Newsletter Signup

If you'd like to receive our Dealer Newsletter please fill out the simple sign up form below.

First Name

Last Name

* Email




* = Required Field

Testimonial

“Constellation Tech support is one of the best I’ve ever had. Any problems I may have are resolved fast! You are 150% GREAT!

Justin,
Bening Motor Company Jackson, MO.

Constellation Automotive Software Newsletter - May/June 2010

Print E-mail

Red Flag Compliance! Welcome to the May/June Edition of the Constellation Automotive Software Newsletter.

News & Announcements

 

Red Flag Complaince

Red Flag Compliance

 



Red Flag – A pattern, practice or specific activity that indicates the possible existence of identity theft

The Red Flag regulation implements Sections 114 and 315 of the Fair and Accurate Credit Transaction Act (FACTA). It finalizes three distinct requirements – two of which are relevant to auto dealers, namely:

   1. Duties of users of consumer reports regarding address discrepancy

   2. Duties of financial institutions and creditors regarding the detection, prevention and mitigation of identity theft

The regulations became effective as of January 1, 2008 and compliance became mandatory as of November 1, 2008. Enforcement was scheduled to begin 6 months later but has been postponed 3 times and is now scheduled to commence on June 1, 2010. Unfortunately, many dealers misunderstood the delay in enforcement to be a delay in required compliance. In fact, compliance has always been required as of November 1, 2008. If you have not completed your Red Flags compliance program, you need to do so immediately.

The regulations require all users of consumer reports to furnish the consumer’s address to the consumer reporting agency that provides an address discrepancy notice and that each financial institution, which includes car dealerships, establish an identity theft prevention program. In designing your program, you may incorporate all existing policies, such as those designed for GLBA compliance, that control reasonably foreseeable risks to consumers and the safety and soundness of the dealership from identity theft. The elements that must be included in such a program are as follows:

Identify relevant Red Flags and incorporate those Red Flags into your program. Dealers should consider the following types of risk factors identifying Red Flags:
          * Types of accounts the dealer offers or maintains
          * Methods the dealer provides to open those covered accounts
          * Methods the dealer provides to access its covered accounts
          * Previous experiences in identity theft
          * Alerts, notifications or other warnings received from credit reporting agencies and other service providers
          * Suspicious documents or suspicious personal identifying information such as a suspicious address change
          * Unusual use of or other suspicious activity related to a covered account
          * Notice from customers, victims of identity theft, law enforcement or other persons regarding possible identity theft

Detect Red Flags in your daily operations
Detect Red Flags in connection with the opening of new covered accounts and existing covered accounts, such as by the following:
          * Obtain identifying information and verify the identity of all persons opening a covered account
          * Policies and procedures from your existing Customer Identification Program should be used
          * Authenticate all customers, monitor transactions and verify the validity of change of address requests in all existing accounts
          * Some of the more common Red Flags are documents that look to be altered or falsified, SSN that have either never been issued or come back as being on the Social Security Administration’s Death Master File

Respond appropriately to any Red Flag events that are detected
The Program’s policies and procedures should provide for appropriate responses to Red Flags detected. Appropriate responses may include the following:
          * Monitor a covered account for evidence of identity theft
          * Contact the consumer
          * Change passwords and/or security codes
          * Reopen a covered account with a new account number
          * Refuse to open a new covered account
          * Close an existing covered account
          * Not attempt to collect a covered account and/or not sell a covered account to a debt collector
          * Notify law enforcement
          * Determine that no response is warranted based on the particular circumstance

      Update the Program regularly
      Your plan should include provisions for periodic updates to reflect changes in identity theft risks to consumers and to your dealership. Changes to your Program may be based on the following factors:
          * The experiences of your dealership with identity theft
          * Changes in methods of identity theft
          * Changes in methods to detect, prevent and mitigate identity theft
          * Changes in the types of accounts your dealership maintains

Administration of the Program
Financial institutions and creditors of all types must obtain approval of the initial written program from the Board of Directors or a designated senior management employee in writing, train all staff members in Red Flag compliance including how to spot Red Flags and what actions to take, and exercise appropriate and effective oversight of service provider arrangements.

Dealers should also be mindful of other related legal requirements that may be applicable, such as:

   1. Filing a Suspicious Activity Report when incidents are noted
   2. Implementing requirements to correct or update information provided to consumer reporting agencies or to not file information that the reporter has reasonable cause to believe is not accurate
   3. Complying with requirements prohibiting the sale, transfer or placement for collection of certain debts resulting from identity theft.

Red Flag compliance is not just a legal requirement. It is your responsibility to protect your customers’ identity and safeguard the information they have provided to you. Make sure that you collect sufficient information to be confident of your customers’ identity and that your files are secured, as required by the Safeguard Rule of the Gramm-Leach-Bliley Act, and you will be well on your way towards Red Flag compliance. Develop your written plan as outlined above and you will have fulfilled the responsibility you assumed when your customers’ trusted you with their private information.  

Constellation Automotive Software Newsletter - May/June 2010

Constellation Automotive Software Newsletter - May/June 2010

Constellation Automotive Software
Call Us at: 1-800-654-4955 Software Support: Option 1
Account Management:Option 5 DCF Consulting: Option 4
Sales: Option 1 or Extension 6974 Or Fax us at: 1-941-355-8980
To Access Client Care Center or visit our website, go to www.constellationauto.com