New Credit Card Scam Making the Rounds

June 02, 2011 | No Comments | share on facebook | retweet | share on LinkedIn

by Randy Henrick

A new credit card scam is making the rounds and has already victimized auto dealers in the Southeaest. 

Here’s the way it works:

A customer comes in to your store to buy a vehicle and wants to put a substantial downpayment, or perhaps the whole vehicle price, on their credit card.  They will wave a fancy high-end card at you.  You agree. At first, the credit card gets declined. Then the customer says there must be some mistake.  Call the bank’s number on the back of the card.  You do so and the “card authorization center” gives you a six digit authorization code.  You enter the authorization code into your POS terminal and get an approval.  The customer drives off with the car (and the card).

Three days later, you realize the funds have not made it to your deposit account and you are hit with a chargeback.  But what about the authorization you got from calling the 800 number on the back of the high-end credit card?

Here’s what happened.  You fell victim to a fake card scheme and you will end up taking the loss.

Criminals create a fake credit card that appears on its face to be genuine, magnetic stripe and all. After the card is declined, the criminal asks the merchant (in this case you, the car dealer) to call the card issuer whose toll free number is on the back of the card. But the card is phony and so is the toll free number. The merchant calls the bogus number and gets a  “card authorization center” or similar office and the person they speak to gives the merchant a 6-digit authorization number. The merchant then processes a ticket-only transaction inputing the phony authorization code into the POS terminal. The POS terminal accepts the transaction. Until your card acquirer interchanges the transaction, the criminal will have up to three days before the transaction rejects.  That’s when you find out and the transaction is charged back.  The criminal is long gone.

The key is to tell your sales people that a card authorization can only come from the POS terminal or from the voice authorization number provided by your card acquirer.   If you get such an authorization, then you should be covered, but there is no protection for you if you talk to the issuer directly. It is a scam.

thecomplianceguide.com is intended for information purposes only and does not constitute the giving of legal or compliance advice to any person or entity. Because of the general nature of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on your particular situations and circumstances.

New Study Finds that Compliance Saves Money

June 06, 2011 | No Comments | share on facebook | retweet | share on LinkedIn

by Randy Henrick

A new study by the identity-theft think tank, Ponemon Institute, finds that data security compliance actually reduces long-term expenses. This conclusion may be particularly appropriate in the auto industry since another study (the Javelin Group’s annual identity theft study) found that new account fraud (like auto credit identity fraud) showed longer periods of misuse and higher losses to victims like auto dealers than in past years.

The Ponemon study was not directed specifically at auto dealers but included a wide variety of retailers and financial services firms.  Many of these firms focused their security efforts only on authentication and did the minimum.  Banking institutions had the most diligent data security audits and fared the best from a security compliance standpoint in avoiding costly security breaches.  Coincidentally they also invested the most in automated compliance tools to verify and secure their data.  A spokesperson for the study indicated that organized crime has an easier time getting data from retailers and other groups.

Dealers can use automated security tools as well.  Perhaps the most important of these is using an electronic identity verification service (such as DealerTrack’s DealWatch) in your Red Flags Identity Theft Prevention Program to identify and evaluate red flags in customer information provided on credit applications.  These identity verification services bounce the customer’s information against thousands of fraud-related databases to look for possible matches.  They also have algorithms for assessing whether the customer is the most likely match for the Social Security number given.

It’s no secret that identity thieves steal Socials and establish new credit files using real Socials and other identity information that belong to someone else.  An electronic identity verification service is about the only way you can smoke out these classic identity theft indicators.  These services also can provide you with knowledge-based authentication questions, sometimes called “out-of-wallet” questions that cannot be answered from a stolen wallet or credit report.  An example of such a question is to give you a list of five people and ask which one you know, one being the real person’s brother-in-law.   If an identity verification service saves you just one sale to an identity thief (and it will), it will pay for itself many times over.

The Javelin study actually had some good news to report.  For the first time since they began surveying in 2003, the number of identity theft victims in 2010 actually decreased from the prior year.  But longer delays in identifying new account fraud and the larger losses from these accounts suggest that auto finance identity theft continues to be a very real problem. 

Many illegal immigrants and other criminals create “synthetic” identities combining real identity elements of different people to create a fake person and obtain a credit file for him or her.  They then use the fake identity to finance vehicles, get credit cards, and establish residency while in an area for seasonal work. Many of these people will pay on their auto finance accounts for a period of months, even years, and then default. 

Under the Red Flags Rule, lenders are obligated to look at accounts in their portfolio for possible identity theft, even accounts that have paid for a while and then gone bad.  When lenders identify these accounts as identity theft, many will recourse them back to dealers even many months from the origination of the account by the dealer.  It’s not just first-payment defaults that get recoursed back to dealers for identity theft any more.   This is an unintended consequence of the Red Flags Rule that makes it critical for dealers to identify and stop identity theft at inception.

Making even a small investment in data security technology to both safeguard your customer information and authenticate every customer’s identity will save you money over the long run.  A security breach of customer information or vehicle sales to identity thieves are what a leading identity theft expert refers to as “career-ending events.”  For dealerships, a security breach of customer information will require hiring a forensics expert to identify and patch an IT breach; giving notices to the affected customers; reporting to credit bureaus and law enforcement; and managing the PR nightmare that follows the disclosure.  Lawsuits also frequently follow data breaches and while consumers don’t typically prevail where they cannot show harm or causation, the defense costs can easily hit six figures and generate more adverse publicity.

It’s an equally troubling scenario with sales to identity thieves.  Lender Agreements almost always contain provisions whereby you warrant the true identity of your customers and give lenders the right to recourse back the contract once the identity theft is discovered, even if that is not until months or years later.  Especially for hi-line dealers, the costs to repurchase a financing contract can be exorbitant and make a material adverse impact on the bottom line.

Take a look at electronic solutions like electronic deal jackets and electronic identity verification services now before you get hit.  As the Ponemon study found, it will be well worth your time to do so.

thecomplianceguide.com is intended for information purposes only and does not constitute the giving of legal or compliance advice to any person or entity. Because of the general nature of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on your particular situations and circumstances.

DealerTrack Introduces a $25,000 Red Flags Guarantee

June 07, 2011 | No Comments | share on facebook | retweet | share on LinkedIn

by DealerTrack, Inc.

DealerTrack is excited to announce the rollout of an unprecedented $25,000 Red Flags Guarantee to current and new subscribers of the DealerTrack Compliance Solution.

The new Red Flags Guarantee will cover associated government-issued fines up to $25,000, should a dealership be cited for non-compliance with the Red Flags Rule while using the DealerTrack Compliance Solution.

 “With auto identity theft on the rise, a new era of regulatory requirements has emerged, and DealerTrack has dealers covered when it comes to compliance,” said Robert Granados, vice president and general manager, Finance Solutions, DealerTrack.  “Backed by our extensive experience navigating the compliance and regulatory landscape and years of safeguarding dealers from identity theft, we can confidently offer this guarantee.  No other company delivers the breadth of compliance safeguards coupled with such a guarantee.”

The DealerTrack Compliance Solution helps protect a dealership throughout the sales and F&I process, including credit reports and Red Flags, credit application submissions, menu presentations, and document storage and retrieval.  The solution allows dealers to work all deals on one fully integrated and secure platform to streamline the process and protect their dealership and its customers. 

The Red Flags Rule, which is enforced by the Federal Trade Commission (FTC), requires businesses and organizations to adopt and implement an Identity Theft Prevention Program.  The program should be designed to detect, prevent and mitigate identity theft when establishing or maintaining consumer credit and certain business accounts.  The potential liability dealers could face from not complying with the rule includes, but is not limited to, $3,500 per violation under the Fair and Accurate Credit Transactions Act of 2003, up to $16,000 in penalties under the FTC Act, and potential lawsuits from the FTC and State Attorney Generals.

 For more information about DealerTrack’s Compliance Solution and its $25,000 Red Flags Guarantee, visit www.dealertrack.com/compliance.

Prevent Dealership Fraud with Continuous Monitoring

June 10, 2011 | No Comments | share on facebook | retweet | share on LinkedIn

by Auto Dealer Monthly

The 2010 Association of Certified Fraud Examiners (ACFE) Report to the Nations noted that the median length of time to discover fraud is 18 months. During that time, respondents of the survey estimated an average loss of five percent of their annual revenue. External auditing was the control used by most of those surveyed; however, it was determined that external audits weren’t overly effective at detecting fraud (less than five percent of the schemes were uncovered by the external audit) or at limiting the losses of fraud.

Click here to view the full article.