Suspicion Leads to Arrest

Jack Maxton Chevrolet understands the Red Flags rule. Careful review of an applicants license, signature and loan application led to the arrest of an identity thief as reported in the Dealers Edge.

Something didn’t seem right about the customer looking for a car loan.

DealersEdge Headlines

Reggie Carter aka Jerry Stevens wanted a new Corvette in the worst way. Instead of the Corvette, however, all he got was a good lesson and some quiet time alone to think about what he had done.

The lesson: Dead men tell no tales. They also don’t buy new cars.

Reggie Carter, the real one, was a mailman who died earlier this year at age 42. Jerry Stevens is an opportunist who stole Mr. Carter’s identity and hatched a plan to con car dealers.

According to a report in the Columbus Dispatch, the scam began when a man walked into Jack Maxton Chevrolet and said that his father, Reggie Carter, was interested in a new Corvette. A short time later, the man identifying himself as Reggie Carter called and asked to apply for the car loan over the phone. He got preliminary approval to finance the car.

Later in the day, Jerry Stevens, posing as Reggie Carter, walked into the showroom with another man, whom he identified as his son. Mr. Stevens signed papers and produced a Michigan driver’s license with Mr. Carter’s name and signature on it, but his own picture.

The conmen drove onto the dealership lot in a new, black BMW convertible. Police think Jerry Stevens also used Reggie Carter’s identity to buy the BMW 650i for $59,000. The BMW was recovered when Kenyatta Reed, one of the “sons”, was stopped in the vehicle in a Detroit suburb.

The F & I director became suspicious when he noticed that the signature on the man’s driver’s license didn’t match the signatures on the credit application for the $67,000 car. This is where the story takes one of those “world’s dumbest crooks” turns.

The suspicious finance director called a phone number that Jerry Stevens had given him to verify employment. But the phone number belonged to Byron Carter and Dorothy Hooks-Carter, the brother and sister-in-law of the real Reggie Carter. The Carters blew the whistle on the attempted theft.

Jerry Stevens now stands indicted on charges of identity fraud, possession of criminal tools and five counts of forgery. He is cooling his heels in jail.

Are You Following the Procedure?

Do you have written procedures to respond to employee complaints concerning discrimination or sexual harassment? Presumably your answer is yes. If not, there is no need to read on and best of luck when called upon to defend a sexual harassment claim. Assuming one has written procedures for dealing with employee complaints; the next question is whether those procedures are followed. Not following the investigation process can be just as damaging as ignoring the claim.

I recently watched a mock jury deliberate a sexual harassment and retaliatory discharge claim. Empanelled jurors represented a cross section of what one would expect to get on any jury. The facts of the case were as follows:

A female employee complained to the human resource manager that she was receiving repeated uninvited sexual requests from a co-worker. The HR manager interviewed the co-worker who denied any improper conduct or advances. The HR manager told both employees to knock it off and that such conduct would not be tolerated. The female employee then went to her direct supervisor to express her discontent with HR’s handling of her complaint and reiterated her accusations. The supervisor said he would look into the claim, but there was no evidence that he followed through. There was no documentation from HR or the supervisor regarding the employee’s claim, investigation, outcome or action taken.

Two months later the complaining employee was investigated for improper conduct on the job. Potential witnesses were interviewed and reports were made and delivered to upper management. Based upon the investigation, the female employee was terminated. She filed suit for sexual harassment and retaliatory discharge.

The jury began deliberating the two claims. They started out well and agreed there was insufficient evidence at the time that the Plaintiff had been sexually harassed. It looked like it would be smooth sailing for the employer. When discussions turned to the wrongful discharge claim, the case rapidly deteriorated for the employer.

Two thirds of the jurors immediately questioned the “process”. Why were their no written reports on the employee harassment claim? Why didn’t the supervisor follow through? Each of the jurors began to express concern with the failure of the employer to follow a process when looking into the employee’s original claim. Jurors expressed their personal views as to how her claim was handled. Even though it was a “he said she said” case, why didn’t HR talk to coworkers? Why didn’t her supervisor do anything? Why didn’t the employer document the investigation? These questions quickly turned into indictments of the employer by the jurors.

What started as a not guilty verdict for employer rapidly disintegrated into a verdict of two million dollars compensatory damages, and five million dollars punitive damages against the employer. The verdict was reached upon jurors’ belief that no process was followed on the original claim. They all agreed it was investigated, but because they did not see a formalized investigative process, they ended up siding with the employee. A rather frightening outcome based upon the jurors initial agreement that the employee failed to prove any harassment claim.

The moral of the story is to document the process and the employee file. This holds true for harassment investigation as well as all other employee matters. Begin the process of documenting the employee file from day one and formalize all investigations regarding employee claims, accidents, misconduct, and injury. Documented proof that the employer followed established guidelines and compliance processes could well save the day when an employer is accused of misconduct. Documentation applies to employee misconduct, and non-performance as well. Verbal warnings carry very little weight when faced with making a termination decision. Particularly once the employee in question has made a workers compensation claim, or complaint to a regulatory agency. Failure to document the employee file may result in retention of a troublesome employee, or a wrongful termination claim.

David Missimer
Attorney and General Counsel for
Automotive Compliance Consultants, Inc.
Crystal Lake, IL

May Day

May 1, 2009 is the date the Federal Government expects your dealership to be in compliance with the Red Flag Rules.

May 1, 2009 is the date the Federal Government expects your dealership to be in compliance with the Red Flag Rules. We do not expect any extensions by the Feds, after all that tv antenna extension is creating a lot of havoc. If only Dealers could be so lucky as to receive a little something from the current administration, other than new sales manuals created by individuals who have never held a job in the private sector, let alone in the car business. Enough of the rant.

For those who have been hibernating, or selectively procrastinating, May 1, 2009 quickly approaches.  On May 1, 2009, the Federal Government expects your dealership to be compliant with the red flag rules; NOT GETTING AROUND TO DOING SOMETHING ABOUT IT.  Fines for violating the rules range from $2,500.00 per violation, to as high as $11,000 per incident.  The Federal Government instituted the Red Flag Rules, and gave all financial institutions plenty of time to be in full compliance by May 1, 2009.  We do not anticipate much leniency will be given to those institutions that have not implemented their red flag program on or before May 1, 2009.

As is always the case, there are numerous software programs, books, and publications which claim to show you the way to comply with the Red Flag rules and other government regulations.  The problem with these approaches is that those who work in your dealership need to do more than just know what the regulations are.  Your dealership is required to have a written program that includes reasonable policies and procedures to detect, prevent and mitigate identity theft.  This is the responsibility of each and every employee in your dealership, and not just a select few.  This requires an understanding of all facets of your dealership, training of your employees, and institution of the written polices.  As we have stated before, here in the Coffee Break, if your dealership has been complying with the FTC safeguards rules in their entirety, then you are well on your way to compliance with the Red Flag Rules.

Failure to comply with the Red Flag Rules will not only subject your dealership to government fines, but lenders are not sitting back idle when they determine they are the victim of identity theft.  Even before January 1, 2008, lenders were no longer sitting back as dealers sold vehicles to people with questionable credentials.  In cases I have been personally involved with the lenders demanded reimbursement for vehicles sold in cases of obvious identity theft.  This left the dealer in the position of having to locate the car, obtain the car and hopefully be able to resell the car to minimize its losses.

Automotive Compliance Consultants works with over 600 dealerships across the United States.  As such, our consultants are in a unique position to see what happens on a daily basis in dealerships of all sizes.  During this time period, we have consulted with dealerships that felt they had everything under control but did not.  Recently one of our consultants was discussing the Red Flag Rules with a dealer and was told that they were waiting until November 1. Forty-five minutes after our consultant left the store he received a phone call regarding a letter the dealer received from a company stating that identify theft had occurred on one of the transactions.  Needless to say, neither the lender, nor the dealer was very happy with the situation.  Quite honestly, the situation could have been avoided had the dealership had a Red Flag program in place. The red flags on the deal were glaring.

The number one complaint to the Federal Trade Commission over the last three years has been identity theft.  It is the priority of both Federal and State government officials to stop identity theft.  The only way the government can assist in thwarting identity theft is try to stop it at its source.  Thus, the institution of the Gramm, Leech, Bliley Act, Safe Guards Rule, other regulations under the Fair Credit Reporting Act, Fair Credit Transaction Act, and now the Red Flag Rules.  Each of these regulations is designed to put an end to identity theft before a questionable transaction occurs.  All of these regulations are designed to work hand and hand to stop identity theft.

What the Red Flag Rules mean to your automobile dealership is that you are on the front line of identity theft protection.  You can run all the computer programs you wish, but not be compliant with the above regulations at all.  Each of them requires employee training, some common sense, a written plan of action, and continued vigilance to monitor the plan, changes in your business, changes in the market, and of course the changes instituted by identity thieves themselves to acquire your merchandise and customer information.

As with all regulations, beyond the government fines and penalties, there is the civil liability that is waiting in the wings.  The Plaintiffs’ lawyers are out there waiting, in fact advertising, for clients who are victims of identity theft.  You really don’t want that future client to come from your dealership.  You have approximately thirty days to be compliant.  Not thirty days to think about being compliant.  The Federal Government has granted all financial institutions seventeen full months to become compliant.  They expect that you will be compliant on May 1, 2009.  How is your plan coming?

David R. Missimer
General Counsel
Automotive Compliance Consultants, Inc.

HOW NOT TO WORK YOUR RED FLAG

HOW NOT TO WORK YOUR RED FLAG The following is a story about a woman arrested for trying to buy a wave runner with a stolen ID. A sales staff selling wave runners caught her. Good for them. Read on in the article. She arrived to purchase the watercraft in a new Tahoe. Police located a new Nissan at her residence. Both vehicles were purchased with other people’s information. You have to love the red flag program those automobile dealerships had in place if you’re an identity thief. What are the chances I might be able to score some personal information at those dealerships? I’m guessing, pretty good. Woman arrested for identity theft

Written by Identity Theft Daily Staff
Wednesday, 04 March 2009
Riverside Police Officers responded to a motor sport dealership regarding a woman trying to purchase two Sea-Doo watercraft with fake identification. The woman was later found to be in possession of several fraudulently-purchased vehicles and furniture.
Investigating officers learned the suspect was in possession of ID for three other names, with credit reports and false California driver’s licenses. Officers also located more false licenses utilizing different male names with the same picture.
The suspect arrived at a Riverside motorsports dealership in the 7500-block of Indiana Avenue, driving a 2008 Chevy Tahoe she purchased in Puente, entirely on credit and registered to one of the false names. The Puente car dealership confirmed the Tahoe was purchased for $40,000 using one of the fake driver’s licenses. A receipt found in the car showed that $6,000 worth of furniture was purchased from the Ashley Home Store in Murrieta under one of the male’s names and delivered to a Moreno Valley address. Envelopes containing credit applications for various credit cards under the false names were also found in the car.

An Economic Crimes Detective responded to the suspect’s Moreno Valley residence, where investigators located a new Nissan Altima sedan and a Yamaha Wave runner watercraft on a trailer located in the driveway, and a Yamaha motorcycle located in the garage. All three vehicles were registered to one of the fraudulent names. The fraudulently-obtained furniture was inside the house. Ashley Home Store sent a truck to pick up the furniture. Police towed all the vehicles. Miriam Macedo, 42, of Moreno Valley, was arrested for Identity Theft and booked at Robert Presley Detention Center in Riverside.

MILLIONS FOR NON-COMPLIANCE

MILLIONS FOR NON-COMPLIANCE
MILLIONS FOR NON-COMPLIANCE

CVS Caremark Settles FTC Charges:
Failed to Protect Medical and Financial Privacy of Customers and Employees;
CVS Pharmacy Also Pays $2.25 Million to Settle Allegations of HIPAA Violations CVS Caremark has agreed to settle Federal Trade Commission charges that it failed to take reasonable and appropriate security measures to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In a separate but related agreement, the company’s pharmacy chain also has agreed to pay $2.25 million to resolve Department of Health and Human Services allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA).
“This is a case that will restore appropriate privacy protections to tens of millions of people across the country,” said William E. Kovacic, Chairman of the Federal Trade Commission. “It also sends a strong message to other organizations that possess consumers’ protected personal information. They are required to secure consumers’ private information.”
CVS Caremark operates the largest pharmacy chain in the United States, with more than 6,300 retail outlets and online and mail-order pharmacy businesses.
The FTC opened its investigation into CVS Caremark following media reports from around the country that its pharmacies were throwing trash into open dumpsters that contained pill bottles with patient names, addresses, prescribing physicians’ names, medication and dosages; medication instruction sheets with personal information; computer order information from the pharmacies, including consumers’ personal information; employment applications, including social security numbers; payroll information; and credit card and insurance card information, including, in some cases, account numbers and driver’s license numbers. At the same time, HHS opened its investigation into the pharmacies’ disposal of health information protected by HIPAA. The FTC and HHS coordinated their investigations and settlements.
The FTC’s complaint charges that CVS Caremark failed to implement reasonable and appropriate procedures for handling personal information about customers and employees, in violation of federal laws. In particular, according to the complaint, CVS Caremark did not implement reasonable policies and procedures to dispose securely of personal information, did not adequately train employees, did not use reasonable measures to assess compliance with its policies and procedures for disposing of personal information, and did not employ a reasonable process for discovering and remedying risks to personal information.
CVS Caremark made claims such as “CVS/pharmacy wants you to know that nothing is more central to our operations than maintaining the privacy of your health information.” The FTC alleged that the claim was deceptive and that CVS Caremark’s security practices also were unfair. Unfair and deceptive practices violate the FTC Act.
The FTC order requires CVS Caremark to establish, implement, and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of the personal information it collects from consumers and employees. It also requires the company to obtain, every two years for the next 20 years, an audit from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order. CVS Caremark will be subject to standard record-keeping and reporting provisions to allow the FTC to monitor compliance. Finally, the settlement bars future misrepresentations of the company’s security practices.
The HHS settlement requires CVS pharmacies to establish and implement policies and procedures for disposing of protected health information, implement a training program for handling and disposing of such patient information, conduct internal monitoring, and engage an outside independent assessor to evaluate compliance for three years. CVS also will pay HHS $2.25 million to settle the matter http://www.hhs.gov/news/press/2009pres/02/20090218a.html.
The Commission vote to accept the proposed consent agreement was 4-0. The FTC will publish an announcement regarding the agreement in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 20, 2009, after which the Commission will decide whether to make it final. Comments should be addressed to the FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

FTC Releases List of Top Consumer Complaints in 2008

FTC Releases List of Top Consumer Complaints in 2008 The Federal Trade Commission today released the list of top consumer complaints received by the agency in 2008. The list, contained in the publication “Consumer Sentinel Network Data Book for January-December 2008,” showed that for the ninth year in a row, identity theft was the number one consumer complaint category. Of 1,223,370 complaints received in 2008, 313,982 – or 26 percent – were related to identity theft.
The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints.  In addition, the report sets forth the 50 metropolitan areas reporting the highest incidence of identity theft.
The report states that credit card fraud was the most common form of reported identity theft at 20 percent, followed by government documents/benefits fraud at 15 percent, employment fraud at 15 percent, phone or utilities fraud at 13 percent, bank fraud at 11 percent and loan fraud at four percent.
The top 20 complaint categories were:

Rank	Category	Complaints	%
1	Identity Theft	313,982	26
2	Third Party and Creditor Debt Collection	104,642	9
3	Shop-at-Home and Catalog Sales	52,615	4
4	Internet Services	52,102	4
5	Foreign Money Offers and Counterfeit Check Scams	38,505	3
6	Credit Bureaus, Information Furnishers and Report Users	34,940	3
7	Prizes, Sweepstakes and Lotteries	33,340	3
8	Television and Electronic Media	25,930	2
9	Banks and Lenders	22,890	2
10	Telecom Equipment and Mobile Services	22,387	2
11	Computer Equipment and Software	21,442	2
12	Business Opportunities, Employment Agencies and Work-at-Home	20,286	2
13	Internet Auction	17,294	1
14	Advance-Fee Loans and Credit Protection/Repair	17,263	1
15	Health Care	16,275	1
16	Auto Related Complaints	14,278	1
17	Travel, Vacations and Timeshare Plans	13,200	1
18	Credit Cards	13,196	1
19	Magazines and Buyers Clubs	10,188	1
20	Telephone Services	9,300	1

Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!