F&I Meets a New-Age Dr. Frankenstein

Synthetic identity theft (or fraud) occurs when an identity thief creates, rather than steals, an identity. These Dr. Frankensteins sew together a new entity, combining your kid’s stolen Social Security number, a neighbor’s address, an ex-girlfriend’s date of birth, and a common-sounding name.

Synthetic identity thieves have three ways to exploit the credit process: Apply for credit, leverage the credit card companies’ authorized user provision, or employ a more sophisticated data-furnisher scheme.

Once the synthetic ID is created, Frankenstein then farms it for a few years before throwing the switch and harvesting it for a shopping spree. They combine their fake credit profile with forged documents, including driver’s licenses and Social Security cards, proof of insurance and income, and vehicle registration forms.

Ask many dealers if they have been a victim of synthetic identity theft and they will likely have nothing to report. There is usually not a consumer victim to lodge a complaint. It is ultimately the finance sources who notify the dealer, usually in the form of a buyback request.

There are several steps a dealership can take to help detect and prevent the Frankensteins from stealing your inventory:

• Update your identity theft prevention program. The Red Flags Rule requires an annual Red Flags review to address new risks your dealership has identified. Synthetic identity theft was not an issue when the original ITPPs were written, approved, and implemented.
• Upgrade your Red Flags program. Ask your Red Flags vendor if they offer a synthetic identity vetting process. Trying to manually address this risk is fraught with potential failure. The algorithms your vendor leverages will be much more effective than any system you can develop on your own.
• Print ’em. Some dealers now obtain the right thumbprint of all customers purchasing a vehicle on credit. One reports that a handful of prospects has found an excuse to walk away rather than supply the thumbprint.
• Film ’em. Like fingerprinting, videotaping the F&I transaction may be a deterrent.
• Scan and verify. This process is not foolproof, but if the fake identity comes from the DMV, it may catch some of the lower-quality forgeries. Try to find a vendor who can vet the information on the driver’s license to DMV records.
• Review the credit report. It is usually inconsistent for a 35-year-old customer to have a 5-year-old infile date. Another example to look for is if the earliest tradeline is an authorized user account.
• Double-check out-of-area deliveries. Many Frankensteins want to avoid human contact and prefer to conduct their crimes over the internet, phone, emails, texts, and fax. Texting a photo of a driver’s license makes it difficult for you to spot a forgery. We highly recommend you employ a notary service to handle the paperwork on an out-of-area delivery.
• Watch for CROs. Look for evidence of a credit repair organization’s hands on the deal. While some CROs are legitimate, many aren’t, and some help clients create new credit profiles.
• Trust the gut. Many experienced managers know when something is not right. Trust your gut and vet the identity a bit further until the indigestion goes away.
• Look within. Conduct background checks on employees. One dealer I know suffered the financial losses of a massive hit by an identity theft ring. Turns out the ringleader had been hired as a porter despite a criminal history of identity theft convictions.
• Train for it. Update your Red Flags training to include information about synthetic identity theft. Provide this training in your orientation package and be sure to conduct and document annual training on the topic.

Unfortunately, there appears to be a general laxity in the industry to the proper vetting and clearing of potential Red Flags identified by your vendor. Unless this changes, the Frankensteins will continue to win the synthetic identity theft war.

And yes, good luck and good selling!