Team VADA eViews
The Digital Newsletter of Your Virginia Automobile Dealers Association
March 2008
In 2007 we began our “Keys to F&I Compliance” series. After a brief hiatus it is back! We will continue our in depth discussion of some of the twenty keys to F&I Compliance that were published in the January 2007 VADA Views. This month we will discuss safeguarding customers’ personal information and prevention of identity theft.
-
A Privacy and ID Theft Program are essential in today’s dealership
-
It is critical that it be implemented properly
-
You should have a dealership signature policy for all deal documents
Have a Privacy and ID Theft Protection Program.
The federal government is likely to mandate this through the upcoming Red Flags rule. Until then, make sure policies are in place to deliver a privacy notice and to train employees to comply with the dealership’s obligations to protect customers against violation of their privacy and theft of their identities.
There is no hotter subject for car dealers than the protection of customers’ personal information and preventing identity theft. The Federal Trade Commission already has in place two rules that on these subjects with which dealers must comply.
The first, the Privacy Rule, requires that a dealer doing a finance, lease, or insurance transaction must deliver a privacy notice. The notice must identify for the customer what the dealership will do with the non-public personal information of customers collected by the dealer. If the dealer chooses to make its customer information available to others under circumstances not exempt under the law (which we do not recommend), it must also provide an opt-out opportunity, allowing the customer to request that the dealer not furnish the non-public personal information to others who do not have the right to it under an existing permissible exception under the law.
The second rule applicable to dealers in this area pertains to Information Safeguards. Under this rule, dealers must adopt a program to safeguard the non-public personal information of customers including an initial risk assessment, must appoint an information safeguards coordinator to oversee compliance, must do regular follow up assessments to determine potential weaknesses or flaws in the information safeguard system, must implement changes to correct weaknesses or flaws found, and must have agreements with suppliers who have access to such information that they will protect the information.
In addition, the Federal Trade Commission and nine other federal agencies have issued a proposed “red flag rule” that will require dealers to identify the indicators (red flags) of identify theft such as an address on a credit application that does match that on a credit bureau and similar sort of problems. While it may be some time before the agencies issue final rules, dealers should be aware that the issue of identity theft is a hot one, and they should implement programs to be sure that dealers are not dealing with an identity thief.
Have a dealership signature policy for all deal documents.
Is the customer’s signature genuine? Is the customer genuine? Have a policy to protect the dealership against forgery and identity theft.
Avoiding a transaction with an identity thief protects not only the customer but also the dealership. If a dealership takes a forged check, it is likely to be the dealership that suffers. That is the same if the dealer allows a customer to take an unaccompanied test drive based on false identification documents. Selling a car on credit or leasing a car to an identity thief can be an extremely costly problem for dealers. Under most lender agreements, finance companies and lease companies require dealers to warrant that the person signing the retail installment sale contract or lease is actually the person represented and not an identity thief. Violation of this representation is a violation of the lender agreement and can lead the finance company or the lessor to demand that the dealer repurchase the assigned customer agreement. If the customer has disappeared with the vehicle, the dealer will generally wind up holding worthless paper.
Dealers should have programs to make sure that personnel are checking the identity of those buying or leasing a car. The picture on the buyer’s identity card (normally a drivers license) should match the person. Information provided by the customer should match the information otherwise available about the customer, particularly on the credit report. Buyers and co-buyers should sign the documents in front of dealer personnel. Many forgeries are the result of customers being allowed to take contract documents to cosigners. A cosigner should sign deal documents in front of dealership personnel. If a person cannot come to the dealership because he or she lives out of state or for some other reason, any signatures that are not witnessed by dealership personnel should be notarized.
Team VADA eViews
The Digital Newsletter of Your Virginia Automobile Dealers Association
March 2008
In 2007 we began our “Keys to F&I Compliance” series. After a brief hiatus it is back! We will continue our in depth discussion of some of the twenty keys to F&I Compliance that were published in the January 2007 VADA Views. This month we will discuss safeguarding customers’ personal information and prevention of identity theft.
-
A Privacy and ID Theft Program are essential in today’s dealership
-
It is critical that it be implemented properly
-
You should have a dealership signature policy for all deal documents
Have a Privacy and ID Theft Protection Program.
The federal government is likely to mandate this through the upcoming Red Flags rule. Until then, make sure policies are in place to deliver a privacy notice and to train employees to comply with the dealership’s obligations to protect customers against violation of their privacy and theft of their identities.
There is no hotter subject for car dealers than the protection of customers’ personal information and preventing identity theft. The Federal Trade Commission already has in place two rules that on these subjects with which dealers must comply.
The first, the Privacy Rule, requires that a dealer doing a finance, lease, or insurance transaction must deliver a privacy notice. The notice must identify for the customer what the dealership will do with the non-public personal information of customers collected by the dealer. If the dealer chooses to make its customer information available to others under circumstances not exempt under the law (which we do not recommend), it must also provide an opt-out opportunity, allowing the customer to request that the dealer not furnish the non-public personal information to others who do not have the right to it under an existing permissible exception under the law.
The second rule applicable to dealers in this area pertains to Information Safeguards. Under this rule, dealers must adopt a program to safeguard the non-public personal information of customers including an initial risk assessment, must appoint an information safeguards coordinator to oversee compliance, must do regular follow up assessments to determine potential weaknesses or flaws in the information safeguard system, must implement changes to correct weaknesses or flaws found, and must have agreements with suppliers who have access to such information that they will protect the information.
In addition, the Federal Trade Commission and nine other federal agencies have issued a proposed “red flag rule” that will require dealers to identify the indicators (red flags) of identify theft such as an address on a credit application that does match that on a credit bureau and similar sort of problems. While it may be some time before the agencies issue final rules, dealers should be aware that the issue of identity theft is a hot one, and they should implement programs to be sure that dealers are not dealing with an identity thief.
Have a dealership signature policy for all deal documents.
Is the customer’s signature genuine? Is the customer genuine? Have a policy to protect the dealership against forgery and identity theft.
Avoiding a transaction with an identity thief protects not only the customer but also the dealership. If a dealership takes a forged check, it is likely to be the dealership that suffers. That is the same if the dealer allows a customer to take an unaccompanied test drive based on false identification documents. Selling a car on credit or leasing a car to an identity thief can be an extremely costly problem for dealers. Under most lender agreements, finance companies and lease companies require dealers to warrant that the person signing the retail installment sale contract or lease is actually the person represented and not an identity thief. Violation of this representation is a violation of the lender agreement and can lead the finance company or the lessor to demand that the dealer repurchase the assigned customer agreement. If the customer has disappeared with the vehicle, the dealer will generally wind up holding worthless paper.
Dealers should have programs to make sure that personnel are checking the identity of those buying or leasing a car. The picture on the buyer’s identity card (normally a drivers license) should match the person. Information provided by the customer should match the information otherwise available about the customer, particularly on the credit report. Buyers and co-buyers should sign the documents in front of dealer personnel. Many forgeries are the result of customers being allowed to take contract documents to cosigners. A cosigner should sign deal documents in front of dealership personnel. If a person cannot come to the dealership because he or she lives out of state or for some other reason, any signatures that are not witnessed by dealership personnel should be notarized.