Skip navigation
ID Thieves Get Creative

ID Thieves Get Creative

Everything looked legitimate in a deal that ended with a crook buying two luxury cars.

Identity thieves are getting creative. I recently reviewed a dirty deal that had looked legitimate.

The driver’s license from a neighboring state looked authentic. The check for the down payment had a valid routing and account number.

The credit report contained no alert or address discrepancy. The signatures on the documents matched the one on the driver’s license.

As we reviewed the file, with full knowledge by then that it was an identity theft, red flags did wave.

The police ran the driver’s license. The number on the copy in the file was off by one digit. Turns out, the driver’s license number was for a member of one race, the thief was of another and the person whose identity was stolen was of yet another.

Conventional thinking is that identity thieves do not put money down. But in this case, the thief had information about the victim’s checking account, created legitimate-looking bogus checks and used one of them for a 20% down payment.

The insurance card was from the victim’s insurance company. A call to the listed agent confirmed coverage. However, the card had a notation that it was a replacement.

In retrospect, the F&I manager and the salesperson noted the thief was constantly on her cell phone. They now suspect she was talking to a coach who called in plays.

The ID victim unwittingly bought two luxury cars that day. It was over the weekend when the dealership was busy and many of the businesses needed to confirm transaction information were closed.

It has been 10 years since the federal government began requiring dealers to follow the Safeguard Rule. The Red-Flags Rule followed.

In the beginning, many dealers relied on various templates to develop policies and procedures the two anti-identity theft rules required. For the most part, these templates were at least adequate to help dealers comply with basic requirements at the time of implementation.

But think of the differences between the new cars you sold 10 years ago and the ones in your showroom today. The technological advances will blow you away.

Similarly, identity thieves use technology that wasn’t around a decade ago. That’s why we must update our anti-identity theft policies and procedures to account for new threats.

Moreover, lenders are playing hardball. Some dealers report new dealer-lender agreements that require dealers to buy back bad deals involving identity thefts, even if the dealer did everything right.

Here are preventative measures dealers should consider:

Require U.S. or state-issued IDs (passport, driver’s license, state ID). Do not accept a Mexican Matricula Card or employment or school ID as the primary piece of identification.

In states that permit it, verify every driver’s license with the state’s Department of Motor Vehicles.

Compare driver’s licenses provided by out-of-state customers with facsimile examples in the National Automobile Dealers Assn titling guidebook.

There has to be a plausible reason someone who supposedly lives 400 miles (640 km) away is in your dealership. That could prompt some checking. Ask out-of-wallet questions of out-of-state customers.

Physically review credit cards offered by out-of-state and questionable customers. Verify the name. Check to see if the card was recently issued.

Consider obtaining thumbprints from customers not personally known by the dealership. Dealers who follow this practice tell of some people finding excuses to quickly leave when asked for a thumbprint.

Don’t assume multiple inquiries on a credit report are a result of the customer shopping. Call another dealership to confirm it did not sell the customer a vehicle.

Identity theft is serious. So are the consequences and the harm done to victims and dealers. Take your responsibility seriously.

Gil Van Over is the President of gvo3 & Associates, a nationally recognized compliance consulting firm that specializes in F&I, Sales, Safeguards and Red Flags compliance. Website:

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.