The Impact of Fraud

Fraud and identity theft continue to be huge problems for dealerships, auto lenders, and consumers. So, it’s no surprise that there are increasing regulations around consumer data security.

With the expectation that this trend will continue, compliance must be top of mind for every dealership. Last year ended with a flurry of new provisions of the FTC Safeguards Rule, but the deadline has been extended to next June. Still, it’s worth examining how those upcoming new requirements can be a solid framework for building policies and procedures to help your dealership bolster its compliance program. Finally, we have identified some areas of compliance where knowledge gaps still exist in the industry and will work to clear up the confusion that surrounds them.

2,789,161 M
Fraud Reports*

1,434,676 M
Identity theft reports*

$7.7 B
Auto loan fraud exposure for top U.S. auto lenders**

*FTC Consumer Sentinel Network Data Book 2021
**Point Predictive 2022 Auto Fraud Trends Report

FTC Safeguards Rule – New Requirements as of June 9, 2023

The new provisions establish a single point of contact to take charge of compliance at the dealership, to ensure that information systems and consumer data are safe, and to make plans for worst-case scenarios. This individual will also monitor and report on the status of the compliance program.

Here are some considerations for meeting the new requirements:

1. Designate a program manager to lead your dealership’s information security program.
   
   
2. Conduct periodic risk assessments.
   
   
3. Create a written information security program for safeguarding consumer information.
   
   
4. Monitor the vulnerability of your information systems.
   
   
5. Implement data safeguard policies and procedures for your staff.
   
   
6. Assess and document in writing that your service providers and third-party vendors have adequate security controls.
   
   
7. Have a written response plan in case of data breaches or consumer data exposure.
   
   
8. Establish ways to detect actual or attempted attacks or intrusions.
   
   
9. Produce annual reports from the program manager on your dealership’s information security program.

While dealerships work with their legal counsels on their program, it will be useful to examine how their compliance technology can help at various steps along the way, from data security to reporting to long-term secure storage.

Avoiding Common Compliance Missteps

Recent dealer community polls have indicated two key areas where many dealerships are not aware of their compliance obligations:

• Using knowledge-based authentication, like asking out-of-wallet questions, helps verify the identity of buyers that have failed red flags.
  True. Out-of-wallet questions include facts specific to a buyer that they wouldn’t be able to answer just by looking in their wallet. Correct responses help verify the buyer’s identity.
  
  
• Your dealership only needs to run OFAC on cash deals.
  False. You should run an OFAC check on every deal to ensure that the buyer can legally purchase from you.

Preparing for 2023

As you review your compliance program and plan ahead for 2023, examine your compliance, data security, and storage functions to make sure they align.

Start the year off right by:

• Preparing your compliance program manager for their additional duties under the FTC Safeguard Rule starting in June 2023
  
  
• Ensuring that ID verification processes are in place for every deal
  
  
• Checking your dealership’s compliance responsibilities with your legal counsel and ensuring it is applied consistently across all deals

The contents of this article are not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney or any legal, regulatory, or compliance questions you may have.