T 2. Make a list of patterns, practices or specific activities that could be red flags signaling possible identity theft. Your policies and procedures should require that you become at least reasonably certain of your customer’s buyer’s identity. The FTC groups possible red flags into the following five categories: 1. Alerts, notifications and warnings from a credit reporting company: Changes in a credit report or a consumer’s credit activity might signal identity theft. 2. Suspicious documents: Documents can offer hints of identity theft. 3. Personal identifying information: Personal identifying information can indicate identity theft. 4. Account activity: How the account is being used can be a tip-off to identity theft. 5. Notice from other sources: A customer, a victim of identity theft, a law enforcement authority or someone else may be trying to tell you that an account has been opened or used fraudulently. Note that not all possible red flags will be relevant to the way your dealership does business. In particular, unless you have accounts to which customers can make charges after origination, for example, house credit accounts, the possible red flags in category four are not likely to apply to your dealership. You also need to guard against identity theft risks that result from employee access to account information. Employee access should already be limited as part of your overall information security program. 7 Steps to Red Flags Rule Compliance By Zurich The Red Flags Rule (the Rule), enforced by the Federal Trade Commission (FTC), requires automobile dealers to develop and implement a written identity theft prevention program designed to identify, detect and respond to warning signs — known as “red flags” — that indicate that a customer or potential customer could be using stolen information to obtain an indirect or direct loan or lease at their dealership. In other words, dealerships are required to create a program that allows them to be reasonably certain that the person entering into the credit or lease transaction is who they say they are. While you may already have systems in place to verify the identity of your dealerships’ finance and lease customers, do you know if your systems are in compliance with the more elaborate requirements of the Rule? To help ensure your dealership aligns with the regulation, Zurich recommends the following seven steps: 1. Put the program in writing. Your program must contain reasonable policies and procedures to address four primary responsibilities under the Rule:1 1. Identify relevant red flags. 2. Detect red flags. 3. Prevent and mitigate identity theft. 4. Update the program. The Rule also states that each program must be documented in writing. While potentially burdensome, this requirement can have obvious advantages for the dealer. It forms the basis for the employee training required by the Rule and makes responding to government audits and inquiries possible. 24 Virginia Auto Dealer
RkJQdWJsaXNoZXIy MTg3NDExNQ==