Dealer Floorplan Audit
Led by the Finance, Securitization, and Smart Contracts (FSSC) Working Group, this pilot demonstrated the potential use of MOBI’s Web3 Infrastructure in multiparty applications for zero-knowledge proof of vehicle location.
About Our Interoperability Pilots
Alongside our global community, we’ve demonstrated several potential use cases for Citopia and Integrated Trust Network (ITN) services through various pilot projects. Citopia and the ITN services are business-to-business (B2B) only. Together, Citopia and the ITN provide the necessary infrastructure for node operators to build out secure, seamless, globally compliant web services and applications. MOBI membership is required to operate a node on Citopia and/or the ITN. Contact us to learn more about becoming a node operator
Overview of the Pilot and the Problem It Solves
The Dealer Floorplan Audit Pilot (“Pilot”) is spearheaded by MOBI’s Finance, Securitization, and Smart Contract (FSSC) Working Group (WG) with contributions from Accenture, Altaventure, Amazon Web Services, BMW Bank, CEVT, Connections Insights, CO-OP Financial Services, ConsenSys, D.E. Consulting, DENSO, DMI, Ford Credit, Global Debt Registry, GM Financial, Honda, IOTA, Itochu, National Automobile Dealers Association (NADA), Nissan Motor Acceptance Company, On the Road Lending, Orrick, Quant Network, Quantstamp, Reply, RouteOne, Southeast Toyota Finance, Spring Free EV, Stellantis Financial Services, Tezos Foundation, Toyota Industries Corporation, Trade Log, and USAA.
A significant portion of newer vehicles is factory-equipped with telematics devices capable of capturing accurate data about the vehicle’s condition, location, and other important information. Telematics data is invaluable for stakeholders across the vehicle value chain and its market is projected to reach USD 155 Billion by 2028. Integrating telematics such as vehicle performance, use, distance traveled, and location into services such as insurance, product passport, etc. is emerging. However, the issue of data privacy still remains.
When a vehicle is sold, leased, or loaned to a customer, its geolocation is considered personally identifiable information (PII). Regulations such as the EU’s Global Data Protection Regulation, or GDPR, (2016) the California Privacy Rights Act, or CPRA (2020), and the White House’s Federal Zero Trust Strategy (2022) place strict provisions on the storage and exchange of data in government and enterprise environments — restrictions which, in the absence of adequate technological infrastructure and planning, these stakeholders would not be able to meet the strict privacy requirements of the regulations mentioned previously.
When dealers buy vehicles from manufacturers (OEMs), they finance the purchase with the vehicle as collateral for the loan. To ensure that the collateral is safe, lenders perform audits to verify that the vehicles expected to be at the dealership are actually physically there — hence the name, dealer floorplan audit. If a vehicle is sold, the loan must be repaid under the lender’s terms. This is similar to the housing market where you must immediately pay your mortgage lender if you sell your house. In the housing market, mortgages are repaid out of escrow as part of the sales process. Dealer floorplan loans have no similar escrow process, so lenders currently employ human auditors (usually third party service providers) who provide a trust service to guarantee that their unsold vehicles are on the lot and that the sold vehicles are being paid according to the lender’s terms.
Floorplan auditing requires an extensive amount of manual work as auditors must physically go to dealer lots to count and verify that the vehicles are on the lot or otherwise accounted for. Furthermore, these audits are not done frequently enough to catch all potential errors. Therefore, lenders hold reserves to compensate for the risk, thus increasing the cost of the loans for dealerships.
What the Pilot Demonstrated
Modern IT systems allow for the track and trace of connected devices with a big catch — the location of device users (Personal Identifiable Information, or PII) is exposed! Vehicles on dealer lots are filled with sensors that can provide accurate data about the vehicle’s condition, location, and other important information. While it is theoretically possible to use existing vehicle telematics to check location and automate the audit process, doing so potentially reveals customer PII, for example, if the vehicle is sold or loaned to a customer. In addition, each dealer lot may contain vehicles from multiple OEMs that do not share data with each other during the audit. As a result, lenders have continued with manual auditing.
MOBI’s DFA pilot uses Citopia’s zero knowledge proof of location verification and the Integrated Trust Network’s Decentralized Identity Infrastructure to confirm the loan collateral without revealing vehicle location or any other data. Vehicle location within or outside a dealer lot at any moment in time can be proven and verified using Zero Knowledge (ZK) cryptography without revealing any clear text information about a vehicle’s location or identity (e.g. VIN number). The only public information required to verify the ZK proof and verification is the geofenced location of the dealership. During the audit process, the vehicle is asked “Are you in this geofenced location?” and the vehicle responds with the proof “Yes/No.” The ITN’s decentralized identity infrastructure allows for the authentication and verification of those messages and their contents. Financial Institutions can vary how frequently the vehicles should generate such proofs in response to the varying levels of risk between different dealers.
An additional layer of privacy for the technology being demoed is the use of World Wide Web Consortium standards to create Citopia Self-Sovereign Digital Twins™ (SSDTs™). **A C-SSDT™ is a Digital Twin (DT) where only the owner/controller has access to the data stored inside the DT and can participate in autonomous transactions.
- Vehicle geolocation resides ONLY in the vehicle SSDT (MOBI and Lenders do not have access to this data)
- ZK verification of vehicle location (does not contain specific location or the VIN) resides in both the vehicle and the lender SSDTs (MOBI does not have access to this data)**
Together, these technologies enable the automation of DFA without the messy complications of handling PII associated with vehicles. This DFA pilot is foundational for many track-and-trace applications powered by ZK cryptography. Building on this innovative groundwork, OEMs can monetize connected vehicle data in future applications such as vehicle maintenance traceability, battery cross-border compliance, and usage-based services.
Our Innovative Solution
Self-Sovereign Digital Twins™: trusted decentralized identity for interoperability and business automation
Currently, digital transactions rely on identities issued by centralized platforms to prove their credentials. However, in addition to being vulnerable to fraud, identity theft, and data leaks, centralized approaches to identity management fail to address the trust problems created by the rise of decentralized services, IOT, and Generative AI. As digitization advances, it will become increasingly challenging — and costly — to verify data authenticity, secure digital perimeters, and ensure cross-border regulation compliance. This is critical in the vehicle finance and lending sector, which includes hundreds of thousands of stakeholders in regions across the globe.
Overcoming these challenges calls for a new solution. The White House’s Federal Zero Trust Strategy (2022) underscores this need by directing federal agencies to adopt a Zero Trust framework by the end of FY 2024. Zero Trust requires every entity to authenticate and validate every other entity for every single digital transaction at all times. Since this is not possible through Web2/centralized means, we must leverage Web3 technologies and principles to unlock privacy-preserving ecosystem interoperability using Citopia Self-Sovereign Digital Twins™ (SSDTs™).
What are SSDTs™?
SSDTs™ are portable digital twins that can automatically authenticate identity and selectively disclose pertinent data for Web3 transactions at the edge. SSDTs™ combine standards from W3C, MOBI, IEEE, ISO, SAE, and others with Zero-Knowledge cryptography to offer the data privacy and autonomy needed to engage in secure, tamper-evident transactions across the connected ecosystem. SSDTs™ enable cross-industry interoperability and business automation through:
