To Catch a Thief: Detect Fraud With the Red Flags Rule and OFAC

“If you tell me your name and date of birth, that’s all I need to steal your identity” —Frank Abagnale, Catch Me If You Can

“If you tell me your name and date of birth, that’s all I need to steal your identity,” said Frank Abagnale in the book Catch Me If You Can.


Although you might have rooted for Leonardo DiCaprio’s scrappy rendition of Abagnale in the movie version, the last thing any dealer or F&I manager wants to face is identity fraud.

Getting caught in an identity scam can cost hundreds of thousands of dollars in lost inventory costs, plus legal fees and jail time if the dealership did not conduct due diligence.

So, what can a good F&I manager do? How can you be sure of a person’s identity when he or she is sitting in front of you?

Protecting nonpublic information

Dealerships are required to secure and protect all nonpublic information, including insurance cards, driver’s licenses, Social Security numbers, and information from credit checks. The fine for personal information remaining in public view is $40,000 per piece of information per day.

When a salesperson throws a copy of a driver’s license in the trash or leaves an insurance card copy out on a desk, it could cost the dealership $80,000. Costs rise exponentially when more than one salesperson does the same thing on multiple days.

Dealers have done a decent job of making sure F&I managers lock their offices, store deal jackets in locked file cabinets, and use auto-lock on computers when people step away from their desks. It’s equally important, however, to train sales staff on keeping information private.

Train salespeople how to deal with private information—how to take, copy, store, and lock it. Reinforce the importance of not leaving confidential information on desks, copiers, or in trash cans; implement daily checks to ensure compliance; and address problems before they become issues.

Because of people like Frank Abagnale, dealerships are required to have processes to prevent fraud, and keep specially designated people from accessing U.S. financial systems.

Two specific processes with significant repercussions for noncompliance include the Red Flags Rule and the Office of Foreign Asset Control.

Red Flags Rule

Under the Red Flags Rule, created by the Federal Trade Commission (FTC), dealerships must have an identity theft prevention process (ITPP) in place. Noncompliance penalties are $3,500 per violation, plus injunctions.

There are four elements of a good ITPP:

  1. Identify Red Flags. This is most often done using software for credit reports and submitting loan applications to lenders. The software may notify you of an invalid driver’s license number or wrong address; however, your team should also look for behavioral Red Flags. Is the customer anxious, in a hurry, or trying to use large amounts of cash? Paying attention to both behavior and the credit report will help your team move on to the next ITPP step.
  2. Evaluate Red Flags. Not everyone updates their driver’s license after every move, or changes from a maiden name to a married name immediately. When those Red Flags appear, your team should try to clear them, asking for further proof of identification, such as a phone or electricity bill, or a marriage certificate. If a customer tries to rush past these stipulations, there is cause for concern.
  3. Respond to Red Flags. If an F&I manager can’t clear Red Flags, the best action is to involve the F&I director or general manager. Upper management can notify the proper authorities, explain that the dealership simply cannot make the deal work, or politely ask the customer to leave.
  4. Update the process. All compliance processes should be regularly updated, and Red Flags compliance is no different. New ways to commit identity fraud continually emerge. Dealers must be prepared to identify, evaluate, and respond to changes, and regularly discuss fraud they have detected.

Office of Foreign Asset Control

The U.S. Patriot Act created the Office of Foreign Asset Control (OFAC), which gave OFAC jurisdiction over dealerships, requiring them to check customers against a Specially Designated Nationals (SDN) list.


Failing to comply with OFAC can result in 30 years in prison, a $10 million fine for corporations, and a $5 million fine for individuals.

By checking this list, businesses help keep certain individuals, foreign governments, financial institutions, and organizations from accessing U.S. financial systems or benefiting from services involving U.S. markets.

The process is essentially the same as with Red Flags. If a name is flagged, your team should verify the identity of the person in front of them.

For example, John Smith is one of the most common names in the U.S. Is the John Smith in front of you the same as the one on the list? Do they have a different middle name or suffix? Are they local, or did they just move to the area? Delving deeper could clear a customer from the SDNL, or validate that you have a specially designated individual in the dealership.

Let’s say you have a customer with several Red Flags whose name is flagged in the SDNL. What do you do?

Upper management can help by contacting the OFAC hotline, and may be asked if it’s comfortable keeping the individual in the dealership until authorities arrive. If not, notifying the hotline and providing the individual’s current location fulfills the dealership’s obligations.

The dealership’s process for handling SDNL compliance should be updated regularly to protect the dealership from criminal activity.

Compliance processes aren’t designed to make life more difficult. They are meant to protect against fraud. By regularly updating your processes and reinforcing them through training, your team will be better able to protect your dealership while effectively processing legitimate deals.

These processes will become second nature, reducing business disruption while enhancing your dealership’s ability to detect fraud.

As executive vice president of dealer services at EFG Companies, John Stephens directs the company’s direct sales and service channel, providing EFG’s solutions and engagement to auto dealers. John acts as an extension of his clients’ management teams, and is responsible for leading EFG account service professionals in optimizing the profitability of EFG’s direct dealer partners, and supporting the use of EFG products and services.

John Stephens

0 Comments

No comments!

There are no comments yet, but you can be first to comment this article.

Leave reply

Your email address will not be published. Required fields are marked *