Tip No. 1

Verify Customer Information

FACT – Up to 10 million people are victimized by identity theft each year.

FACT – You can be fined as much as $10MM for not checking every customer, cash or credit, against the OFAC watch list.

Steer clear of identity fraud!

Simply looking at driver's licenses is not enough to verify a customer's ID

Here are some recommended practices to conduct on each and every customer:

• Request each customer provide additional documentation such as a passport, utility bill or other government-issued ID to ensure they are who they say they are.
• Set up a procedure to run every customer against the OFAC SDN (Specially Designated Nationals and Blocked Persons) list. If you get a preliminary hit, know how to determine whether or not it’s legitimate.
• Check a customer's personal information against information contained on credit reports (provided you have a permissible purpose to access the credit report) and check the legitimacy of the person's Social Security number (for state of issue, whether it is in the Social Security Administration's Death Master File, approximate date of issue in relation to customer's age).

 

Tip No. 2

Protect Customer Information

FACT - The FTC Safeguards Rule and Consumer Report Information Disposal Rule require that auto dealers ensure the security and confidentiality of their customers' personal information, as well as its secure disposal.

FACT - Penalties for not complying with the Safeguards or Disposal Rules can include fines of up to $11,000 per violation and can generate negative publicity, slashing consumer confidence.

You must develop, implement, and refine a written information security program for your dealership. 

Here are some recommended practices to consider in connection with your safeguards policy:

• Do not leave documents with customer information in open areas like on desks or in printers or fax machines.  Limit user permissions and keep daily access logs of who creates and who accesses every deal jacket or other file containing customer information.  Do this for both paper and electronic files.  Appoint a "gatekeeper" of customer files to mark the time they are taken and the time returned.
• Keep customer information for only as long as you need it, a minimum of 25 months from sending the notice of decision under ECOA or 5 years which is the statute of limitations period under FCRA.  State law may require a longer period of retention.  Then securely destroy all consumer information by cross-shredding and electronic destruction.  Consider using a reliable records disposal firm to do this and monitor their work.  Destroy hard drives from discarded laptops and other mobile devices as "delete" may not remove the information from the hard drive.

 

Tip No. 3

Permissible Purpose

FACT – Ensure You Have a Permissible Purpose When Pulling a Consumer’s Credit Report

FACT – Section 604(a)(3)(F) of the Fair Credit Reporting Act requires dealers to have “permissible purpose” to access a consumer’s credit report. Permissible purpose credit transactions are those that are initiated by the consumer and where the seller has a legitimate business need for the information.

FACT – Penalties for knowingly obtaining a credit report without a permissible purpose can amount up to $1,000 per occurrence or actual damages, plus attorney fees and punitive damages.

Protect against negligent credit application handling!

Dealers must have a permissible purpose to access a consumer’s credit report, and discrimination is prohibited in any credit practices.

Here are some recommended practices to help ensure a compliant credit process:

• Secure written permission from the consumer before obtaining a consumer’s credit report.
  
• Store all signed customer documents electronically whenever possible – access can be more tightly monitored through electronic documents rather than paper.

 

Tip No. 4

Customer Information Breaches

FACT – Information breaches at dealerships are often caused by employee misconduct.

FACT – Failure to promptly send notices to customers whose personal information is wrongly accessed may result in lawsuits and civil penalties in many states, and can generate negative publicity.

Steer clear of data breaches!

Who has access to your files? Your exposure may be higher than you think.

Here are some recommended practices to comply with data breach notification laws:

• Develop an Information Security Plan (ISP) that restricts access to customer information - monitor it regularly, test the plan, evaluate its effectiveness and adjust as necessary.
  
• Quickly identify and contain any customer information breach and make sure that all employees and business partners safeguard customer information provided to them.

 

Tip No. 5

Disclose Aftermarket Products

FACT – Section 5 of the FTC Act states that it is unlawful to engage in “unfair or deceptive acts or practices in or affecting commerce”. Many state laws require specific notices about certain aftermarket products be provided to customers.

FACT – The FTC can seek injunctions and recover damages for unfair or deceptive acts up to $11,000 per violation, including misrepresentation, misleading disclosures, and deceptive sales practices.

Steer clear of improper disclosures!

Aftermarket products can help increase your profits… don’t crash with costly disclosure violations!

Here are some recommended practices to avoid the pitfalls of improper aftermarket product disclosures:

• Offer every product to every customer every time.
  
• Use a menu for consistent selling and charge each customer the same price for each aftermarket product or groupings of products.
  
• Have the customer sign or initial the menu, signifying their acceptance or rejection of each product.

 

Tip No. 6

Adverse Action Notices

FACT – Dealers are creditors and can be responsible for sending adverse action notices. A major misconception is that an auto dealer can rely on a lender’s adverse action notice to the consumer.

FACT – Adverse action notices must contain the name, address and contact person at your dealership. Most lender adverse action notices do not contain this information, and therefore such notices are not compliant.

Steer clear of adverse action notice litigation!

The legal landscape is changing…protect your dealership and follow the rules surrounding adverse action notices.

Here are some recommended practices for when to send an adverse action notice:

• Any time you take a customer’s credit application but do not send it to any bank or financial institution, typically because the customer is credit challenged.
  
• When every lender turns the customer down or you otherwise can’t get financing.
  
• Whenever you unwind a spot deal. Hand the customer the adverse action notice when they come back to the dealership to sign a new contract.