Since 2008, the Federales require that dealers have policies, procedures, and processes in place to reasonably detect and prevent an identity thief from using a victim’s identity to purchase and finance a vehicle from a dealership.

We must continually remind ourselves and our dealer clients that as the identity thieves continue to get better at their profession, we must ramp up our processes to detect them.

Most dealers set up sufficient processes when the law became effective, but some have let the process stagnate. I suspect that many dealers have not met the additional requirements of completing an annual report or an update to their Red Flags policy to address new threats (such as synthetic identity fraud). Agents can assist their dealer-clients to ensure these updates are completed and solutions implemented.

We must continually remind ourselves and our dealer clients that as the identity thieves continue to get better at their profession, we must ramp up our processes to detect them.

Today’s Lockdown Reality

Many dealers’ Red Flag vetting processes were fairly standardized before the coronavirus pandemic lockdowns. Dealers relied on a third-party vendor to vet the credit applicant who provides the dealer with a basic pass/fail report after they enter the credit application information into the vendor’s software and obtain a credit bureau report.

With a thumbs-up, the sales manager continues with the sale. If the vendor’s report shows a thumbs-down, some sales managers resolved the potential discrepancy, some ignored the finding, and others manually updated the report to erroneously state the potential discrepancies were vetted and resolved.

The lockdown has dealers transitioning to a digital remote delivery process and they are so focused on this, the Red Flags vetting process may have been overlooked or taken for granted.

Here are some “Red Flags on steroids” solutions that agents can bring to their dealers.

Risks in Remote Digital Deliveries

Some might say that the risk of identity theft does not necessarily increase with remote deliveries, whether digital or paper-based. I submit that identity thieves are generally non-confrontational. Many do not want face-to-face contact and would prefer to steal a victim’s identity from afar. This preference for an identity thief in Chicago to purchase and finance a vehicle on a Florida dealer’s website, passing over hundreds of similar vehicles available locally, has always been a red flag of identity theft.

Out-of-Area Policy

A dealer should have an out-of-area procedure in place to handle any delivery not completed in the showroom. I do not know of any dealer who dedicated a portion to out-of-area deliveries in its original Red Flag policy.

Government-Issued ID Vetting

Any valid Red Flags policy must also require that the consumer provide a valid government-issued ID to purchase and finance a vehicle. When the Red Flags Rule was implemented in 2008, it was uncommon for an identity thief to successfully forge a government-issued ID. Such is not the case today.

I’m aware of a vendor that has the ability to vet a government-issued ID, essentially using the same machine that TSA uses at the airports. This vendor cannot currently vet the driver’s license information with the state DMV to confirm it is a valid license.

Another reputable vendor is preparing to come to market with a process that does not require additional hardware, vets the driver’s license or passport, provides optional facial recognition telematics, and can confirm the driver’s license information with many state DMVs.

One of these company’s product should be used on every retail sale.

Off-Site Signing Service

There are a couple of national document-signing services that use local notaries to contact the customer, obtain signatures, confirm identification, and notarize the documents. These should be employed on every non-digital remote delivery.


A few of my dealer clients obtain the right and left thumbprint of every person contracted on a vehicle sale. The dealer reports that each month there are a handful of times when a consumer finds a reason to step out of the F&I office when asked to provide a thumbprint and disappears. The dealer believes that the potential loss of an identity theft disappeared on that transaction as well. He also tells me about the time he did have an identity theft, provided the thumbprint to the police officer, and the thief was ultimately apprehended.

Stay tuned, and as always … Stay safe, good luck, and good selling.

Gil Van Over is the executive director of Automotive Compliance Education (ACE), the founder and president of gvo3 & Associates, and author of Automotive Compliance in a Digital World.

Read: Voting Underway for 2020 Dealers’ Choice Awards