The FTC’s Privacy Rule and Auto Dealers FAQ http://www.ftc.gov/bcp/edu/pubs/business/autos/bus64.shtm
Automobiles: An FTC Guide For Consumers – Business Info http://business.ftc.gov/documents/bus13-dealers-guide-used-car-rule
US Dept. of Treasury – OFAC Regulations
http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/ques_index.aspx
OFAC Sanctions List Search
https://sdnsearch.ofac.treas.gov/
FAQ:
- Who can I run a credit report on?
Credit reports may only be run on a customer who approaches your business with the intent to purchase a vehicle and attempt to qualify for financing to do so. This is called “permissible purpose.” This is the only reason you should ever run a credit report. NEVER run your own credit, nor credit reports on your family members and friends. This is in violation of your contract, and doing so can be cause to suspend or terminate your account, either by Nowcom or by the bureaus. (Also, realize that if you were to run your own credit report, it would be stored on your server and all of your employees with access to the account would be able to view your personal information.) Everyone is entitled to a free credit report from all three bureaus every year. You can get yours by visiting
www.annualcreditreport.com.
- Who is allowed to use the account?
The Primary person on the account must designate employees to have access to the account. Each employee must have their own unique username and password, and must log in under their owner username each time they run a credit report. Employees may not use each other’s usernames. It is recommended to change your password every 3 months, and never share your password with anyone. Never allow another branch or other dealership to use your account. Each rooftop must have its own separate account. The Primary person attached to the account is ultimately responsible for all transactions run on the account. If you feel there are reports that your business did not run, please contact DealerCenter right away at (888) 669-2669 or email
compliance@dealercenter.com. We will investigate your account immediately as we take security breaches very seriously.
- Can I run credit reports on customers who request a vehicle online?
Yes. You must have in place a standard system for logging customer information to prove that the customer has given you authorization to run their credit report. You must keep as much information as possible, and always use the same method. If the credit bureaus were to choose your business for a random audit (see below), you will need to provide this proof to them. However, it is recommended to obtain a signature from the customer whenever possible. It is recommended to print and retain this file in a locked cabinet as proof of permission from the customer.
- Can I run credit reports on customers who apply via telephone?
Yes. Customers may contact your business via phone and authorize their credit report to be run for the purpose of qualifying for auto financing. However, it is imperative to keep a consistent logging method before running the customer’s credit report. The simplest way is to use your standard credit application, and fill it in as the customer provides the information. Be sure to ask verifying questions that only the customer would know – for example, get their current address AS WELL as their previous address, no matter how long ago it may have been. This information will show up on the credit report and help “verify” the customer’s identity. Ask for their social security number and their employer’s name. These too will appear on the credit report for verification before you attempt to continue the process of getting the customer financed. Ask for their birth date, as you should also to be able to verify that on the credit report.
Always be sure to check the bottom of the credit report for any consumer statements and fraud alerts. If there is a fraud alert or other notification, follow the instructions stated and recommend that the person come into the store in person to complete the application. This is the best interest of both your dealership and the customer.
This is to serve as a basic guideline to help your business remain compliant with the terms of the credit bureaus. This should only be used as reference. Your Owner/Principal(s) should determine the best method to qualify your customers over the telephone.
- How long do I have to keep the customer’s paperwork on file?
For every single credit report you run, even if it did not result in a deal, you must keep the customer’s authorization to run their credit report on file for up to 5 years. This is called the “retention period.” A consumer’s right to bring an action into a court of law in regard to credit negligence has up to 5 years from the occurrence of an alleged violation to do so. Therefore, although you needn’t keep all of the customer’s paperwork, you must keep their authorization filed away in a locked and secured area until the retention period is over, and then you must properly destroy the paperwork, by shredding, burning or other similar method that renders the documentation unreadable.
- I received notification of an audit from the credit bureau(s) directly. What is this and how do I comply?
All three bureaus randomly select companies to audit. They will send you a list of 3-10 persons your company has run credit reports on within the last few years. You need to find the customer’s authorizations and fax or mail to the address on the notice. If you cannot locate all of the customer’s files, you need to send as much information as you have, along with a note that explains why you cannot provide all the documentation. In most cases, the bureau will allow a second audit in the near future. However, if you are unable to fully comply with the second audit, the bureau may suspend or terminate your account.
- I received notification of an audit from DealerCenter. What is this and how do I comply?
DealerCenter will randomly audit our customers to ensure continued compliance. There are many types of audits, including but not limited to checking for permissible purpose, proper data entry input, making sure qualifying documents (ie business license) on file are up to date, etc. A first–time notification simply requires the principal/primary on the account to read and sign the document and fax back to our compliance department. If a second notification is received for the same violation, depending on the type, your account may be temporarily suspended or possibly terminated.
- What is OFAC, and does my company need it?
The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions programs primarily against countries and groups of individuals, such as terrorists and narcotics traffickers. Your OFAC option will scan your customer’s name, address and social security number to look for matches against the national list of these violators. Anyone who runs a person’s credit report is obligated to cross-reference customers against the OFAC list. DealerCenter offers OFAC with Experian to easily comply with this Federal law. You will receive OFAC with your Experian account automatically, unless you wish to “opt-out” and use another method. Contact your sales representative for the opt-out form. For more information, please visit the official site of the US Department of Treasury at
www.treas.gov/offices/enforcement/ofac/
- What should I do if OFAC presents a match when I run a customer’s report?
First, you must perform your own due diligence. Does the information appear to match your customer’s exactly, or is there only one thing that matches, such as a last name? Many times, it’s very easy to tell that the customer is not the person the OFAC list is likening it to. If this is the case, and feel with great certainty it is a mismatch, you may ignore it and proceed. If you feel that there is a strong possibility that this customer’s profile matches the list almost exactly, please go to this link for detailed instructions: (“When should I call OFAC’s compliance hotline?”)
www.treas.gov/offices/enforcement/ofac/faq/answer.shtml This will guide you through the exact steps to report your suspicions.
- I have attempted to run a customer’s credit report, but I am receiving an error. What is this?
Sometimes you may experience different types of errors when pulling a customer’s credit report. There can be a variety of reasons: improper data entry, customer file is listed as a minor (047 – Current House Number Error), the account is not properly activated (067 – Subscriber Not Allowed to Inquire), etc. In these cases, do not continue to re-run the report – call DealerCenter at 888-669-2669 for assistance. It is usually a simple explanation. Please be sure to note the exact error code.
In the case you run a report that shows as a FROZEN FILE: this file was locked by the customer, and only the customer can contact the credit bureau and authorize your business to run their report. This is not something Nowcom or your business can assist with.