A new study by the identity-theft think tank, Ponemon Institute, finds that data security compliance actually reduces long-term expenses. This conclusion may be particularly appropriate in the auto industry since another study (the Javelin Group’s annual identity theft study) found that new account fraud (like auto credit identity fraud) showed longer periods of misuse and higher losses to victims like auto dealers than in past years.
The Ponemon study was not directed specifically at auto dealers but included a wide variety of retailers and financial services firms. Many of these firms focused their security efforts only on authentication and did the minimum. Banking institutions had the most diligent data security audits and fared the best from a security compliance standpoint in avoiding costly security breaches. Coincidentally they also invested the most in automated compliance tools to verify and secure their data. A spokesperson for the study indicated that organized crime has an easier time getting data from retailers and other groups.
Dealers can use automated security tools as well. Perhaps the most important of these is using an electronic identity verification service (such as DealerTrack’s DealWatch) in your Red Flags Identity Theft Prevention Program to identify and evaluate red flags in customer information provided on credit applications. These identity verification services bounce the customer’s information against thousands of fraud-related databases to look for possible matches. They also have algorithms for assessing whether the customer is the most likely match for the Social Security number given.
It’s no secret that identity thieves steal Socials and establish new credit files using real Socials and other identity information that belong to someone else. An electronic identity verification service is about the only way you can smoke out these classic identity theft indicators. These services also can provide you with knowledge-based authentication questions, sometimes called “out-of-wallet” questions that cannot be answered from a stolen wallet or credit report. An example of such a question is to give you a list of five people and ask which one you know, one being the real person’s brother-in-law. If an identity verification service saves you just one sale to an identity thief (and it will), it will pay for itself many times over.
The Javelin study actually had some good news to report. For the first time since they began surveying in 2003, the number of identity theft victims in 2010 actually decreased from the prior year. But longer delays in identifying new account fraud and the larger losses from these accounts suggest that auto finance identity theft continues to be a very real problem.
Many illegal immigrants and other criminals create “synthetic” identities combining real identity elements of different people to create a fake person and obtain a credit file for him or her. They then use the fake identity to finance vehicles, get credit cards, and establish residency while in an area for seasonal work. Many of these people will pay on their auto finance accounts for a period of months, even years, and then default.
Under the Red Flags Rule, lenders are obligated to look at accounts in their portfolio for possible identity theft, even accounts that have paid for a while and then gone bad. When lenders identify these accounts as identity theft, many will recourse them back to dealers even many months from the origination of the account by the dealer. It’s not just first-payment defaults that get recoursed back to dealers for identity theft any more. This is an unintended consequence of the Red Flags Rule that makes it critical for dealers to identify and stop identity theft at inception.
Making even a small investment in data security technology to both safeguard your customer information and authenticate every customer’s identity will save you money over the long run. A security breach of customer information or vehicle sales to identity thieves are what a leading identity theft expert refers to as “career-ending events.” For dealerships, a security breach of customer information will require hiring a forensics expert to identify and patch an IT breach; giving notices to the affected customers; reporting to credit bureaus and law enforcement; and managing the PR nightmare that follows the disclosure. Lawsuits also frequently follow data breaches and while consumers don’t typically prevail where they cannot show harm or causation, the defense costs can easily hit six figures and generate more adverse publicity.
It’s an equally troubling scenario with sales to identity thieves. Lender Agreements almost always contain provisions whereby you warrant the true identity of your customers and give lenders the right to recourse back the contract once the identity theft is discovered, even if that is not until months or years later. Especially for hi-line dealers, the costs to repurchase a financing contract can be exorbitant and make a material adverse impact on the bottom line.
Take a look at electronic solutions like electronic deal jackets and electronic identity verification services now before you get hit. As the Ponemon study found, it will be well worth your time to do so.
thecomplianceguide.com is intended for information purposes only and does not constitute the giving of legal or compliance advice to any person or entity. Because of the general nature of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on your particular situations and circumstances.