Identity Theft at Your Dealership(continued)
In January 2007 this happened to a Warren Henry Auto Group in Miami
Gardens, Florida
1. The Warren Henry Automotive Group is a well known,
highly respected company which sells top of the line luxury vehicles. They
take pride in taking care of customers and providing the best service.
had safeguards in place.
Regardless, in just a few seconds, dozens of
customer’s financial security was put at risk while they were not paying
attention. The records were left out in the open, unprotected, ready for the
thieves to take.
They thought it could not happen to them. But it did.
Then there was the negative media coverage of the event that followed
which is something a business of any kind does not want.
    Identity theft is the fastest growing crime in the United States. According to a
    report2  just published in February by the Federal Trade Commission, there were
    813,899 complaints filed in 2007. This is up 136,616 from 2006.  This is in spite of all
    the new laws and regulations passed to help protect a person’s personal information.
    It has become more lucrative to steal a person’s identity than to rob a bank. In 2007
    1.2 billion dollars was stolen through identity theft and fraud. A little less than 40% of
    the total of complaints were internet related while the other 60% came from every day
    kind of transactions. Every time a person uses their credit card there is some
    risk. For example, how many times have you gone out to restaurant for dinner and
    used your credit or debit card to pay for the meal? At the end of the meal the server
    takes your credit card from you, goes somewhere where you cannot see and then
    comes  back after a while and asks for your signature. During that time how easy is it to write down your
    credit card number, expiration date and the security code from the back of your card? It is extremely
    easy! There were thousands of cases reported just like this last year.
The Fair and Accurate Credit Transaction Act, also known as the Fact Act, was designed to fight Identity theft.
Part of the Act requires credit and debit card receipts to show only the last four digits on the customers copy.
From my research, I see no indication that this requirement has helped stop Identity theft or fraud in any way.
Crooks are just simply writing down the number or taking the merchant’s copy which in some cases already
includes the full number on it.  Another part of the FACT Act, the “Red Flag” Regulation, just went into effect
January 1, 2008.
Full compliance by dealerships must be in place by November 1, 2008. In a nut shell the
Red Flag Regulation drafts those who are in the financial services industry to be the eyes and ears of law
enforcement in the fight against Identity theft. Dealerships are required to have a “Red Flag” policy in writing and
in place by the November 1st dead line.

So what does this all have to do with the service or parts departments? The fact is that Gramm-Leach-
Bliley Act and the Fact Act are not directed at the service department. They are for those within the dealership
that provide financial services to customers, which takes place in the sales department. It could be debated that
the Patriot Act and Executive Order 13224 does apply to service departments. They require that a person or
business know who they are doing business with and each customer is checked against the SDN list (Specially
Designated Nationals List). The government acknowledges that checking every person that comes into a
dealership to have an oil change is not practical and not the intent of the law. However, that does not mean we
should not be diligent when it comes to protecting our customers from would be identity thieves. It should be noted
that even though the laws and regulations that the sales department has to follow doesn’t apply to the service or
parts department, that does not exonerate you from the possibility of civil liability if a customer is able to track their
identity theft or fraud to your dealership.

There is an issue when it comes to the information that is shared between the service and parts
departments and the sales department
. Most of the big dealerships now have CRM programs (Customer
Relations Management) that make available customer information to all departments. This is where the service
and parts department have to be careful.
If the information on a customer was collected by F&I office it is
covered under the “Safeguard Rule” of the Gramm-Leach-Bliley Act.
Exposing that information to
unauthorized persons is a violation of the law and subject to heavy fines.

Michael Maguire
Agent-Trainer/Curran EasyCare
Copyright © 2008 Automotive Dealers Network. All rights reserved.
Michael is one of the nation's leading Compliance Experts.
He is an agent for Curran EasyCare, serving New England
Automotive Dealerships. They offer insurance service
coverage, RV coverage, driver care, GAP coverage and
1News report from channel 4 CBS news Miami, Florida, Jan 31, 2007. To view report  go to:
2Consumer Fraud and Identity Theft Complaint Data report published February 2008
    Now you ask “what are we suppose to do?” Simple! Take a look at your dealership and look
    around to see how much customer information is around. Determine your exposure. Then put
    policies in place and train your employees. Treat all customer information as top secret. Make
    no exceptions. When an employee is away from their desk, customer information
    should be out of view of the general public, preferably in a drawer that can be
    locked. That includes ROs. ROs have customers' names, addresses, phone
    numbers and vehicle identification numbers. Never give any information,
    even a Vehicle Identification number, out to someone on the phone.
    Your parts department should not cut a new key for a customer unless they can
    prove, in person that they are the owner of that vehicle. Credit card slips and checks should be
    placed in a secure lockable place, unavailable to prying eyes or sticky fingers.
    All this sounds like common sense, but in the
    everyday hustle and bustle of life we take short cuts.
    Identity thieves depend on this. Put safeguards into
    your parts and service department. Protect your
    customers, avoid being a newspaper headline.