car dealer DATA BREACH requires immediate red flag rules response

Red Flag Response
The red flag compliance officer must evaluate
which red flags have the greatest potential and
prioritize verification and action policy when red flag detection occurs.

+++

The first step in good identity theft detection is
obtaining good documentation
regarding the identity of the customer opening a “covered account”.

+++

A minimum amount of required information should be obtained, including:
1)         Full name of the customer
2)         Date of birth
3)         Address, residential or business address for an individual
4)         Identification number, such as social security number,
taxpayer identification number or passport identification number

+++

The second step in good identity theft detection is
verifying and authenticating the customers identity and documentation.
These steps include:
1)         Obtain unexpired government issued photo ID,
such as a driver’s license, identification card or passport
2)         Obtain government issued business documents,
such as articles of incorporation, business license, resale permit, or partnership agreement.
3)         Obtain information to make independent verification
through a consumer reporting agency,
public database, financial institution or financial statement.

+++

Appropriate response to red flag incidents must also be addressed in the policy.
If the dealership has had a data security exposure all red flags require closer scrutiny.
For a red flag incident which can be resolved,
a written explanation in the file is all that may be required,
with a signoff by the red flag compliance officer.
The response should escalate
when the red flag incident cannot be resolved
through conventional policy methods.

+++

The red flag compliance officer will then have to decide a course of action:
1)         Terminate the transaction as red flags are unable to be resolved
2)         Keeping the transaction in house rather than outside vendor
3)         Law Enforcement notification

+++

Red Flag Rules Program Updates
Credit bureau reporting and notification of appropriate government agencies
should be part of a comprehensive identity theft prevention program .
Periodic updating of the red flag rules,
as well as procedural audits and cyclical staff training
will insure the red flag compliance officer achieves success.
These updates will include any new dealership experiences with identity theft,
changes in methods of identity theft,
changes in methods of prevention,
detection and mitigation of identity theft and
changes in the business model and/or structure of the dealership.

+++

The red flag compliance officer always reports back to the dealer with audit results,
modification orders and a training schedule for all staff.
A dealer must then certify their red flag rules policy as complete
and in compliance with all aspects of the red flag rules.

+++

Once in compliance, training of all staff must be conducted in a timely and ongoing manner.
The red flag compliance officer must make a periodic review of business practices and red flag rules and certify continued compliance with the red flag rules, the Identity Theft Prevention Program.

+++

Current List of Red Flag Rules Instructors
Joseph Weatherman                415-730-3131
Azita Rezaei                             415-730-3137
Jorge Elizalde                          209-985-0426
Mike Ramos                             714-797-5780
Sony Duong                             714-677-0843
Claudia Patton                          310-216-1438
Elizabeth Bertolone                  408-761-0107
Iris Cervantes                           619-933-6112