Who Are You? Who? Who? Who? Who?
Who Are You? Who? Who? Who? Who?

If you are of a certain age, you will quickly recognize the refrain from the 1978 double platinum “Who Are You?” album by rock legends, The Who. While the song is about band member Pete Townsend getting questioned by the local men in blue after a bender, on the dealership floor, the question is more focused on getting to know the prospective buyer.

More specifically, your dealers need to know the identity of each buyer, and they need to know that the buyer is not an identity thief.

What we are talking about is, of course, the Red Flags rule. The Red Flags rule is designed to identify “red flags” or reasonably foreseeable risks of identity theft. The goal of the rule is the protection of customers who may be victims of identity theft, but it protects your dealer clients as well.

Red Flags and the CMS

Generally speaking, each dealership should have an identity theft program in place as part of a larger compliance management system (CMS), which consists of policies and procedures, training, auditing and complaint management.

The Red Flags rule requires an evaluation of certain risk factors such as alerts from consumer reporting agencies, presentation of identification documents which appear altered or do not match the physical appearance of the customer, unusual activity in the customer account (e.g. material change in the use of credit), among others.

From a practical perspective, there are at least two additional considerations. First, many, if not most, dealers outsource Red Flags compliance and then stop thinking about it. Have your dealers updated their policies and procedures to reflect the outsourced Red Flags process? Does their sales force check the red flags identified by the FTC? What is the procedure if a red flag is discovered? Reliance on third-party software may not be sufficient to comply with the rule if a comprehensive compliance process is not implemented.

Full Indemnity

The second practical consideration concerns vehicle financing. Most, if not all, larger indirect financing sources will require full indemnity and repurchase of any purchases obtained through identity fraud.

There is no insurance policy which will cover a loss caused by violating the law so, as a practical matter, your dealer will suffer a double loss in that they will need to pay back the bank and they will not have the vehicle. In addition, the FTC can impose a fine of $3,500 per violation in addition to seeking per-day penalties and UDAAP damages. The total financial cost of identity theft to the dealership can be substantial.

Dealers are increasingly relying on the internet to drive sales. Completing sales remotely creates a large identity theft risk because the ability to verify the customer’s identity is more difficult. The buyer can send a “Photoshopped” driver’s license via email, for example, or provide a fraudulent credit card.

So what is the takeaway here? Identifying red flags is required to protect against identify fraud, and having a good program in place will go a long way toward protecting both the customer and your business. You and your dealers need to take action to protect their reputations and preserve customer loyalty. You need to take action to keep the growing problem of identity theft out of your clients’ dealerships by verifying that the potential customer is exactly who he or she says they are.

As Pete Townsend says, you “really wanna know” who are you, Mr. Customer? Who? Who? Who? Who?

About the author

Robert Wilson

Contributor

Robert J. Wilson, Esquire (Bob) is a Philadelphia lawyer and is General Counsel for ARMD Resource Group. Bob is the principal of Wilson Law Firm and has over 30 years of experience both as a counselor and as a litigator in State and Federal Courts. Risk management, problem solving and dispute resolution are his core competencies. Bob’s practice is largely in the consumer finance space and he regularly consults with Lenders and contributes articles on various compliance related issues.

View Bio
0 Comments