SCHAUMBURG – Zurich has launched an awareness campaign for automobile dealers to help them navigate the maze of new laws and regulations expected to affect their businesses in 2011 and beyond. The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), Truth in Lending Act, and the laws of Title X are just a few of the rules and regulations automobile dealers need to understand and follow in order to be in compliance with the law, reported F&I and Showroom.

“Many auto dealers don’t know that the passage of Dodd-Frank will have a substantial impact on the way franchised auto dealers conduct financial transactions beginning July 21, 2011,” said Glenn Roberts, national training and business development manager for Zurich North America Commercial. “Zurich is looking out for auto dealers by helping them know that Dodd-Frank is not just for big banks and Wall Street.”

In order for Zurich to help educate its customers on rules and regulations affecting auto dealers, Zurich collaborated with Hudson Cook LLP, a law firm specializing in legal issues that face auto dealers, to develop a comprehensive legal guide that will be used to train and educate Zurich’s employees. That information will now be share with the company’s customers.

Zurich is encouraging its customers to raise these issues with their respective attorneys to develop a compliant F&I office. Some of the information Zurich is ready to help auto dealers understand is detailed below:

• The Dodd-Frank Act amended the Truth in Lending Act (TILA) to increase the scope of credit and leases covered by TILA. In addition, the range of damages available under TILA and the class action cap have been raised. The federal agencies responsible for drafting and maintaining regulations dealing with these coverage amounts will revise those regulations to reflect the changes, which become effective July 21, 2011.

• The Dodd-Frank Act amended the Fair Credit Reporting Act to require creditors, which includes dealers, to provide the actual credit score used to help make the credit decision to consumers in an adverse action notice.

• Congress gave the Federal Trade Commission (FTC) more authority and a mandate to regulate dealers for unfair and deceptive acts and practices. Count on the FTC to increase its regulation and enforcement of dealers.

• State attorneys general may enforce the laws of Title X, which are federal consumer financial laws and rules issued by the Bureau of Consumer Financial Protection. Attorneys general have historically been aggressive in pursuing dealers. They will now be armed with new enforcement tools and remedies.

Menu Providers’ Perspectives!

Full speed ahead: The Red Flags Rule is in enforcement! Yes, that’s right, the day has finally arrived! And that means the time has come to comply, comply, comply! As of Jan. 1, the FTC not only has the power to go after banks, credit unions and captive lenders that violate the rule, but it can also seek out dealerships that aren’t following protocol.

We knew this day was coming and over the course of 2010 have published several articles explaining what this rule encompasses and how it affects us. Our December issue included an article about the pros and cons of this recently implemented rule from a provider and legal expert’s perspective. One of the ways a software company can assist the dealership in complying with the Red Flags Rule is by incorporating Red Flags checks into the programs used by the dealer.

So, we decided to get the perspective of a few menu providers about the pros and cons of complying with this rule. My thanks go out to MaximTrak Technologies, Ristken Software Services and VisionMenu for providing P&A eMagazine with their perspectives.

We first asked what they feel, as software providers, are some advantages of using Red Flags checks and what advantages do these checks provide dealerships?

Ron Martin, president of VisionMenu, Inc., says, “It is a low-cost, quick-and-easy way for the dealer to ensure that the customer is who they say they are. It evaluates the name and address, age and social security number against a variety of public records to confirm the identity of the person. Now the dealership just needs to make sure that the customer in front of them is actually who they say they are. This is done by evaluating a list of out-of-pocket questions. Sure, there is room for some people to slip through the cracks, but if the process is followed completely, most identity thieves will be uncovered. We at VisionMenu have chosen to leave this process to the expert, which is why we have chosen a company’s web service that specializes in catching identity thieves. We are just facilitating ease of use to the F&I manager by allowing full integration.”

Jim Maxim, president of MaximTrak Technologies, adds that “Federal compliance issues today surrounding identity theft and protection of non-public personal information are some of the hottest topics in today’s business discussions – especially in the financial services arena. Automotive dealers today are being held as accountable for compliance with these regulations as some of the world’s largest banks. So, the risks are huge and it really demands that the dealership principals pay attention to these areas and assess their processes and overall compliance. We incorporate these services to make it quick and easy for the dealer to adopt compliance into their sales and finance processes and to save the dealership time on each and every transaction, which means more time spent selling products.”

Patrick DeMarco, president of Ristken Software Services, says “the biggest advantage is protecting the dealerships against fraudulent buyers and therefore mitigating the risk of a distressed financial situation for the dealership. By incorporating Red Flags technology directly into our menu application, it ensures the F&I managers are completing Red Flags checks at the point of sale. A simple series of questions can protect the dealership and its creditors from identity theft. Ristken does not charge additional fees in our application for Red Flags integration. We feel all of our customers should have that protection benefit in their operations.”

On the flip side, there are shortcomings, and as Jim Ganther mentioned in his December article “it can be easy to fall into the trap of believing the transactional approach is sufficient to address all of a dealership’s obligations under the rule.”

Martin agrees that the checks do tend to provide the dealer with a false sense of security and that the dealer needs to have implemented and documented, in writing, the procedures put in place to detect, prevent and mitigate identity theft. Maxim also says they often see that the shortfalls that are occurring at the dealer-level are in the training, process and policy areas.

Because these menu providers offer challenge questions within their software programs, we asked them how the questions operated within these programs. Maxim says that although some dealers incorporate the challenge questions into every transaction, many do not because it is not required, and they are only prompted with such questions when an alert is caused as a result of a credit report being pulled or something within the system being alerted during the sales process.

All of the participating menu providers provide a Red Flags identity theft prompt that upon selection opens a window that prompts the F&I manager with several challenge questions. Martin adds that based on the circumstances, it is crucial that the challenge questions be answered correctly, and although it is not a full-proof way of confirming the person’s identity, they get as close as they can.

We finally asked our menu provider participants, just as we did of Jim Ganther and Pattie Dillon last month, if they thought that Red Flags checks capabilities should be charged to the dealer. Although Ristken does not charge additional fees in their application for Red Flags integration, both VisionMenu and MaximTrak Technologies do charge for this option. However, Martin says, “Yes, there is a nominal fee. But in order to stay with our high-quality, low-cost model it is an a la carte option for customers. And all things considered, when it comes to compliance, it is money well spent.”

Maxim also notes that his company’s Red Flags service “is billed on a per authentication basis – there are no monthly minimums.” He further explains that, “a dealership that sells 500 cars per month should pay more than a dealership that only sells 50 cars per month. The very nature of the service makes it palatable for everyone and ensures that we can provide the same quality of service to every automotive dealer that wants to utilize these services to comply with the Red Flags requirements.”

In spite of the possibility that Red Flags checks can give the dealer a false sense of security, it seems that the benefits of implementing a Red Flags checks program within a menu selling system far outweigh the cons. And, to remain compliant and avoid unnecessary legal issues, it is absolutely necessary the dealer have a written program for compliance and a training program to follow through with their compliance of this rule.

POWAY, Calif. – CoreLogic Credco, a provider of automotive specialty credit reporting solutions and a division of CoreLogic has introduced Red Flag Viewpoint, an integrated online reporting dashboard that combines, summarizes and delivers easy-to-read reporting on Red Flags Rule compliance efforts for automotive dealers.

Developed in collaboration with Compli and part of Credco’s comprehensive Red Flag compliance suite, Red Flag Viewpoint is designed to help dealers meet the Red Flags Rule’s requirement of regularly monitoring and updating their Identity Theft Prevention Program.

The Red Flags Rule went into effect January 1, 2008, and is scheduled for mandatory enforcement by the Federal Trade Commission beginning January 1, 2011.

“Without sufficient data and the latest technological advances, deterring identity theft and maintaining compliance with the Red Flags Rule can be a complex, time-consuming task,” said Kevin Clements, senior vice president of corporate development for CoreLogic Credco. “Red Flag Viewpoint is specifically designed to simplify the monitoring and reporting requirement of the Rule, easily and effectively, allowing dealers to stay focused on sales objectives and other critical operations.”

Red Flag Viewpoint’s proprietary algorithms and reporting capabilities enable dealers to conveniently analyze their applicant portfolio on multiple levels to monitor for potential Red Flag risk. Available on Compli’s intuitive web-based platform, the easy-to-use interface lets users report directly off key identity verification alert statuses; access dynamic views of their entire applicant pool and associated risks; and export data for auditing and reporting.

Using Red Flag Viewpoint means dealers can easily monitor, analyze and report on a wide range of customer data provided exclusively by Credco. They can drill down on metrics and audit reports for detailed analytics, or view customer data as broadly as needed. Reporting analytics can also be viewed either on entire dealers groups or individual dealers. For more information, automotive dealers can call (866) 348-2404 or visit www.credcoservices.com/RFM.

The Red Flags Rule went into effect on January 1, 2008. Its “enforcement date” – meaning the date FTC enforcement against dealerships becomes possible – has been postponed several times and is currently slated for December 31, 2010.

The slippage surrounding the enforcement date has led many in the industry to the false conclusion that the Red Flags Rule does not yet apply. This assumption is incorrect. The only piece of the Rule that isn’t effective is the FTC’s right to go after dealerships that violate the Rule, but that is a remote risk in any case.

The most immediate impact for a dealership that fails to comply with the Red Flags Rule is that its funding sources could turn off. The Rule applies to banks, credit unions and captive lenders as well as dealerships, and allows those funding sources to do business only with dealerships that follow the Rule themselves. That requirement has been in place since November 1, 2008.

Despite the severe practical penalty for failing to follow the Rule, anecdotal evidence suggests two realities: (1) most dealerships don’t know the scope of their obligations under the Rule; and (2) most dealerships therefore are probably not in full compliance with the Rule.

The Rule (codified at 16 CFR 681) has three operative sections:

• 681.1 Duties of uses of consumer reports regarding address discrepancies. The requirements of this brief section can actually be considered under the next one.
• 681.2 Duties regarding the detection, prevention, and mitigation of identity theft. This is where the action is. New obligations live here.
• 681.3 Duties of card issuers regarding change of address. As most dealerships don’t issue credit cards, we’ll skip that one.

So, what exactly is a “red flag,” anyway? A red flag is a pattern, practice or specific activity that indicates the possible existence of identity theft. The Rule identifies five categories of red flags and provides over two dozen examples of such red flags. Examples the Rule provides include

• Documents provided for identification appear to have been altered or forged;
• The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification; and
• An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled.

Things like these should raise a “red flag” in the mind of the dealership employee that encounters them, hence the name of the Rule. Dealerships must create a program that detects, prevents and mitigates identity theft by addressing the red flags that are relevant to their operations.

When the Red Flags Rule was announced in the Joint Final Rules and Guidelines, it weighed in as a 256-page cure for insomnia. But in its simplest form, it can be distilled down to just seven words:

1. Policy
2. Training
3. Detect
4. Prevent
5. Mitigate
6. Oversee
7. Ensure

Reasonable minds can come up with a longer or shorter list of requirements, or a different way to characterize them, but the foregoing list provides an easy way to discuss a dealership’s obligations, and makes the whole issue easier to understand. With that in mind, here is an overview of dealership obligations under the Rule.

Policy

At the core of the Rule is the requirement for “financial institutions” (which includes most dealerships) to create a written Identity Theft Prevention Program (ITPP). This is actually a misnomer, as no dealership can prevent identity theft – by the time an identity thief shows up to buy a car using a stolen identity, the theft has already occurred. But what the ITPP can do is prevent further damage from the identity theft, at least at the dealership.

The ITPP must be reviewed and approved in writing by the dealership’s board of directors or senior management. This requirement of a name on the “blame line” is clearly intended to extend liability to the dealer principal or senior management personally. “My GM handles that” will not be a defense!

The policy must reflect a consideration of all the red flags that might arise in the dealership, and establish a consistent process to address them. And if there is an irreducible minimum standard to be set forth in an ITPP, it is that no vehicle may be delivered in a case where an identified red flag remains unresolved.

Training

Interestingly enough, the Rule does not require training about the scope of the Rule itself (though that is a good idea). Rather, the Rule requires training about the scope of the dealership’s ITPP. At a bare minimum, a procedure must be in place that confirms receipt of the ITPP by the dealership employees it involves, and that those employees have read it, understand it and agree to follow it.

This type of training is well-suited for computer-based interactive instruction that tracks the ITPP itself. Coupled with a learning management system (LMS), this training can record and archive the fact of each employee’s training and the results. When it comes to lawsuits or enforcement actions, if it isn’t documented it never happened. An LMS makes sure the training is documented.

Detect

Detection of identity theft can be as easy as noticing the photo on a doctored driver license doesn’t match the age of the person it describes. Or it can be nearly impossible in the case of a professional ID theft ring. Common sense is the best defense.

The dealership’s ITPP should require certain basic steps be taken in every transaction. For example, careful examination of a customer’s driver license, paying specific attention to the following factors:

• Does the address on the license match that on the credit report?
• Does the picture and physical description fit the person offering the license?
• Does the birth date on the license match the apparent age of the person offering the license?
• Does the license show any obvious indication of being fake or altered?

Transactions falling under the Rule normally include pulling a credit report on the customer. Those employees who review credit reports should check the credit report for the following:

• Fraud alert
• Notice of address discrepancy
• Credit freeze
• Active duty military alert
• A recent and significant increase in the volume of inquiries
• An unusual number of recently established credit relationships
• A material change in the use of credit, especially with respect to recently established credit relationships
• An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor

Finally, a dealership could install a system to check, by electronic means, the following:

• Customer’s Social Security Number against the SSA Master Death File
• Address discrepancies
• Identity verification
• Age verification

There are numerous vendors for such electronic verification processes, most of which can include OFAC checks as well. Electronic verification has the benefit of being easy, automated and fast.

Prevent

As mentioned above, “prevent” really must mean the prevention of further damage from an identity theft. By the time it becomes an issue at the dealership, the ID theft has already occurred and cannot logically be prevented.

To understand the difference between detection and prevention, it is helpful to understand the difference between identity “verification” and “authentication.”

Identity theft is precisely that – the theft of an actual identity as opposed to creating a false identity. Thus, when a dealership employee is presented with an identity, that identity is likely a real one. Verification means taking steps to confirm the identity is real.

Authentication is the more important step. Authentication means confirming that the identity presented actually belongs to the person offering it. Performing this step properly is the best means of preventing further damage from identity theft at the dealership.

So, how do you authenticate an identity? How much time do you have?

The quickest and most effective method is to use “knowledge-based authentication,” or out-of-wallet challenge questions. This means presenting a customer with questions that cannot be answered by the information commonly carried in a wallet or contained in a credit bureau. Remember, an identity thief can run a credit report on the victim. So if questions are used that involve information in a credit report, the dealership is presenting an open-book test.

Out-of-wallet questions are computer-generated and use data that is more than 7 years old, the age limit for information on a credit report. By asking questions an identity thief can’t answer (“In what state did you live in 1983?”), a dealership can confidently authenticate the identity of its customers.

Out-of-wallet questions should present at least four – and preferably five – possible answers, and at least three questions. The odds of an identity thief correctly answering three five-option questions correctly are 1 in 125. In real life, once a question set is presented to an identity thief, one of three things happens: the thief “forgot something in the car,” has to go to the bathroom or simply runs out of the dealership. In any event, delivery of a car to a thief is thwarted.

For those dealerships with more time or no Internet access, a manual system is possible. A dealership could require customers to present three of the credit cards listed on a credit report, or a current passport or multiple other forms of government-issued ID. If this method is chosen, it must be consistent and documented. Photocopies of the identity-proving documents (but not credit cards!) should be kept.

This approach, however, includes its own risks. All such identifying documents by their nature contain nonpublic personal information (NPI). And NPI must be protected pursuant to the FTC Safeguards Rule. For my money, the electronic challenge question method is the way to go.

Mitigate

The requirement that dealerships “mitigate” identity theft suffers from a major flaw: the Rule does not define “mitigate.” Using plain English, this should mean at least to lessen the impact of the identity theft. At best, it means the restoration of an identity to its pre-event status.

In practice, this means that the dealership’s ITPP should include the requirement that the dealership “eat” the car it delivers to an identity thief – effectively buying back the deal from the victim who had no knowledge of the transaction. As a court will probably require this anyway, it is not really adding much to the dealership’s risk.

Including fully-managed (not “assisted”) ID recovery service to every transaction is a more proactive means of satisfying this ill-defined legal requirement. It is not my position that the Rule requires this – I don’t know how Courts will interpret this requirement – but it would help a dealer sleep at night, and it is inexpensive.

Oversee

Any business covered by the Red Flags Rule is required to “oversee” its service providers. This means that a dealership can only engage companies that also follow the Rule to the extent it applies to them. This is accomplished by contracts, or addenda to existing contracts, that pass along a dealership’s obligations under the Rule.
The purpose behind this requirement is to prevent a dealership from evading its obligations by contracting out its duties to a third party that may not follow the Rule. This is one buck that cannot be passed!

Ensure

A dealership must ensure its ITPP continues to work over time. The Rule requires a report be made to the dealership board of directors or senior management at least annually on the dealership’s compliance with the Rule.

The report should address material matters related to the dealership’s ITPP and “evaluate issues such as the effectiveness of the policies and procedures of the [dealership] in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements; significant incidents involving identity theft and management’s response; and recommendations for material changes” to the ITPP.

A good place to start the annual report is to document any instances of identity theft at the dealership in the previous year. Then ask the question, “How could this have been prevented?” Then amend the ITPP accordingly to address the issue.

In addition to all the foregoing, the ITPP must address the filing of suspicious activity reports when identity theft occurs or is attempted at the dealership, and filing notices of address discrepancy when such are detected.

The Red Flags Rule is a lot to digest, but it is a manageable task. And the biggest beneficiary may be the dealership itself, as a properly implemented ITPP should prevent the dealership from buying back paper for a car delivered to an identity thief.

LAKE SUCCESS, NY – DealerTrack, Inc., a provider of on-demand software and data solutions for the U.S. automotive retail industry, announced a number of enhancements to its compliance solution. Using the solution, dealers can more easily comply with legal and regulatory requirements and monitor their businesses’ activities.

The enhancements include a new Compliance Dashboard, which provides an overview of compliance-related activity across a store’s current deals on a single screen, as well as new functionality and design features that streamline navigation and increase the system’s effectiveness in encouraging full compliance on every deal. All of the new functionality is now available automatically to all DealerTrack Compliance subscribers at no additional cost.

The Compliance Dashboard provides a compact, single-screen view to help dealers identify users, documents and deals that are out of compliance. Highlights of the Dashboard include:

• Compliance Score – Provides an easy-to-understand benchmark of deals in a selected time period to give dealers a sense of their overall compliance level.
• Compliance Score Trends – Compares the trend in a dealer’s compliance scores against average compliance scores for dealers nationwide that use the DealerTrack Compliance solution.
• Additional Enhancements – The DealerTrack Compliance solution upgrade also includes a number of new features that enhance navigation and functionality; messages that highlight problems with incomplete deals more effectively; greater integration with the F&I process to notify users when there is a problem near the finalization of a deal; and enhanced reporting with drill-down capabilities to give quicker insight into problem areas.

“With these new upgrades, we truly believe that the industry’s best compliance solution has just gotten even better,” said Raj Sundaram, senior vice president, solutions and services group at DealerTrack. “We listened to feedback from our customers and have implemented a number of improvements that not only make our solution easier to use, but help dealers to more effectively monitor and increase compliance levels in their stores. Our new Compliance Dashboard provides a unique bird’s-eye view and streamlines the process through improved navigation and one-click access to all compliance activity.”

The DealerTrack Compliance solution is a critical component of the DealerTrack Performance Suite. It is the industry’s most comprehensive compliance offering, encompassing credit transactions and identity verification, menu selling, tracking and reporting, and electronic document management. It helps protect a dealer’s business by providing a framework that strongly encourages and simplifies adherence to all applicable laws and regulations at both the federal and state levels.

FT. WAYNE, Ind. – VisionMenu, Inc. has released an online F&I Sales and Compliance course specifically for powersports. This three-hour production is a standard feature of VisionMenu and VisionMenu Plus.

The training begins with a discussion on the F&I sales process, including how to

• Effectively Approach a Customer
• Present the Products
• Overcome Objections
• Get the Customer to Make a Decision to Buy

The training continues with products sales that will equip the F&I salesperson with knowledge of the products, benefits they provide and how to sell them effectively. It outlines the objections for each product and how to properly overcome them to take the customer smoothly through the close.

Menu selling is fast becoming the selling method of choice for forward-thinking powersports F&I manager or salesperson that presents the F&I products to the customer.

This online training is intended to provide a profitable menu approach that VisonMenu calls the Hybrid Menu Method. It also shows the F&I salesperson how to use an electronic menu to close the sale. The program concludes with an overview of the most important laws and regulations to be a compliant F&I manager at a powersports dealership.