NMA Reboot: Of Cyber Hackers and “Pay As You Drive” Auto Insurance


This weekly post features recent news stories that highlight and update themes previously covered throughout NMA E-Newsletters and Alerts.

Editor’s Note: A team of cyber security experts has remotely hacked into a vehicle’s control systems by exploiting a security hole in an aftermarket telematics device called a Zubie. The Zubie plugs into a vehicle’s onboard diagnostic port and uploads data on driving habits, miles driven, engine performance and even GPS coordinates. The hackers were able to control the vehicle’s door locks and instrument cluster but claim they could have assumed complete control over the vehicle from anywhere in the world.  

The Zubie is marketed to consumers who want to monitor their own driving habits, but it is similar to devices like the Progressive Insurance Snapshot device which monitors driver behavior in exchange for lower insurance rates. The NMA has commented on the potential pluses and minuses of these “Pay as You Drive” insurance schemes. However, at the time we didn’t realize we would have to add complete loss of vehicle control through cyber-attack to the list. Here’s what we said in 2012.

 

NMA E-Newsletter #165: The Trade-Offs of “Pay as You Drive” Auto Insurance

You can hardly channel surf these days without encountering the ubiquitous Flo, the over-caffeinated cheerleader for Progressive Auto Insurance. More often than not, she’s hawking the company’s Snapshot program.

Snapshot uses an in-car monitoring device to track your driving habits and then calculates a discount based on how you drive. The voluntary program touts discounts up to 30 percent, and the company’s website states that your rates won’t increase after you sign up (with a couple exceptions).

The idea behind so-called Pay as You Drive (PAYD) policies is simple and appealing: In exchange for regular monitoring, you can lower your rate by driving less and by driving more safely. Insurance companies like it because they can use real-world information to assess risk and set prices accordingly. But before you sign up, do your homework. Each insurer collects data it deems important and some collect more data than others.

For example, Progressive’s Snapshot system does not use GPS to track your location but does track miles driven, sudden braking events and the time of day you drive. Along with these parameters, State Farm’s In-Drive program also collects information on acceleration, turns, speeds over 80 mph and, in some cases, GPS data.

In the UK, insurers seem keen to play up the GPS capabilities of their PAYD programs. No surprise given how accustomed British drivers are to having their movements tracked. Through its DriveSafe program, UK insurer AA tracks a whole range of driving and location data, including how fast you take turns and where you park your car at night. It also sends you nasty emails if you’re detected speeding.

All of which brings up privacy issues. To be fair, some insurers say they collect GPS data only to offer roadside assistance programs. But the State Farm and GMAC PAYD systems work in conjunction with OnStar, which found itself embroiled in a privacy scandal last year by admitting it continued to track drivers even after they unsubscribed from the service. If you object to round-the-clock tracking of your vehicle location, make sure GPS tracking isn’t part of the program you choose.

You should also understand how your driving data can be used and what control you have over it. For example, does the insurer need to get your permission before accessing your data to resolve a claim? Can the data be subpoenaed as part of a legal proceeding? Read the fine print before you agree to have your driving habits monitored.

As with any tracking program, there’s a familiar command and control aspect to PAYD. Environmentalists support these schemes as a way to cut down on driving and benefit the environment. Could future programs include incentives for driving on certain roads or include penalties for driving in congested or “unsafe” areas? Rather than simply monitoring driving, PAYD systems encourage behavior deemed desirable. But rewarding safe driving habits is one thing, social engineering is quite another.

Note that enrollment in a PAYD doesn’t guarantee savings. Most providers will penalize sloppy driving with higher rates. Also consider that these systems can’t tell who’s driving your car. So, as with red-light camera citations, the vehicle owner may end up paying for the actions of another driver.

PAYD programs are voluntary. However, once they become the norm, insurers will likely reserve their lowest rates for those who participate. Those who choose not to will be penalized with increasingly higher rates. At some point, the holdouts will capitulate and PAYD will become the only game in town. 

There is a certain appeal to paying only for what you use. PAYD policies could lower premiums for many motorists, especially younger drivers who are assumed to be high-risk. For now, you can choose to have your driving habits monitored in exchange for a potentially lower premium. We hope it stays that way. Consider what you’re willing to give up for the privilege and whether you’ll end up paying a higher price down the road.

Not an NMA Member yet?

Join today and get these great benefits!

Leave a Comment