Repairers or locksmiths trying to subscribe or renew their subscription to the Vehicle Security Professional (VSP) Registry this summer likely experienced a significant delay. In June the National Automotive Service Task Force shut down more than 1,300 VSP accounts for credential sharing as well as not having the proper positive ID paperwork on file. That effort will make the program more effective and safer, but resulted in a temporary suspension of new and renewal application processing.
The VSP registry was created as part of the NASTF Secure Data Release Model (SDRM). It allows aftermarket access to security sensitive information like key codes, PIN numbers, immobilizer reset information and other types of data for repairers like technicians and locksmiths.
Users that perform security system repairs have to subscribe to the registry to purchase security codes and VIN-specific files from the OEMs.
After evaluating credential usage in the registry, NASTF discovered two critical problems – users were sharing credentials, and many lacked the proper documentation.
Key code brokers were contacting repairers and indicating that they needed their locksmith identification (LSID) passcodes in order to continue receiving service.
Under terms of the VSP agreement, sharing those passcodes with anyone other than the OEM websites is grounds for suspension of the LSID license. In addition, those codes could conceivably be resold or used to steal vehicles. If the key code were traced back to a specific LSID passcode, that means the repairer could be subject to the theft investigation.
“We saw a pretty high number of members using code brokers,” says Donny Seyfer, executive officer at the National Automotive Service Task Force (NASTF). “In some cases, those brokers got into websites in other parts of the world and scrubbed databases to get codes, and then they sold them.”