[kube-system]

I don't think that the dealer equipment being used to steal cars today is coming from dealers where management is knowingly engaging in car theft. It is other people who are misusing those tools. There are many hundreds of thousands of people who work at dealerships, and many do not care about their employers reputation. Also, many dealerships are broken into.

[acdha]

Yes, which is why I suggested a combination of measures to change that. An active per-device transaction would make it clear when a dealer’s access is being misused, and if it affects their business viability it would turn out that they could do a better job of controlling access. Hundreds of thousands of people work at banks, too, and many of them do not care about their employers but thefts from customer accounts are rare because the companies are incentivized to set appropriate safeguards. There’s no reason why car repairs couldn’t be the same other than that it costs more than what they’ve been doing, and there aren’t strong enough incentives for them to take on those costs.

[kube-system]

What would that look like in reality? Expecting dealerships to have the same physical security, procedures, and security vetting of a bank? There's already a shortage of workers in these roles, now we want the guys busting their knuckles on vehicle repairs to have a good credit score and good background check and perform elaborate opening and closing procedures with a buddy system? Storing tools in a vault?

I really don't see how any of this is merited or reasonable, especially when the vast majority of the cars being stolen in my neighborhood are either stolen with the keys or with a tow truck.

[jasomill]

Require resets to be initiated and authorized by the F&I department, whose security and KYC processes should already be substantially similar to those of other institutions that regularly approve $50,000+ loans.

[kube-system]

My prediction:

1. As a result, we'll see costs like losing the keys to a rental car go from a $250-500 fee to a $2500-5000 fee, due to the additional costs to process and the additional loss of use.

2. Criminal rings that steal high value cars will go from often using tow trucks, to exclusively using tow trucks.

3. The number of cars stolen via stolen keys will remain unchanged.

Yes, the key itself will be more secure, but I'm not really sure it will actually improve anything. More security is not better if the costs do not create real-world results.

[acdha]

Your second point is leaving out a lot: there’s no way adding a requirement that you have heavy equipment and a skilled operator isn’t going to reduce the number of thefts, and those trucks are in more limited supply and easier to track than a small tablet. They’re also way less stealthy so there’s a lot more time to get caught.

The third point may be true for classic theft but would not be true for the growing category of thefts caused by abusing wireless keys. If you can’t easily get a new key, the resell value for that car is going down dramatically.

[kube-system]

Commercial tow trucks are not hard to get in many places, but it is also not required to tow a car. There are many consumer oriented solutions for towing a car. Tow dollies are about $40 to rent in my city. Or if you're a thief, trailers aren't hard to steal either.

> If you can’t easily get a new key, the resell value for that car is going down dramatically.

Most of the vehicles that are stolen for resale are high value and sent overseas to parts of the world where the labor cheap to do something like entirely rip out all of the security components. I don't really think that these criminals will stuff a G-wagon in a shipping container for $100,000 but they won't do it for $80k or $90k.

[acdha]

Simply requiring the dealers to take seriously ownership validation and track which workers used the reset system (no shared logins, etc.) would do most of it.