Table of Contents Table of Contents
Previous Page  142 / 284 Next Page
Information
Show Menu
Previous Page 142 / 284 Next Page
Page Background

HOT TOPICS

2017

MEMBERSHIP

DIRECTORY

127

in-law) can help determine the legitimacy of the customer’s identity. Out-of-wallet questions are available

from electronic identity verification services and are critical for Internet customers whom you will never meet

personally at your dealership store (although it is always a good idea to try to get the customer to come to the

dealership to pick up the vehicle).

The third step requires your ITPP to have measures to take when you identify red flags in customer transactions

but cannot adequately clear them with the customer, such as by the customer providing additional documents or

information such as a passport, Social Security earnings statement, or original utility bills. Out-of-wallet questions

also provide a way to gain comfort with the customer’s identity if red flags are uncovered. Escalate any unresolved

red flags to the Program Manager. In August 2009, a dealer in Colorado was suspicious of a customer and

questioned him during a test drive. The dealer declined to do business with the customer, who was later arrested

in NewYork City for possessing bomb-making materials and charged with planning a terrorist attack in NewYork.

Identity thieves like fast, easy transactions and will often come to a dealership late at night before closing on a

weekend. If they encounter a diligent ITPP and are faced with appropriate questions and requests to document

their identity when red flags are present, many will just leave and go to another dealer who is not as diligent.

For the fourth and final step, you must update your ITPP periodically (but not less often than once per year)

based upon your dealership’s own experiences and new information concerning identity theft from regulators,

law enforcement, and industry experts. An ITPP is a dynamic program and should be re-evaluated continually.

For example, one new wrinkle on identity theft and safeguards involves thieves contacting overnight delivery

couriers to request a change of delivery address for a package containing a customer’s personal deal documents

and misrouting them to the criminal. It is a good practice to instruct any overnight courier service you deal with

not to permit any re-routing of deliveries for packages you send out to customers.

Employees who perform program functions should prepare annual reports to the Program Manager concerning

the ITPP’s effectiveness and make suggestions for improvement. The Program Manager should then use these

reports and other identity theft resources to make an annual report to your Board or senior management detailing

the effectiveness of the ITPP and proposing material changes. Training of employees and strict oversight of ITPP

service providers who have access to your customers’ data are also critical tasks that the Red Flags Rule requires.

Document everything you do and keep copies of all identity-related documents (e.g., the report of the electronic

identity verification service and anything the consumer gives you to prove their identity) in the deal jacket in case

you are audited. Apply your ITPP to every customer unless you know them personally.

As noted above, identity theft fraud to finance autos is on the rise. In 2007, only 4% of reported finance-related

identity theft fraud involved auto financing. In 2008, the figure rose to 22%; in 2009 auto credit identity fraud was

up to 29% of reported incidents. (Source: Identity Theft Resources Center). A government report issued in 2009

found that only 50% of attempted identity fraud in auto finance was detected prior to funding. And new identity

fraud credit accounts increased by over 20% in each of 2010 and 2011. In 2014, the National Insurance Crime

Bureau uncovered an identity theft ring in Detroit that fraudulently leased five cars worth more than $300,000.

The thieves altered the VINs and planned to sell the vehicles to unsuspecting consumers. In addition, many garage

policies no longer cover identity theft losses, or charge a substantial incremental premium to do so.

The FTC Address Discrepancy Rule

The FTC Identity Theft Address Discrepancy Rule (“Address Discrepancy Rule”) is a companion rule to the Red Flags

Rule. It requires users of consumer reports who receive a notice of address discrepancy from a consumer reporting