“Desperate men do desperate things,” is an old adage. It should come as no surprise that people will attempt to defraud those who have money for their own gain in challenging economic times. Dealers should be aware. A recent case from Colorado illustrates the point.
In April, a Coloradoan assumed the identity of an El Paso citizen and used it to perpetrate fraud on car dealerships and other businesses. He was charged with various crimes including the following: forgery of a government document, criminal possession of a forged instrument, criminal impersonation, identity theft, numerous forged checks, and, most significantly, aggravated motor vehicle theft. Essentially, these alleged crimes all related to falsification of whom that Coloradoan was. How did he achieve this degree of prevarication? Could the dealer have done more to protect his interests?
From a broader perspective, recent studies indicated that car loan-related identity fraud doubled from 2017 to 2018 and, that in 2018, identity fraud resulted in approximately $226 million in auto loan fraud losses.
In this new era of remote transactions, in retailing vehicles, the potential for fraud and identity theft become compounded. The formula is simple:
Recession + Remote Selling = Potential for Customer Chicanery
Dealers can control this situation by observing the Red Flags Rule diligently.
The Red Flags Rule
There are few times a dealer can assert that a regulation can be a blessing and a tool, but here is such a case. The Red Flags regulation can help a dealer from having a passel of trouble. In informal discussions with various dealers, this writer has concluded that some dealers have ignored this regulation to their peril. This article is a gentle reminder of this rule and its importance.
Historically, a red flag indicated a warning of impending flood, battle, or a rough surf. The red flag concept was adopted to promulgate the Red Flags Rule that requires a dealer to develop and implement a written identity theft program.
The Red Flags Rule was issued by the Federal Trade Commission (FTC) in 2007 under Section 114 of the Fair and Accurate Credit Transaction Act of 2003 (FACT Act or FACTA). The main purposes of the FACT Act was to provide consumers with protection against identity theft. Pursuant to this Act, the FTC has enacted the Red Flags Rule and the Disposal Rule.
The Red Flags Rule requires a dealer to develop and implement a written Identity Theft Prevention Program that is designed to detect, prevent, and mitigate identity theft. A “red flag” is a pattern, practice, or specific activity that indicates the possible existence of identity theft. It remains the duty of the dealer to take steps to confirm the identity of a customer for online sales and remote deliveries. In other words, the Red Flags Rule has a new application for dealers to discharge. Merely relying on a credit report or driver’s license, for example, isn’t a strong indicator of a customer’s true identity and will not meet the standards of the Red Flags Rule. Dealers must amplify their identity verification efforts to protect their interests against the menace of significant economic losses due to identity falsification.
The Red Flags Rule – what must dealers do?
Generally, dealers must authenticate the identity of their applicants and customers and monitor existing accounts for identity theft.
In addition, for remote transactions, dealers need to consider what additional Red Flags or customer identification methods are necessary if they aren’t able to physically inspect a customer’s driver’s license and confirm that the picture on the license matches the customer’s physical appearance, for example.
Dealers should have a written Red Flags plan
The written Red Flags plan should have four components. Every dealer should have a written Identity Theft Prevention Program that identifies the relevant red flags for his business. The program should outline a protocol to detect and evaluate these red flags at the individual customer level. Planning for remote transactions should be integrated into this program. If a red flag is detected the dealer should have a planned response to them as some red flags may be evidence of criminal conduct. With newer sales technologies being introduced, and remote sales becoming more utilized, the third part of the plan becomes significant: updating the Identity Theft Prevention Program. The program should be considered dynamic and should be altered periodically to counter changes in the market. The final component of the plan is establishing the appropriate administration. The dealer’s compliance officer should oversee the program. In fact, the federal rule requires such an overseer.
Basic questions to screen customers
The program should be surreptitiously incorporated into the initial phases of the transaction whether the transaction is at the store or online. Sales of vehicles shouldn’t be deterred by necessarily directing challenging customer applicants as to their identities.
As with any business transaction, ascertaining the basic information about the customer should be the initial step. But, in beginning this conversation about the credit report and collecting initial identification, the dealer representative should consider the personal behavior of the customer, as these could be red flags. For example, is the customer nervous or agitated? Is he disinterested in the price of the car? Does he seem to want to rush through the process? Is the customer acting in a curious manner? Does the customer wish to take a test drive? Is the customer resistant to visiting the store and prefers every aspect of the transaction to be done remotely? Any of these behaviors could be a red flag and should alert the dealer representative to more carefully scrutinize other aspects of the transaction.
Obtaining the personal identification, credit application, and credit report is the other initial step in the process. At the store, reviewing acceptable identification such as unexpired state government issued driver’s licenses with a picture, U.S. military identification card with picture, unexpired, state government issued identification card with picture, or a U.S. passport is relatively simple. In remote transactions it becomes more of a challenge since tampering with identification is an issue. A basic question, of course, does the photograph look like the person buying the car? Do any of these identification documents appear to be tampered with?
Observing how the customer completes the credit application may also be illuminating. For example, does the customer not wish to complete the application? Did the customer only provide a post office box number as an address?
Contrasting the completed credit application with the credit report may reveal inexplicable inconsistencies. For example, do any of the addresses match?
As to the credit report, it is replete with examples of red flags. Is there any type of fraud or active duty alert? Is there a notice of an address discrepancy? Is there a warning about the social security number?
There are a series of questions that the dealer representative could also ask that would indicate that the customer is not engaging in fraud. For example, the customer could be asked in what U.S. state was he residing when he or his parent applied for his Social Security card? What is the approximate balance on his Visa or MasterCard credit card? To whom does the customer pay his mortgage and how much is that monthly payment? What is the customer’s monthly car payment and to whom does he make the payment?
These types of questions could be answered by the use of a form that could make this process easier and more consistent.
This article is not an attempt to be comprehensive about the Red Flags Rule. There are numerous sources and vendors who can help dealers with their Red Flags Program. Presumably, dealers already have a program but the new business challenges would necessitate that they reexamine them. The FTC website ftc.gov/idtheft is quite instructive. If working with a third-party vendor be certain to screen that vendor to be certain that it has the capability to protect the dealer’s interests. Dealers should also remember that the FTC may penalize them for non-compliance. A Red Flags Program is not difficult to implement but should be an important program for dealers to continue to execute and monitor, especially in the current business environment.