and secure place. Don’t carry this information in your wallet.
- • Identify one secure location in your home to store all of your financial records.
- • Do not use the same passwords across websites, especially those sites that store and process financial information. If other sites are not secure, your password could be compromised.
- • Certain devices are eligible to enable biometric sign-on; an example is fingerprints. Use caution if you store multiple biometrics on your device, such as fingerprints from a spouse/partner or child, as those users could access mobile apps on your phone.
Protect your personal computer and mobile devices
Your personal computer
Your home computer is likely where you go online to check your accounts with us and do business with other companies. That’s why it’s important to protect it from viruses and spyware with antivirus software and frequently applied updates. Most major software companies regularly release updates or patches to their operating systems to prevent security problems. It’s a good idea to keep your system and applications updated with the latest patches and releases.
Your mobile devices
Don’t forget about your smartphone and tablet—it’s just as important as a personal computer.
Always activate a PIN or lock function for your device. This is the simplest and most important thing you can do to ensure security on your mobile device, especially if it’s lost or stolen.
Log out of websites
After you sign into a website, remember to sign out. It's an easy step you can take to ensure your information doesn't end up in the wrong hands.
Check your credit report regularly
We recommend checking your credit report regularly with each of the 3 major credit bureaus. You're entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order online from annualcreditreport.com,, the only authorized website for free credit reports, or call 877-322-8228. You will need to provide your name, address, social security number, and date of birth to verify your identity.
A credit report contains information on where you live, how you pay your bills, and whether you've been sued, arrested, or filed for bankruptcy. Nationwide consumer-reporting companies sell the information in your report to creditors, insurers, employers, and other businesses that use it to evaluate your credit.