Synthetic Identity Fraud

As a side effect of increased digital sales activities resulting from the pandemic, finance sources are reporting a substantial increase in synthetic identity fraud. What is that? It is a fraudster posing as a qualified buyer for a vehicle on credit.

Often, synthetic identity fraud deals wind up as complete charge-offs for a dealer. Some dealers believe that they can avoid a finance source chargeback simply by claiming that they did not know of the fraudulent activity. However, in today’s indirect finance agreements, finance sources have loaded up protections for themselves to protect against synthetic identity fraud.  Every indirect finance agreement contains representations and warranties specifically with respect to each contract assigned to the finance source. A critical representation and warranty has to do with the identity of the person buying the vehicle. The types of protections included in the indirect finance agreement vary from financial institution to financial institution, but every finance source has some language seeking to make the sale of the vehicle to a fraudster the problem for the dealer.

Some finance sources concentrate on the dealer actually confirming the identity of the customer as a bona fide person such as this representation and warranty:

“The Contract constitutes the Customer’s valid and binding agreement which has been duly authorized and executed by the Customer, who is a bona fide Person, whose identity has been confirmed by Dealer (or its Delivery Agent where permitted) prior to execution;”

Other finance sources concentrate on the quality of the customer’s agreement such as this example which requires a representation and warranty that the customer’s contract is valid and binding:

“The Contract has been duly authorized and executed by the Customer, constitutes the Customer’s valid and binding agreement, and has been duly executed by Dealer (if a Retail or Lease Contract) and the Customer at Dealer’s premises.”

Other finance sources simply require the dealer to represent that the customer’s signature is genuine:

“Each signature on the Contract and on each other document executed in connection with the Contract is the genuine signature of the person whose signature it purports to be;”

There is an opportunity for a dealer who spends time verifying the identity of the customer to argue about a buyback demand. However, the finance source will contend that because of the representation and warranty in the agreement, the dealer is the insurer of the identity of the customer.  Litigation over who is right may cost more than the buy-back.

Unfortunately, charge-offs may not be adequately covered by insurance.  Coverage will depend on the terms of the policy. Sometimes the coverage is strong enough that the insurer will have to fully cover the loss. However, are there limits to the coverage that are less than the loss? How quickly are those limits eaten up in the event the dealer faces multiple identity theft problems? And will the insurance company investigate and take the position that the dealer did not adequately perform its duties to verify the identity of the customer? All of these could affect the extent of the coverage for a full chargeback loss.

Given the rise in synthetic identity fraud, it is incumbent on dealers to be sure that staffs are trained on prevention of identity fraud and they are using the tools at their disposal.

The FTC Red Flags Rule has been in effect for more than a decade. The purpose of the Rule is to have businesses adopt a program to identify and act on signals, or red flags, of identity theft. When the FTC Rule went into effect, dealers adopted Red Flag policies. Since then, third party Red Flags solutions to which dealers can subscribe have been developed. Regardless of whether you operate under your own Red Flags policies or you subscribe to a service to provide a red flag process, it is time to make sure your employees understand the purpose of the Red Flag Rule. Remote selling has become more prevalent for dealers. Even after the pandemic passes, there is no reason to believe that remote selling will reduce. Remote selling significantly raises the risk of synthetic identity fraud.

Checklist for Maintaining Red Flags Program

Here is a checklist of steps recommended for maintaining your Red Flags program:

  • Appoint someone to coordinate the Red Flag program design, implementation, and maintenance. 
  • Continually update written program. 
  • Identify indications of identity theft to be added into your program.
  • Update the Program to explain how to detect new red flags.
  • Update the Program to explain how to respond to new red flags. 
  • Annually review the Red Flags program with the Company’s board of directors or senior manager.
  • Regularly train employees to comply with the program.
  • The program must ensure that service providers use reasonable policies and procedures to detect, prevent, and mitigate the risk of identity theft. 

Training is critical for any protection of the dealership. Personnel must know what to do when a red flag arises. It cannot be taken lightly with the increase in identity theft. If you use a third part Red Flags program provider, it will often provide suggested steps to take to respond to the red flag. Personnel should not take shortcuts, because the risk is too great from sale to an identity thief. Personnel should understand those risks, and the consequences of losses from failure to comply with red flags requirements is so critical.