September 10, 2020

The list of new e-commerce, or in car-commerce, applications around the connected car are growing by the day. The role of the vehicle as one hub within many hubs supporting our daily lives is fast expanding, if we look at some of the new services and connected technologies available today.

With the Volvo On Call and Key by Amazon apps, it’s possible to get your Amazon packages delivered straight to your vehicle without having to lift a finger, secured in the boot and ready to drive away. The in-car technology is going to be an enabler for a whole new world of retail and commerce: think ordering food delivery or flowers on the way home, or completing a supermarket checkout using voice commands from the driving seat.

With the arrival of smart speakers in the home and voice assistants like Alexa, Siri, Cortana, and Google Assistant now mainstream for smart speakers, smartphones, and in-car applications it’s only a matter of time before voice-driven commerce can become widely connected over the in-car infotainment system.

Also we have to remember that drivers are not the only prospective buyers in this world of in-vehicle commerce. Buyers can include passengers such as family members on the way home from after-school activities, taxi or Uber passengers. Quick purchases made by parked drivers also a part of the mix. When combined with heads-up displays, or HUDs – which are becoming more commonplace – voice assistants are a preferred input method overall for drivers looking to make in-car purchases.

According to the Digital Drive Report from and P97 Networks, the average daily commute represents a $230 billion in-car connected commerce opportunity in the US alone.

This study identified the services, and the aspects of automation, drivers said they would most like to see in future and these include payments for fueling or electric vehicle charging and restaurant reservations, as well as parking payments, map updates, food delivery, and booking car maintenance.

An emerging business model is called feature/function-on-demand (FOD) in which the automotive OEMs can ‘switch on’ onboard features like autonomous driving or electric vehicle features. This delivery methodology can be extended to any other product or service options that can be delivered over the vehicle dashboard, including insurance options, navigation and entertainment. The automotive OEMs, such as Tesla with its high-performance ‘Ludicrous’ option, or Audi with its Racetrack option, are also able to deliver performance updates to the vehicle ECU (Electronic Control Unit) over the air.

The vision is that all these options can be combined into a marketplace, enabling drivers and passengers to access all of the same products and services they are used to at home or over their smartphone, plus certain automotive-specific features .

Bumps on the road to the in-car commerce platform

Currently Tesla offers its Ludicrous mode in certain models at an additional cost of around $20,000. However, technological changes will allow carmakers to deliver such enhancements on a temporary basis, using over-the-air (OTA) software and firmware updates on demand. New services and new risks are being created: the vehicle owner can treat themselves to a ‘racetrack experience’ over the weekend. But then what happens when the service is left enabled and the teenage son borrows the car early on Monday morning and goes out for a spin?

Worse: he found out the car can reach amazing speeds in an unbelievably short time and he unfortunately wrecks the family pride and joy.

In the old era parents would have been able to keep the car keys under the pillow or hidden in a drawer! Better still, they will be able to use the car’s biometric entry system or remote-entry system to keep it secure.

But this example serves to show some of the emerging challenges around authorised usage of the car – whether a pooled or shared vehicle or not – identifying authorised users and dealing with all the data protection and ID considerations.

That weekend driver nightmare is a scenario carmakers and insurance providers are not yet ready to face without bumps. Currently the automotive OEMs, quite rightly, place the utmost emphasis on protecting their brands and perfecting the ‘brand experience’, delivering hassle-free sign-up for connected car services and accurate match of vehicle and owner with the insurance company.

So whilst OTA services can start delivering some fantastic changes in terms of convenience and lifestyle, there are key challenges that need to be solved before they go mainstream. These are obstacles that will be very hard to overcome, since they involve issues of identity, data privacy and risk.

It’s already possible to access some OTA services from the latest model year vehicles. What’s currently available are mostly repairs and extensions of existing features by OEMs, like vehicle access with the Volvo On Call example. It is possible today to order pizza, flowers, to make a restaurant reservation or even pay for fuel without taking your wallet out of your pocket or picking up your phone. But since these are low-value purchases, they do not require a higher level of scrutiny.

More complex and more expensive in-car services are becoming available, and with them the obstacles mentioned above are a real concern. They are not problems of the future, as some may think. They are demanding answers now, and the companies who find them will be ahead of the game.

At LexisNexis Risk Solutions, some of the identity and access solutions we can bring to the connected car world include LexID® and LexisNexis® ID Compass, a comprehensive suite of solutions that provides identity verification, identity authentication and device assessment. LexisNexis® ID Compass is already at work to help insurers combat fraud, particularly in the life insurance segment.

As the need for reliable identity access management (IAM) has been rapidly expanding to other lines of business, and has already reached motor insurance, at LexisNexis® we have been working on specific solutions designed for the automotive OEMs, drivers and insurance providers.

Recently, we surveyed global car makers to find out more about their problems and expectations related to IAM, which is at the core of connected car digital services, OTA and in-car commerce.

In our research, the automotive OEMs told us they are not that concerned with identity related to small purchases such as a food order or flowers, effectively the contactless card payment limit set by the financial institutions. But the stakes become much higher, and they do have concerns, in relation to buying a car online for example, or delivering an expensive performance update over the air, where they need the highest certainty of identity. They need to make sure the person paying for the service is the one who gets it, and that transaction needs to be able to convey trust along the supply chain to third parties such as insurers or other vendors.

As vehicles become more autonomous in their actions, identity becomes more important to control or to give access to an asset.

Consider the possibility of summoning your car from the parking bay, similar to Tesla’s ‘Summon’ function, or even summoning your car across town. To that, add the possibility of sharing a pool vehicle, which may be used by ten people in a day. Who is paying for what? Insurance will cover the car, or the driver? We would need to have better knowledge, to know what data belongs to what person. Which brings us to the next point.

Another big concern for the automotive OEMs is related to privacy and data protection, when the vehicle is in different states of use: raw data (which to some extent is being created all the time in real time), idle data or live data. In the European Union and the UK this relates to GDPR, the General Data Protection Regulation and in particular PII or Personal Identifiable Information, as it is applied in each country.

In the US, the California Consumer Privacy Act (CCPA), which came into effect in January 2020 and which is being taken as the template legislation by other American states, does not allow data collection from minors. If there is a 15-year-old in the car, which can be a driver with a restricted licence in some states, it’s not permissible to collect data. But within a vehicle, it is usually possible to gather data from everybody inside. So we can begin to see the big regulatory challenges as well.

In Europe under GDPR, individuals or ‘data subjects’ need to give consent to the automotive OEMs and others to collect data related to them, and they can withdraw consent at any time. Different users of in-vehicle services may have different attitudes towards privacy. The car needs to be able to identify exactly who is consenting on what, and then send the information back to the OEM to trigger changes, in order to remain compliant. The same applies when the vehicle changes hands.

For now, the automotive OEMs consider that the existing processes are good enough to work with the reduced number of connected cars rolling out there, still a relatively small percentage of vehicles. Physical key fobs remain the only way to access most cars: thus the importance of keeping the traditional car key under control, and the ‘under the pillow’ example we mentioned earlier. For now, the connected in-car ecosystem is still immature, being populated by low ticket price options.

But changes are coming fast and, according to IHS, by 2022 about 20 million vehicles on the streets will be ready to be upgraded with OTA technology. Accurate identity assessment will be essential to have a car performing well, within the boundaries of law.

LexisNexis Risk Solutions, part of RELX, is a global data technology and advanced analytics leader, with customers in over 100 countries worldwide.

If you have a question or a sales-related enquiry Contact Us and a member of our Client Engagement team will be in touch.