By: Jim Radogna
The new federal regulations that went into effect in 2011 have added to the never-ending compliance requirements that dealerships must contend with. Fortunately, most dealers have found that the Risk Based Pricing Notice and updated Privacy Notice requirements are pretty easy to handle. Utilizing the Credit Score Disclosure exception to Risk Based Pricing Notices and using the New Model Privacy Notices is relatively simple – just a few more forms to add to the pile. The Red Flags Rule is another story.
Red Flags regulations require a dealership to not only be a good citizen, but to be a cop as well. There’s no two ways about it, if red flags are detected during a credit transaction, certain proactive steps are required that will create extra work and slow down the deal process.
Many dealerships are utilizing automated Red Flags programs to help stay in compliance with the new regulations. These programs, such as those available through RouteOne, are excellent and certainly make it easier to navigate the Red Flags Rule. However, there’s some due diligence required on the part of dealership personnel when potential “Red Flags” are detected by these systems. Unfortunately, this is not an uncommon occurrence. Fraud or active duty alerts on credit bureaus, address discrepancies, multiple recent inquiries, or multiple new accounts recently opened are just a few of the situations that are considered to be identity theft “Red Flags”.
During compliance reviews recently, we’ve been paying particular attention to how dealership employees are handling the new Red Flags requirements. Not surprisingly, we’re finding that in many instances when red flags are detected during a transaction, staff members are struggling with what to do next.
For instance, we’ve found a number of situations where the red flags program has prompted that a “high risk has been detected” and that “out of wallet questions are required”, but the questions have not been asked of the customer. While it can certainly be uncomfortable to ask a customer personal questions or request that they supply additional proof of identity or address, it is important that these steps not be avoided. If an identity theft does occur, and the system-recommended steps were not taken, it’s conceivable that the dealership’s exposure to liability will be increased dramatically. The same holds true in a situation where the dealer’s Red Flags procedures are audited by a regulator. Staff members’ proclamations that they had a ‘gut feeling’ that the customers were who they said they were will not likely be enough to satisfy the investigators. The fact that the employees were prompted to follow a particular procedure and failed to do so would almost certainly make matters much worse.
Training is a mandatory requirement of the FTC’s Red Flags Rule. Employees should be well-trained in all aspects of the company’s Identity Theft Protection Program and features of any automated Red Flags systems, including the proper procedures necessary if Red Flags are detected. The training should explain the spirit of the law as well. It is important that staff members understand that the Red Flags Rule requires employees to be proactive in attempting to prevent identity theft and that any shortcuts taken in the process can create extreme liability to the dealership.
Even the best Red Flags program is not infallible. Chances are that an experienced identity thief will succeed despite a dealership’s best efforts. That’s understandable. As long as the company can show that they have performed their due diligence and did not take any shortcuts, their exposure will likely be lessened dramatically.
Jim Radogna is the President of Dealer Compliance Consultants, Inc., a national training and consulting firm based in San Diego, California. Before founding Dealer Compliance Consultants, Jim developed a strong background in dealership operations, having spent over 15 years in dealership management. His experience includes working in diversified roles such as sales manager, F&I director, general manager, and training director. In addition, he served as compliance officer for a large auto group, where he developed and integrated a comprehensive compliance program. Being well-versed in all aspects of dealership operations, Jim has used his knowledge and industry experience to develop unique, no-nonsense compliance and reputation management solutions for automobile dealerships of all sizes. These programs are designed to not only protect dealerships from liability, but also greatly enhance the company’s reputation, increase profitability through consistent processes, and increase customer satisfaction and retention.
RouteOne is offering dealers FREE training on the new Compliance Dashboard functionality within RouteOne. We are offering daily webinars through Thursday, 2/23. Register today!
RouteOne Compliance Dashboard Webinar (2:00 p.m. EST)
The RouteOne Customer Support Team will lead the trainings on 2/28, 3/1, 3/6, 3/8, 3/13, 3/15, and 3/20. The RouteOne team will help you:
-
Establish an understanding of actions that may be taken in the RouteOne Compliance Tab
-
Set up system preferences in the RouteOne system
-
Complete an action within the system in regards to:
-
Identity Verification
-
OFAC
-
Risk-Based Pricing Rule – Credit Score Disclosure Notices
-
Dodd-Frank Adverse Action Notices
-
Run Compliance Reports within RouteOne
To reserve your spot, please visit www.routeone.com/DashboardTraining.
Questions? Contact RouteOne Customer Support at 866.933.0663 or customersupport@routeone.com.
Spyware
Spyware refers to a category of software that when installed on your computer may send multiple popup windows, redirect your browser, or monitor the websites that you visit. There are invasive versions of spyware that may record your keystrokes (called key loggers) and will capture your sign-in credentials for sites that you have access to.
The following symptoms may indicate that you have downloaded spyware and it is installed on your computer:
-
You are getting endless pop-up windows
-
You type in a web address and get re-directed to a different website
-
New unexpected tool bars are in installed on your browser, or new icons appear in the task tray on the bottom of your screen
-
The search engine you use opens a different browser or page than what was intended
-
Certain keys do not work in the browser (e.g., tab key doesn’t work moving field to field)
-
Random windows error message, begin to appear
-
Your computer suddenly seems very slow when trying to open documents or programs
Preventive Measures for Spyware
-
Don’t click on any links within a pop-up window. To close such a pop-up window click the X on the title bar instead of “click here to close.”
-
Choose no or close the pop-up if an unexpected dialog (pop-up) box appears asking if you want to run a particular program or perform another type of task. Always close the dialog box by clicking the X on the title bar; if that is not available, answer no or cancel.
-
Be wary of free software downloads. Many sites offer customized toolbars or other features. Never download software from a site you do not trust; you may be exposing yourself and your computer to spyware by downloading free software.
-
Don’t follow email links claiming to offer anti-spyware software – like email viruses, this may service the opposite purpose and will install spyware on your computer.
Removing Spyware
-
Run a full scan on your computer using the anti-virus software that you or your network engineer has installed on your machine.
-
Keep your anti-virus software current by downloading updates from their site (e.g., Norton or Symantec)
-
Run a legitimate product designed to detect and remove spyware.
-
Make sure your anti-virus and anti-spyware software is compatible with each other.
For more information on Social Engineer, Phishing, Spyware and other security threats please visit the United States Computer Emergency Readiness Team at http://www.us-cert.gov/cas/tips/