Equifax Data Breach

Identity theft is a frustrating, invasive crime where a thief steals a victim’s personal identification such as name, Social Security Number, and other confidential details to fraudulently apply for credit, get healthcare services, or even purchase or lease an automobile. It is a crime that can take a victim up to six months and over 200 hours of diligent work to recover from. And businesses that are tricked by identity thieves have little or no recourse and a hefty price tag to pay for goods or services delivered.Consumers can certainly take some precautions to help prevent identity theft, but the recent news of a data breach at Equifax, estimated to have affected 143 million people, has alerted America to the fact that we are all vulnerable to this most recent wave of criminal activity.Given the number of people affected by the Equifax breach, it is possible that many of your customers were victims and therefore could be exposed to possible identity theft. Many news outlets have shared suggestions of how consumers can protect their identity in the wake of the breach. As a result, fraud alerts and credit freezes will be common for the next several months and may even extend for several years. While helping prevent fraud, the alerts and credit freezes also slow down or stall legitimate business transactions. Dealerships will need to take additional steps to verify each customer’s identity.In many cases the dealers are the loser when they finance a vehicle to an identity thief. Most lender agreements require the dealer to repurchase the finance contract when identity theft is involved. These types of buy backs are on the rise because the rules require lenders to periodically review accounts for identity theft.Additionally, customers may ask questions about how the dealership secures its information. Employees will need to be informed of proper responses.Considering these circumstances, it is recommended that dealers take the time to review policies and procedures related to the Red Flag Rules. These rules are designed to prevent a dealership from becoming a victim of identity fraud. The program must be implemented and practiced on a day-to-day basis by dealership employees, which requires constant training and monitoring. Ultimately the responsibility falls on the dealer to ensure the processes are being followed properly. Dealers should appoint a program director to make certain the policies and procedures are being followed.The Red Flag Rules require a 4-step process to be in compliance:1. Identify appropriate “red flags” based on the unique circumstances within the dealership, considering patterns, practices, or specific activities. There are 26 potential red flags that must be considered for your program, but many may not apply in your dealership environment.2. Perform procedures to detect red flags for both individual and business transactions through electronic identity verification services that compare databases for stolen identities, review personal identification for indication of counterfeiting, and review credit reports for suspicious activity.3. Ask additional authentication questions when necessary through out-of-wallet or knowledge-based questions that only the real person would know. This may include escalating the authentication process to the program manager.4. The program must be updated at least annually to be dynamic with the changing business environment. The program director should gather evidence of the effectiveness of the program and make an annual report to the dealer, other owners, the board of directors, or senior management.These policies should be in writing and the procedures performed should be documented to provide evidence that the rules are being following by the dealership.Establishing and implementing strong and effective red flag polices is the first step a dealer should take in protecting themselves and their customers from identity thieves.