Dealer Insights - November/December 2013 - 4 Tips for Thwarting Identity Theft
Here's an identity theft example, based on a real case, which would make your customers' hair stand on end: Police arrested two sales managers in connection with 29 identity theft cases. The dealership employees were accused of taking credit information from qualified buyers with good credit standing and using it to help unqualified buyers purchase vehicles.
Police learned of the unscrupulous activity when the dealership's customers started reporting that their credit ratings had been adversely affected. In some cases, customer credit reports showed the customer had purchased two and sometimes even three vehicles when, in fact, they had only purchased one.
Frightening stories of identity theft take place at auto dealerships and other retail enterprises every year. Here are some tips to help prevent this from happening at your dealership. Also check applicable state and federal requirements.
- Check job applicants' backgrounds carefully
Background checks on prospective employees obviously protect against hiring unscrupulous people. You need to check not only for criminal records, but also obtain credit reports and require drug tests for employees with direct access to sensitive information. Financial distress and drug habits can provide motives to steal.
Also ask for references and follow through with phone interviews. Once you've hired someone, explain your privacy policies and provide regular compliance training.
In the example above, the sales managers may have had reputations in the area as top salesmen and their backgrounds may not have been explored fully — or certain infractions may have been overlooked.
- Encrypt data on your website
The Internet may be a valuable source of leads, but it also can be a security risk. If you ask for financial information on your dealership website, make sure the data is encrypted.
If you're unsure, ask your website provider. The provider should use terms like "site certificate" or "SSL," which means "secure sockets layer," and it's what keeps sites secure by encrypting data so only your browser can read it. If not, your online application could be putting customers at risk. Also, make sure that your employees aren't communicating customer-sensitive information through text messages or e-mails, as these vehicles are normally not secure.
- Limit access to customer data
It's surprising how many dealer management systems allow carte blanche access to customer files. Treat sensitive consumer information as if it's your own. Would you want your Social Security number or credit score lying open on someone's desk or displayed on a computer screen for all to see? Not likely.
Set computers and smartphones to go into sleep mode after an inactive period and require a password to unlock the devices. Store deal jackets in locked file cabinets behind locked doors. Employees should never remove deal jackets from your dealership premises, under the guise of "working from home."
When possible, go paperless. Limit access to consumer information with passwords. Logins should give employees and vendors access to only those data fields necessary to fulfill their jobs.
- Don't keep customer information indefinitely
Retain consumer information for a limited time period only. If someone just test drives a vehicle, it's really unnecessary to keep a copy of his or her driver's license. But do keep the name and contact information for follow-up calls or e-mails.
What if you're legally required to retain hard copies of purchase agreements after deals close? Store them onsite under lock and key. Or move records offsite for storage with a reputable, trusted vendor.
Customer information retained in your computer system should be purged periodically. Discuss the retention length of your customer base with your management staff and your DMS provider to determine what's appropriate for your dealership.
Dealer Insights - November/December 2013