Car buyers are tired of the dog and pony show that goes along with trying to negotiate for a new car and are quickly turning to car buying services like TrueCar as a way to get transparency into the pricing process.

While places like TrueCar will save you a little money compared to just walking in to a dealer off the street, they won’t get you the absolute best price and will do it at the cost of your privacy. TrueCar makes money by charging dealers $299 to $399 per lead once a customer that was referred from them makes a purchase. They gather data from various automotive data aggregators along with vehicle registration and tax sources and perform analysis on it in order to establish an average price paid.

One of the requirements for affiliated dealers is to give them access to their Dealership Management System (DMS) or to manually transmit vehicle sales data to a supported third-party vendor. A DMS is a management system that dealers use to manage customers and vehicles that contains information such as pricing for vehicles bought and sold along with customer details like names, addresses, and social security numbers.

TrueCar is the brainchild of Scott Painter and started as an off-shoot of Zag.com, which was a service that provided vehicle pricing data for branded car buying programs for companies and associations like the AARP. They used the Zag software engine to assist in the launch of TrueCar.com and provide similar information and buying power to the general public. In order to make the company sustainable, it turned this buying public into its product.

TrueCar makes money by selling the potential vehicle buyers on their site to affiliated dealers as leads. Dealers obtain leads from many sources and usually pay about $15-20 each for standard leads from sites like Car Price Secrets and buy them in larger packs. In most cases, standard blind leads have a single digit return and buying 100 leads for $2,000 may result in only 5 sales, costing the dealer $400 per sale and involving lots of leg work. TrueCar went a different path and set out to charge $299 for new car leads and $399 for used car leads with the additional benefit of the dealer only getting charged once a sale is completed. TrueCar calls this a ‘pay-for-sale’ model.

Many dealers that were down on their luck or wanted a boost in sales jumped at the opportunity of working with TrueCar as they knew that they would receive qualified leads and didn’t have to waste time on deals that would never go through. The dealers were happy to be getting customers and car buyers were happy to save money without spending hours haggling.

TrueCar obtains data from many sources including vehicle registrations and tax records, but the troubling source is the dealers themselves. In order to sign up with TrueCar, a dealer has to agree to their “Master Terms And Conditions” which list one of the requirements as follows:

c. DMS Sales Access. Subject to the confidentiality and use restrictions below, Dealer will provide access to Dealer’s Dealership Management System (“DMS“) sales data either through (i) direct extraction by TrueCar’s third-party DMS vendor(s) (such as DMI or VIN Plus/Netlink), (ii) manual transmission of data by Dealer to a TrueCar third-party DMS vendor, or (iii) other method mutually agreed upon by TrueCar and Dealer. Upon TrueCar’s request, Dealer will connect or reconnect TrueCar’s access to Dealer’s DMS sales data within two (2) business days of such request. Dealer represents, warrants, and covenants that it has all the necessary rights to provide the DMS sales data for use as specified in the Agreement.

In most dealerships, the DMS contains all of the information on their customers and product, including completed deals. Since TrueCar has access to the exported DMS data for a dealer, they can see transaction information for all of their customers even if they didn’t come to the dealer via TrueCar. To top it all off, TrueCar transmits this data using third-party companies, introducing a middle man to the process. TrueCar does state that they anonymize all sales data and do not use any Non-Public Personal Information, but the pipe to the data is still there and I speculate that it uses an Application Program Interface (API) to move the data. While many API’s are secure, there are always holes to be found as was the case with the Snapchat API being hacked a couple of years ago.

Some consumers may not be bothered with a small chance of a security breach if they can save a bunch of money, but TrueCar is quickly becoming just another marketing site. The site initially used the data it collected to show an actual dealer cost on a car which allowed consumers to shoot for a price close to it. After the dealers started revolting and cancelling their lead-buying agreements, things had to change. In order to rescue the company, Painter removed the dealer cost from the website and instead advertised the average savings. Curiously, the DMS connection to the dealers is also not used to populate the TrueCar price reports as stated in item 3 of their “Master Terms and Conditions” and is mostly used to make sure that dealers pay the lead fee for any sales that come through them. According to Inc, they also use a portion of the anonymized stats they obtain for data sales and automotive consulting.

When asked about TrueCar’s data storage and transmission, Alan Ohnsman, SVP and Chief Communications Officer, stated, “Just for clarification, TrueCar is not a lead-generation company — at least not in the traditional sense.”

Along with that statement he attached their dealer marketing presentation which shows how data is handled. The document specifically states that the customer name, address, phone number, and email are transmitted to TrueCar but social security numbers, credit card numbers, and credit scores are not. Full vehicle, deal, and payment information are also transmitted. The document also shows they provide limited anonymized sales data to other dealers based on the information they collect. The only security information in the document states that they use some form of AES encryption for storage and transmission of data along with keycard and biometric access control for their data centers, standard practice for even the smallest data centers. While preventing the transmission of social security and credit information gives me some additional confidence, I am still wary of the fact that TrueCar requires that the dealers have to allow direct extraction of data by TrueCar’s third-party DMS vendors even if they are not directly hooked to the DMS themselves.

You may be tempted to run to AAA, USAA, or Consumer Reports for their buying services, but your data will end up in the same hands as they are affinity partners of TrueCar and use a branded version of their product. The affinity partner program consists of more than 1,500 partners and, as stated in the Inc article above, comprises over 50% of TrueCar’s earnings. Another 38% comes from potential buyers that visit their site directly. The remainder comes from their data sales and consulting business.

TrueCar and other no-haggle programs have done some good as many of the dealers themselves have started going to a no-haggle experience in order to stay competitive.

In an effort to make a fair comparison of current pricing, I picked a 2015 Toyota Camry LE w/floor mats as my potential vehicle and decided to do a comparison. TrueCar came back at $18,774 as its estimate and showed 3 certified dealers in the area. I visited the website of one of my local Toyota dealers that has embraced a no-haggle policy and picked the same model from their inventory. It showed a price of $18,691. I emailed the dealer to confirm it did not include any rebates or incentives I would not qualify for and they confirmed it was the correct price for me.

I had an $83 savings over TrueCar with only one email sent and did not have to give up any of my personal information.

I am sure that if I invested a bit more time with some of the other dealers in the area, I could bring the price down another $200 or $300 easily as I would be coming directly to the dealer and saving them the cost of a lead. Another option is to look to specialty programs and clubs from certain manufacturers that can save you even more on a new car purchase and are usually fairly straightforward.

I am glad that we are moving towards a more transparent culture when it comes to buying a new car and hope to see more dealers moving towards up-front pricing, but we need to be wary of our privacy when it comes to TrueCar and many other similar programs that may pop up.

The local no-haggle dealer is still part of the minority as most of the other listed prices for the same Camry were in the $19,000 to $23,000 range and would require old-school negotiation. The car buying process is slowly changing, but as long as we have dealer practices like the “Four Square” method, companies like TrueCar will find a place in the market.

Bozi has worked as a car salesman, owned a small used car lot, and exported and sold vehicles to Europe. He also has extensive technical experience due to refurbishing auction and repo vehicles as well as working on his personal projects and swaps. His background also includes IT consulting as well as electrical hacking. He daily drives a salvage rebuilt Cadillac STS, owns a project V8 Subaru Legacy GT and has wired up an LS1 Miata from scratch.