Texas auto dealerships should be on the lookout for these two men, who have stolen 19 cars worth $750 thousand from three Houston dealers:

Benigno “Benny” Diaz, 49, and Jorge Demichelli, 59, sought employment at the dealerships and used false information to obtain credit and/or property from the dealerships.

We’re familiar with this scam since a similar incident happened to one of our customers before they hired us.  The thief was hired as a salesperson at the dealership.  His accomplices came to the store and provided data from stolen identities.  The “salesman” would fill out the credit app for them, get a blurry photocopy of the stolen ID, and generally run interference for the “customer” so nobody else at the dealership would look too closely at the customer or the ID data.  The dealership had no indication anything was amiss until they received notification from the banks that the first payments had not been made.  When the dealership started to connect the dots, the “salesman” disappeared.

Adding insult to injury, not only did the dealership lose the inventory, but they paid the thief commissions on the “sales”.

When you create your Red Flags Program, you must take into account any previous experiences your dealership has had with identity theft.  Also, if you experience identity theft afterward, you must update the Program to reduce the likelihood of the same incident happening again.   For our customer, we recommended that they add a second ID check at closing, where F&I would examine the ID (not a copy) before handing over the keys.  We also recommended that they restrict spot deliveries and prohibit remote sales; the customer must show up at the dealership in person to complete the deal.

Finally, in the case of Diaz and Demichelli, the identity data they used was stolen from people in Puerto Rico.  Dealerships are obligated by the Address Discrepancy rule to have policies and procedures “to enable them to form a reasonable belief that the consumer report they’ve received relates to the consumer on whom they requested the report”.  In other words, when you pull a credit report, if the address the customer provides doesn’t match the address the credit bureau has on record, you should investigate further.

If the thieves gave Houston area addresses, the credit bureau would have flagged that to the dealership as an address discrepancy and the dealership should have requested  utility bills or other address data to verify the customer’s identity.  If the thieves gave the Puerto Rico addresses of their victims, the situation is a bit trickier; there is nothing wrong with selling cars to out of state customers, however F&I should have done a double take and investigated a bit further, especially if there were a sudden glut of “customers” from Puerto Rico.