Home » Archives » Oct. 13, 2008: The latest cop in the fight against identity theft: You

Oct. 13, 2008: The latest cop in the fight against identity theft: You

It was the mid-1970s, and I was sitting at my desk reading through the fines I might receive for a single violation of an OSHA regulation. I had been in the motorcycle industry for about five years and was quite concerned with the scope and reach of this new government agency that could show up at my door, walk through my shop and fine me into oblivion. So I began at the top.
A grinder without a guard, $200. OK. A welder that wasn’t grounded, $500. OK. A man working without eye protection, $1,000. OK. Bays that weren’t properly vented for exhaust, $1,500. OK. And on and on through the long list. The infractions got progressively worse, the fines got progressively larger and I was getting progressively more worried as I worked my way down. And then I got to the bottom of the list. There it was. The largest fine of all — $10,000, for killing the inspector! Whoa, I thought. This stuff is really serious!
OSHA was just the start. Say hello to Disability, Harassment, Discrimination, Drug and Alcohol, Adverse Action, Truth in Lending, Money Laundering and Accident Reporting just to name a few. And now we are handed a new one. A simple name, but wait until you see what it means to us. Welcome to, Red Flags.
Welcome to the latest cop on the street in the fight against identity theft: You. Yes, you. You handle financing of a big ticket item and in that process you receive, control, pass on and retain a great deal of a customer’s personal information. A credit ap washing around in a dumpster is solid gold to an identity thief. A misguided e-mail that lands in the wrong mailbox, the trash basket in the F&I office, a credit card receipt — all convertible to cash in just hours, for the right (wrong) person.
So the Federal Trade Commission has decided the best place to fight identity theft is where the information first changes hands. And that means you, your store and your F&I office. So here are the regs. Now, pay attention. The law says that you have to be compliant on the first day of November. This year. Got your attention? Here are the basics:
First, you are subject to this law. Don’t even think you are not. Automobile dealers are specifically named, and if you substitute “motor vehicle” for “automobile,” you’ll get the drift real quick.
The program has four major points of impact in your daily operations. They are:

  • You must have a written policy that describes any transactions that could be subject to fraud and/or identity theft.
  • You must train your employees regarding the implementation and continuing application of security measures in your dealership.
  • It is your responsibility to detect, deter and defend against the theft of your customer’s personal information. You must evaluate each transaction (parts, service and unit sales) to detect and deter any fraudulent acts.
  • As owner of your dealership you must evaluate, and take responsibility for the effectiveness of your program.
    As a help to you, the FTC has issued a short list of 26 Red Flag Rule indicators of possible fraud. These 26 “flags” fall into five general areas, which are:

  • You must watch for alerts from consumer reporting agencies regarding specific persons. Your customer must be checked against such information.
  • You must inspect all documents submitted by your customer for signs of fraud. Such signs include alterations, inconsistent photographs and information that is inconsistent.
  • You must be able to detect suspicious personal identifying information. Social Security numbers should be checked for internal integrity, checked against the Social Security Death index, and checked for the proper correlation between the year issued and the person’s birth year. Addresses and telephone numbers cannot have been used on a (previous) fraudulent credit application. (The FTC actually says that a Red Flag condition exists if the home address given by the applicant is a prison!)
  • You must respond to any knowledge of unusual or suspicious activity related to an applicant’s personal conduct (e.g. return mail from the current given address).
  • You must react to notices from financial institutions, or identity theft victims, regarding actions taken by your applicant or customer.
    So welcome to Law Enforcement 101. Get on board. You don’t have much time. Remember, the effective date is just weeks away. There are private companies out there that will help you, and the FTC Web site, http://ftc.gov, is actually quite helpful.
    OSHA is now almost 40 years old, and when we see an open fly-wheel, we can’t believe it. In time, we will all feel the same about Red Flags, so get moving.

    Hal Ethington has been associated with the powersports industry for more than 30 years. Ethington is a senior analyst at ADP Lightspeed. He can be reached at Hal_ethington@adp.com.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *