Red Flags Rule for Auto Dealers: Combating Identity Theft

RISK INSIGHTS

ach year, more than 9 million Americans fall victim to identity theft. Often, there are red flags—or potential patterns, practices or activities indicating the possibility of identity theft—before it actually happens.

To protect consumers, the Federal Trade Commission’s (FTC) Red Flags Rule requires affected businesses to take an active role in recognizing and stopping identity theft. Specifically, this is accomplished through a mandatory, written identity theft prevention program coupled with employee training. Primarily of concern to financial institutions and creditors due to the leasing and loan options they offer, auto dealerships fall within the scope of this rule.

Compliance Benefits You

When government agencies implement new rules, business owners have a tendency to get a little uneasy; new regulations can mean additional costs that business owners may not always recoup. However, when it comes to identity theft, auto dealers can end up suffering just as much as the person whose identity was stolen.

When your auto dealership works with indirect financing and lease agreements, you are making a guarantee to the leasing company about the customer’s identity. Depending on the terms of your master agreement, the leasing company you work with may be able to return contracts to you if the buyer is discovered to be an identity thief. This would make you responsible for the collection of any payments, payments that the thief has no intention of making. At this point, you could attempt to reclaim the vehicle, but as any information you have about the customer is likely incorrect, it is highly unlikely that you will be able to track it down, leaving you with a loss for the entire purchase price.

Taking steps to actively prevent identity theft at your dealership not only protects consumers, it can also save you from a costly loss.

How to Comply

To comply with the Red Flags Rule you are required to develop and implement a written identity theft prevention program. According to the FTC, the Rule allows dealers the flexibility to tailor their programs based on their unique risks. Compliance is then based on how reasonably these risks are assessed.

Therefore, the FTCs only direction is that your program must be appropriate to your organization’s size, complexity and nature of activities. Here are some important steps to include in your program:

• Identify indicators of identity theft. The FTC has established a number of red flags that can be signs of identity theft. While these are a good place to start, for a program to truly be successful you will need to consider red flags that may be specific to your industry or even unique to your dealership itself. Draw on the experience of others in your industry along with your own experience to add additional red flags to your watch list.
• Detecting and recognizing indicators of identity theft. Identity thieves don’t announce themselves as they walk through the door, so you and your staff need to be diligent in looking for possible red flags. Establish a procedure for verifying or authenticating both new and existing accounts. Look for alerts from credit reporting companies, suspicious documents or personal identification information, and suspicious account activity.
• Create a response plan. A red flag does not guarantee a customer is an identity thief. Your program needs to cover the steps to be taken after a red flag is uncovered to help confirm a customer’s identity. It is possible that there is a simple explanation for the discrepancy. However, if an initial inquiry with the customer offers no explanation, proceed with caution until you can find an alternate method of verifying his or her identity.
• Keep your program updated. Ensure that you re-evaluate the program at least annually and update it as needed. Also include in the program how you plan to train the appropriate staff to identify, detect, respond to and prevent red flags and identity theft.
  
  

The FTC also requires that your program outline who will be in charge of administering, overseeing and carrying out the program. Visit the FTC’s website at www.ftc.gov for more information on building a plan or help determining whether you need to comply with the Red Flags Rule.

© 2012 Zywave, Inc. All rights reserved.  |  Provided by Utica National Insurance Group
This Risk Insights is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.