A Dealership Tour

A true story by Mr. Al Mosher

This is a true story. Only the names have been changed (or left out) to protect the guilty. And, while you will probably be amazed at some of the things I am about to tell you, they are by no means different than what I have observed at almost every dealership I have visited.

This dealership had a strict UP system with salespeople stationed at the front door as greeters on a rotating basis. You would think that it would be difficult for anyone to gain access to the dealership without being logged by these greeters. However, as I walked through the front door, I simply stated, “I’m here to see Dave” (or John or Jim or any other common name), pointed to the offices and started walking in that direction. No one questioned me or stopped me. As I later observed at this dealership, people who entered through the side door or from the service department generally had free run of the dealership for at least 20 minutes.

As I got into the showroom, I noticed an empty salesperson’s desk just outside the General Manager’s office (whose name I had used because I had seen him dozens of times on the dealership’s television commercials). I sat down like I was waiting for the GM and needed to make a telephone call. As I listened to the dial tone, I went through the desk drawers. I found 3 credit applications complete with Social Security Numbers, 2 credit reports on customers and 5 copies of driver’s licenses.

Moving on, on my way to the finance offices, I walked by an area that contained a copier, printer and fax machine. Lying on the counter was a customer’s credit application with addresses, jobs, Social Security Number – everything someone would need to steal his identity. This application was lying there in the open for the entire 5 hours I spent at this dealership.

Next, I came to the three finance offices. All were unlocked, with the doors open, and no one was in any of them. I walked into each office and each contained at least one complete deal folder in the open where it would have taken 10 seconds to snatch and go. The real goldmine; however, was in the last office. There were a series of holders on the wall that contained information for deals still in progress. They were filled with insurance verifications, license registrations, paycheck copies, and other information. Again, it would have taken no time to steal this nonpublic information.

It’s hard to believe but within 10 minutes of walking into this dealership, I could have been walking out with enough nonpublic information to steal at least 6 and probably more like 10 of its customer’s identities. And that is without looking any further into sales managers’ offices, service, parts or the business office. Each of these would have likely yielded a significant amount of additional nonpublic information.

And this dealership thought it did a good job protecting its customer’s data. The same area that contained the fax machine and copier also housed a shredder and employees were told to shred all sensitive material; however, there was no system in place to monitor whether this actually took place or not and the shredder was a slit shredder that did not meet the requirements of the Disposal Rule. In addition, the waste receptacle of the shredder was not locked and any employee would empty it and set the shredded strips outside by the trash where anyone could pick up bags and bags of the material and reconstitute them into the original documents. I would estimate that each bag contained enough material to successfully steal the identity of about 20 people.

This dealership also had signs posted on each of the finance offices that it was a secure document area. I’ve seen this in a few stores and I think it is a terrible idea. I’m sure the dealer or GM would never consider putting up a sign that said “All Money Kept Here” by their cash register or safe and yet that is exactly what they are doing with their customer’s private information. I guess it’s a good thing they leave these doors unlocked and propped open; that way you can’t see the signs.

This is just a brief story about a brief portion of one visit to one store and yet, I found numerous opportunities to help myself to confidential material. What I actually did was put it all into my briefcase before I walked into the owner’s office. I asked him if he thought his dealership was compliant and, when he answered in the affirmative, I opened my briefcase and dumped its contents in the middle of his desk. To put it mildly, he was astonished.
If I come to your store, will the story be the same?