Synthetic ID fraud is a form of identity theft in which the victims are the finance source and potentially the dealer if the finance source requires a buyback upon default.
Synthetic IDs combine real data, such as a legitimate Social Security numbers, with false information, like name and date of birth, to create a new credit profile. Think of the synthetic identity thief as Dr. Frankenstein using different corpses to piece together his monster.
Numerous excellent articles will tell you what synthetic ID theft is and how to detect it. What you probably will not find is a plan for what to do with your prospect if you suspect he is really Frankenstein disguised as a citizen.
Deception and Detection
Most dealers subscribe to software to uncover potential red flags during the transaction. These systems have an optional synthetic ID vetting process which the dealer can subscribe to. If the dealer chooses to save the expense, the managers must be aware of all the warning signs. Being uber-vigilant is likely to be less effective than paying for the service.
Some of the warning signs include but are not limited to:
An “in file” date on the credit report does not match the applicant’s age.
For example, a 42 year old with a two-year credit history may have been incarcerated or in a monastery for 20 years. Or he could be Frankenstein.
A thin credit file. The first trade line is likely an authorized user account.
Several hard inquiries in a short amount of time.
For those born before the Social Security Administration began assigning numbers randomly, there was a rhyme and reason to the SSN. Since this change took effect on June 25, 2011, this should apply to every SSN you see. Confirm the numbering methodology matches the consumer demographic.
Queasiness. Trust your gut.
Policy and Process
If you believe you are being visited by Frankenstein, the manager must clear the potential hit.
Obtain and compare a second government-issued ID to the first one provided. Consider the use of an ID vetting software.
Search the applicant’s name in Google Images. Compare the photos you find to the one on the government-issued ID. Screen-print the online image and scan to the deal file.
Verify the SSN with a valid Social Security card or award letter.
Run the out-of-wallet questions and require 100% correct answers.
Use Google Maps to search the provided address. Confirm it is residential. Ask the applicant verifying questions: “What size is your pool? What is the name of the elementary school in your neighborhood? How many garage doors do you have?” Print and scan a copy of the search results and record the responses in the system.
Review all signatures for consistency.
Verify insurance.
Personally call and verify employment. Search for the business online and call the listed number, not the one provided by the applicant. Obtain and vet the paystub.
Obtain a credit approval from one of your finance sources.
Require Frankenstein to sign the documents and take delivery on premises. Some Frankensteins are bashful and prefer remote deliveries.
Complete and scan your synthetic ID checklist. Write me if you need one.
Secure the GM’s approval before the customer takes delivery.
Red Flags Rule Compliance
The Federal Trade Commission’s Red Flags Rule requires dealers to conduct an annual assessment of the sufficiency and efficacy of their identity theft prevention programs. The rule also requires an annual written report to the owner or board of directors.
If you haven’t done so already, update your ITPP to identify this threat and document processes you have implemented to address it. Your next annual report must document any actual deliveries to Frankenstein, including what went wrong and how you changed your policy or process to prevent a repeat.
I know this sounds like a lot, and you can of course modify this policy to your risk level. Just don’t be like the villagers and keep looking the other way until it is too late.
Continued good health, good luck and good selling.
Gil Van Over is executive director of Automotive Compliance Education (ACE). He is also founder and president of gvo3 & Associates and author of “Automotive Compliance in a Digital World.”
