The Society of Collision Repair Specialists is holding an open board meeting from 3-5 p.m. today ahead of the Collision Industry Conference Wednesday and Thursday, and…
Correction: An earlier version of this article incorrectly paraphrased Mitchell’s position on digital file standards. The company will continue to support EMS, but that doesn’t mean it has refused to offer BMS. (In fact, it has supported BMS for years.) The article has since been corrected.
Switching to the modern BMS digital communications framework over the 1990s EMS standard promises to give collision repairers and related industries greater efficiency and security, the organization which developed both says, and other experts agree.
Insurers and large MSOs already have implemented BMS or created workarounds, and SCRS and CIECA have urged IPs to offer the capability to smaller shops transmitting estimate data. On Thursday, CCC announced that it would give the 22,000 shops using its CCC One platform access to system in 2017 and end EMS exports in 2018.
But while conceding the security and efficiency gains, Jack Rozint, sales and service-repair vice president for CCC rival Mitchell, argued that the move was more about control on CCC’s part.
“They don’t give the shop owner control of the BMS, necessarily,” he said.
EMS and BMS are standardized information output formats that essentially allow different collision repair software to “talk” to each other.
On a practical basis, what CCC’s proposing does appear to give a shop more configuration and transmit less unnecessary data than with EMS today on CCC, AudaExplore or Mitchell. But there is the more philosophical question of how much ownership a shop has over the actual data file, and we’ll get to that shortly.
CCC said Thursday it would essentially create its own version of the iOS “App Store,” allowing shops to select their business partners’ BMS-compatible programs as data recipients.
Under the current EMS system, shops either upload EMS files or have business partners install “data pumps” on their systems, and the latter technology can automatically pump up data from estimates through which the business partner had no role. Both transmit the entire file to the recipient, not just the line items they need to see. The security flaws and system inefficiencies are obvious.
Technically, this App Store isn’t full of all-new programs in the Apple sense, CCC clarified Friday. The options will basically indicate a company that’s paired an existing program with a back-end interface to exchange a shop’s BMS files securely with CCC. (Though CCC hopes new developers will take advantage of the easier XML format of a BMS file to create new collision repair industry solutions.)
After a shop selects in CCC ONE which companies it would like to receive data, CCC will handle the back-end of transmitting the particular messages relevant to the company. A shop can also further filter information by insurer and vehicle make, largely for DRP and OEM certification reasons. (Shops can filter by insurer now; the make option will be new.)
“We’re helping the shops control that data,” said Mark Fincher, CCC vice president of market solutions.
He said CCC “defined a series of messages” which would likely be needed for each industry (for example, car rental companies), and only those fields would be transmitted to the third-party companies within that industry with CCC apps (for example, Hertz and Enterprise).
The industry blocks of messages are a mix of those CIECA has flagged as relevant to various sectors and CCC’s own decision-making, according to Fincher.
While shops and developers can offer feedback on what groups of messages can be transmitted per industry, they can’t set up the system to restrict or expand that series to certain business partners beyond that. They don’t appear to have had that capability with EMS now, though.
CCC will vet “apps,” but minimally, checking for relevance to collision repair and CIECA membership, it said. The company doesn’t want unrelated businesses “trying to get some access to some shops” on there spamming collision repairers, Fincher explained Friday. Everyone in the industry’s welcome, and CCC wouldn’t exclude non-CCC clients, he said.
“There’s nothing that we’re controlling,” Fincher said Friday.
There is no cost for shops on CCC ONE to use the platform. Companies with an app are charged a per-company ($2,500, once) and per-file fee ($0.50 per overall file — basically, per repair), and CCC has noted that this is partially to recoup the millions it spent developing the system. Find out more on CCC’s FAQs.
One more philosophical — although for collision repair operations with a greater IT capability, it’s also practical — point involves who actually “owns” the data.
Right now, a shop has its own EMS dBASE IV data stored locally. It might be horrendously inconvenient and insecure, but the repairer possesses that file and can send it to any other EMS user he or she wants.
That might be a little different under CCC’s plans.
“We are not claiming ownership of the data,” Fincher said Friday. But the information does rest with the company — sort of.
If body shops and third-party recipients just retained copies of the unencrypted BMS XML files and disseminated them all over without any encryption or parsing, “we’re kind of back where we started,” Fincher said: Unsecure customer, claim and car information flies around through raw dBase IV files.
Some sort of system was needed to convert the data into encrypted BMS messages and send them to another BMS-capable source which can decrypt them, Fincher said. In this case, that’s CCC sending and the companies in the Secure Share program receiving — for the fees above. (The BMS standard doesn’t produce encrypted messages per se; however, its XML outputs can be easily encrypted by off-the-shelf software for additional security not necessarily possible with the obsolete EMS messaging format. CCC will subject BMS messages transmitted through Secure Share to 128-bit encryption.)
“Anybody can connect to us,” Fincher said. “… There’s nothing nefarious here.”
For the majority of smaller shops, these questions are going to be merely philosophical, not practical, unless the shop wants to internally set up a system to encrypt, parse, store and disseminate their own BMS XML files. Otherwise, they’ll need to have someone manage that process; in this case, CCC.
Shops with the kind of infrastructure to manage the files or BMS process in-house should contact CCC to discuss this further. “We have a couple customers” with greater technical capabilities and interest, Fincher said.
For those still dissatisfied with CCC’s plan, there are certainly still marketplace options:
If a company wants to use CCC but still send data to a party refusing to convert to BMS following April 3, 2018, they can always rekey the information or pay someone like Estify to do it for them.
If a shop is absolutely in love with EMS, they can certainly use a competitor. Mitchell’s certainly open — Rozint said the company had no plans to discontinue EMS, though it also supports BMS.
“We actually do support BMS today, and have for a number of years at Mitchell,” he said.
AudaExplore did not respond to a request for comment Thursday.
“If it’s not broke, don’t fix it,” Rozint argued. No serious security complication had been reported despite all the EMS data “flying all over God’s green earth” for more than a decade.
CCC, Sept. 29, 2016
Featured image: CCC’s 2016 NACE booth is shown. (John Huetter/Repairer Driven News)