Warning: You are using an outdated Browser, Please switch to a more modern browser such as Chrome, Firefox or Microsoft Edge.

The cyber risk of virtual car keys

Connected cars need to offer adequate protection from potential cyber risks, but at the same time they have to permit discrimination-free access to the vehicle’s data so that third parties can perform servicing. Just how complex that can turn out to be in practice was discussed by the experts at the 8th Allianz Motor Day on September 22, 2020, focusing on the example of the “virtual car key.” 

That key opens, locks, and starts the car using a smartphone, which replaces a conventional car key. 

It’s convenient, but it also raises questions. For instance, what’s the data security situation? What happens if the system gets hacked? And questions also arise for insurers, especially in the event of a total theft. After their car is stolen, the vehicle’s operator has to provide us with the full set of keys when claiming the loss. But how do you do that? How can they prove the vehicle was really stolen, and that it isn’t just being used by an authorized driver who somehow “acquired” a virtual key at some point? And the insurer has to answer the questions: What do we need to investigate, and how?

After a car theft, a customer has to turn in the full set of keys to the insurance company to get the claim settled. If the person has a digital key, besides turning in all the physical keys, they also have to name everyone who held an authorized virtual key at the time of the theft, and prove that the authorization was canceled.

An international standard for virtual keys

That’s why Allianz joined forces with RCAR, an international association of automotive research centers with 24 members in Europe, Asia, North America, South America, and Australia, to define an international standard for virtual vehicle keys so our clients can be compensated quickly and without complications after a total theft, even when a virtual key is used. On top of that, to protect clients, the standard also defines yardsticks for the IT security of the entire system, including the vehicle, the smartphone, the back end, the communications, and user interactions. 

In addition, as part of its initial insurance classification, since March 2020 the association of the German insurance industry (GDV) has been covering these systems if they’re included or being prepared for the vehicle.

Virtual car keys must not be duplicable

“A client has to be able to trust a virtual key. Nobody is going to send in their smartphone to the insurance company if their car is stolen,” says Jochen Haug, Chief Claims Officer at Allianz Versicherungs-AG. “In other words, the key can’t be duplicable, and in the event of a total theft, we need a transparent view of who was authorized to use what key, and when.”

The four most important requirements for a virtual car key

  • A virtual car key must not be duplicable. Analogously to a physical key, it must be possible to tell how many keys are in circulation.
  • All authorized users of the vehicle must be listed for the client – and in the event of a claim, for the insurer – in a way that’s easily understandable, transparent and unchangeable. The client must also be able to provably cancel all virtual keys immediately in the event of a total theft.
  • Authorization to access the car must be separate from the authorization to drive it, to keep the existing protection provided by the electronic engine immobilizer from being circumvented, and to ensure the security of future service models like “delivery to the trunk.”
  • The data environment for making and storing virtual keys must be strictly separated from other applications. All data critical to security – like authorizations and key calculation – must be stored or carried out in a secure storage and execution environment. 

The Allianz Group is one of the world's leading insurers and asset managers with more than 100 million* private and corporate customers in more than 70 countries. Allianz customers benefit from a broad range of personal and corporate insurance services, ranging from property, life and health insurance to assistance services to credit insurance and global business insurance. Allianz is one of the world’s largest investors, managing around 785 billion euros on behalf of its insurance customers. Furthermore, our asset managers PIMCO and Allianz Global Investors manage 1.8 trillion euros of third-party assets. Thanks to our systematic integration of ecological and social criteria in our business processes and investment decisions, we are amongst the leaders in the insurance industry in the Dow Jones Sustainability Index. In 2020, over 150,000 employees achieved total revenues of 140 billion euros and an operating profit of 10.8 billion euros for the group.

These assessments are, as always, subject to the disclaimer provided below.

*Including non-consolidated entities with Allianz customers.

Press contacts

Christian Weishuber
Allianz Deutschland AG
As with all content published on this site, these statements are subject to our cautionary note regarding forward-looking statements:

Further information

How to insure a pandemic

What does a pandemic have to do with Tetris? Well, for one, they both start slowly and pick up speed very fast. Unlike Tetris, thankfully, a pandemic is possible to manage. However, what the pandemic highlighted are the enormous challenges that are involved in insuring it. In addition, it also opened up new paths to future insurance solutions that could cover such global events of enormous proportions…

Important role in internationalization: Allianz Deutschland strengthens lines of business

Allianz Deutschland is repositioning itself to leverage the important role of the German business lines' divisional companies in internationalization and to foster a joint market presence. Germany is one of the most important markets for the Allianz Group.

Allianz Global Corporate & Specialty partners with Google Cloud and Munich Re to provide cyber risk management solution for cloud customers

Allianz Global Corporate & Specialty, the corporate insurer of Allianz SE, and Munich Re have jointly developed a new commercial cyber risk insurance solution called “Cloud Protection +.” This collaboration provides state-of the-art insurance exclusively designed for customers of Google Cloud enrolled in Google’s new “Risk Protection Program.”