2020Directory_FNL_FlippingBook

Employees who perform program functions should prepare annual reports to the Program Manager concerning the ITPP’s effectiveness and make suggestions for improvement. The Program Manager should then use these reports and other identity theft resources to make an annual report to your Board or senior management detailing the effectiveness of the ITPP and proposing material changes. Training of employees and strict oversight of ITPP service providers who have access to your customers’ data are also critical tasks that the Red Flags Rule requires. Document everything you do and keep copies of all identity-related documents (e.g., the report of the electronic identity verification service and anything the consumer gives you to prove their identity) in the deal jacket in case you are audited. Apply your ITPP to every customer. Note that while the Red Flags Rule does not apply to cash sales, the requirements provide a wealth of information for dealers to use broadly in their business to help avoid identity theft issues and losses. The Address Discrepancy Rule The FCRA imposes specific obligations on users of consumer reports when an address discrepancy is identified by a consumer reporting agency. Together with its Red Flags Rule, the FTC issued a companion rule related to the address discrepancy requirements. The law requires users of consumer reports who receive a notice of address discrepancy from a consumer reporting agency to have reasonable policies and procedures in place to form a reasonable belief that the consumer report relates to the consumer about whom the report was requested. For example, there are multiple John Smiths and the law requires you to take appropriate steps to verify that you have the consumer report for your applicant prior to taking any action based on the consumer report. In addition, Dealers who establish a continuing relationship with consumers for whom they have received a notice of address discrepancy and who routinely furnish information to a nationwide consumer reporting agency (Experian, Equifax, Trans Union), must also reasonably verify the accuracy of the address provided by such consumers and furnish the verified address to the nationwide consumer reporting agency that provided the consumer report and notice of address discrepancy.

2020 MEMBERSHIP DIRECTORY & SERVICES GUIDE HOT TOPICS

Credit and Debit Cards: Fraud Prevention In an effort to prevent credit card fraud, the industry has moved to credit cards with computer chips (a “chip card”). The use of chip cards requires more sophisticated card readers that can read a random code generated by the device. If you do not have and use such a chip card reader after October 1, 2015, you face the risk of being liable for a fraudulent transaction committed using a chip card. Further, the Fair Credit Reporting Act (FCRA)

prohibits printing more than the last five digits of a credit or debit card number or the card’s expiration date on any electronically printed card transaction receipt. Damages for doing so are $100 - $1,000 per receipt for willful violations (generally a knowing or reckless violation) with no cap on damages in a class action. MasterCard andVisa can also assess fines starting at $5,000 for the first violation and going up fromthere. Make sure your card processing machines are set up to not print any more than the last five numbers and do not print the card’s expiration date.

150