Identity theft, verifying customer identities and protecting customers’ private information are potentially huge liabilities for dealerships. Here are some tips from panelists on a recent webinar on dealership-level fraud by the Association of Dealership Compliance Officers, Colleyville, TX.
Regulators expect dealerships to react quickly and effectively after they discover customer data has been exposed, says Randy Henrick, president of Randy Henrick & Associates, Oyster Bay, NY.
“The FTC isn’t going to go after anybody just for having a breach. But you’ve got to have a plan and implement it quickly. That’s how the FTC will judge you,” he says. “Do you supply a notice to customers? Do you have template documents, template notices that can be filled in? Do you have one person — only — who’s going to communicate with the media?”
He says dealerships should rehearse how they would respond to a data breach.
Hold Your Horses
Doug Fusco, founder and CEO of Dealer Safeguard Solutions, McKinney, TX, says dealerships shouldn’t get so caught up in the desire to do a deal that they miss obvious warning signs. “Somebody comes into the dealership. They’re in a hurry. They’re antsy. They want to take delivery somewhere other than their home or work address. Take an extra five minutes. Check the driver’s license. Take 30 seconds and look up their address on Google Maps, and make sure it’s not an open field,” he says.
Dealerships that are careless with customers’ personal information have an “appetite for risk,” says Terry O’Laughlin, director of compliance for Reynolds & Reynolds, Dayton, OH.
Best dealership practices include tightly restricting access to customer information and not allowing anyone access from outside the dealership, he says.
“Managers and dealers want to take information over the cell phone. That type of information should be very, very carefully controlled — incoming and outgoing.”