If you don’t maintain a file where you store away little nuggets of information that could come in very handy someday, you should create one. And the first thing you should stick in that file is a copy of this article.
With identity theft on the rise, dealers and consumers alike are more attuned to situations in which impostors pose as legitimate credit customers in an effort to bilk consumers, the businesses with which they deal, or both. Dealers are supposed to have a “Red Flags” policy to help detect such situations, and consumers whose identities are stolen are quick to seek redress.
So what happens when an impostor shows up at your dealership posing as Joe Customer and applying for credit in Joe’s name? The first thing that happens is that you’ll pull a credit report on Joe Customer.
But wait a minute. You don’t have Joe Customer’s permission to pull that report. Does that expose you to liability to Joe for having done so? A recent, very instructive case provides some answers.
Dickley and Bickley
A woman who identified herself as Gregina Dickley attempted to open a Dish Network account through American Satellite using the Social Security number of Gregory Bickley. American Satellite entered Dickley’s name and Bickley’s SSN into an interface that connects to three credit reporting agencies and received a “Declined No Hit” response as well as a Decision Detail Report.
American Satellite then declined Dickley’s attempt to open an account. Several weeks later, the real Gregory Bickley received his credit report, which indicated that Dish had made an inquiry under his name, and Dish contacted Bickley to inform him that someone attempted to open an account in his name.
Evidently Bickley wasn’t so grateful to Dish for fending off the impostor, because a year later, Bickley sued Dish for violating the federal Fair Credit Reporting Act (FCRA) by requesting and using his credit report without a permissible purpose. The trial court granted summary judgment for Dish, and the U.S. Court of Appeals for the Sixth Circuit affirmed.
After determining that there was sufficient evidence that Dish used or obtained a consumer report, the appellate court agreed with the trial court that Dish did not use the report without a permissible purpose. The appellate court found that Dish had a legitimate business need for the information in order to verify the identity and qualification of the caller requesting its satellite television service.
Acting in Good Faith
In perhaps a surprising bit of analysis, the appellate court found that the consumer report was in connection with a business transaction initiated by Bickley because a consumer initiated the transaction and Dish believed in good faith that Bickley was that consumer. Moreover, the court noted that Dish should not be held liable for conduct that prevented Bickley from becoming the victim of identity theft.
One of the “urban myths” in the auto finance business is that the FCRA requires that a potential creditor obtain the written permission of a credit applicant before the creditor pulls a credit report on the applicant. That is not the case. The creditor needs only a “permissible purpose” to pull the credit report, and a permissible purpose does not necessarily require the applicant’s signature. Getting the applicant’s signature before pulling a credit report is a best practice, to be sure, and dealers need to make sure there isn’t a state law requirement that imposes the “written authorization” requirement, but the FCRA itself doesn’t impose that requirement.
There’s no assurance that every court addressing this set of facts would rule the way this court did. Still, it’s comforting to see that at least this court is unwilling to punish a creditor that requests a credit report as part of its identity theft prevention program.
So take your scissors out and clip this article out. Then drop it into your new file. It might well come in handy some day.
Thomas B. Hudson is a partner in the firm of Hudson Cook LLP and the author of several widely read compliance manuals. ©CounselorLibrary.com 2014, all rights reserved. Based on an article from Spot Delivery. Single print publication rights only, to Auto Dealer Monthly. HC#4830-7326-5436 (7/14). THudson@AutoDealerMonthly.com