Garages and dealerships: how to prevent fraud and theft

The most common types of fraud and theft

A garage or dealership includes several departments and teams but, above all, it has a lot of assets. Vehicles, parts, data... Everything is a potential target. Here is an overview of the most common threats in the automotive sector, with concrete examples of how to prevent them.

Theft of vehicles or parts: a very real risk

Every year, vehicles are stolen directly from dealerships.

These thefts often occur between preparation and delivery, when the vehicle is parked outside with little supervision.

Some criminals even use a customer's licence plate to drive away with a stolen vehicle.

Watch out for electronic key copies! Store electronic keys in boxes that block radio waves.

Theft of parts or accessories is also common, especially when inventory levels are high or storage areas are accessible to multiple employees.

Fraudulent payments and false claims: fraud that can be difficult to detect

There are many attempts at financial fraud in the automotive industry.

For example, some fraudsters manage to cash forged cheques or have vehicles delivered to them using fake identities.

Others manipulate insurance claims to inflate the amounts they obtain, or pose as legitimate suppliers to have false invoices paid.

In all cases, thorough validation of payments, identities and documents is essential to limit risks.

When the threat comes from within

The majority of employees are trustworthy, but it only takes one action from a bad apple to harm the company.

Some employees take advantage of their access to steal parts, embezzle cash or log fictitious working hours.

These losses may seem minor at first, but they quickly add up. Implementing monitoring mechanisms, such as cross-checks or regular inventories, can help prevent abuse.

Cyberfraud: increasingly targeted attacks

With the digitization of operations, cyberattacks are on the rise.

Phishing emails are becoming increasingly credible. It’s not uncommon to see a message, claiming to be sent by the CEO, requesting an urgent transfer or payment of an unusual invoice.

Other attacks, such as ransomware, can block all computer systems until a ransom is paid. A poorly protected customer database can also be hacked, exposing sensitive information.

It’s vital to raise awareness among staff and constantly update your digital protection.

Preventing vehicle theft: robust and well-established measures

Vehicle theft can result in significant financial losses, not to mention the impact on your operations and reputation. Fortunately, there are several practices that can reduce these risks. Here’s an overview of the measures implemented by some dealerships to protect their vehicle fleets.

Securing the premises at all times

Surveillance begins outside. Cameras cover 100% of the premises, including the sales area, workshops and car parks. The cameras record so the images can be consulted in case of doubt.

Outside business hours, security guards can intervene as soon as an intruder is detected in the yard. In addition, all vehicles are parked inside a fenced perimeter or protected by bollards or rocks, depending on the location.

Rare or high-value vehicles are stored inside. Models that are more targeted by thieves are locked or equipped with a steering wheel lock. Certain components of the ignition system are also removed or deactivated. Several vehicles are equipped with a recognized tracking system or an OBD protector.

Protecting keys at every stage

Keys are never left unattended. They’re stored in secure panels that are not accessible to customers. These panels are also protected against radio waves.

Each test drive is supervised by an advisor. The keys are then placed in a Faraday-type pouch to block any signals. When they’re returned, they’re systematically returned to their designated place. A PIN code management system can identify who has a key at any given time.

This thorough approach also applies to routine tasks such as preparation, reorganization of the grounds and snow removal. Each time, the keys are tracked and quickly replaced.

Verify identity and keep a record

The sales stage is also critical. Before signing a contract, customers' identities are verified using at least two official documents. This verification helps to detect attempts at identity theft or fraudulent purchases.

All vehicles received are subject to a Carfax (This hyperlink will open in a new tab) report to ensure their history and detect any irregularities. The inventory is also reviewed monthly to quickly identify any discrepancies.

Stay alert, every day

The best protection is often the vigilance of the teams. This is why some dealerships have implemented a checklist for their staff to follow. This simple routine ensures that security measures are fully integrated into daily operations.

Fraud prevention: thoroughness and vigilance at all levels

Fraud can take many forms: suspicious payments, identity theft, unauthorized transfer attempts and document tampering. To protect themselves, several dealerships have strengthened their control practices.

Verify payments, without exception

Certified cheques and bank drafts are systematically verified before being accepted. This step helps to avoid false documents or unavailable funds.

In addition, all significant financial transactions (such as transfers or disbursements of more than $10,000) require the authorization of at least two people. Double-checking reduces the risk of error or internal fraud.

Confirm customer identity from start to finish

Identity validation is an essential step in the sales process. Two pieces of official identification are required. The name, address, photo, date of birth and signatures are compared to the sales documents.

This verification is also carried out at the time of delivery by a member of the team. It confirms that the right vehicle is being delivered to the right person and prevents identity theft.

Teams are also advised to be even more vigilant in certain situations, such as:

• Quick purchases, without negotiation
• Requests for remote delivery
• Online purchases without a physical visit
• Refusal to provide identification
• No test drive request

These behaviours, even in isolation, may indicate an attempt at fraud.

Train teams to recognize warning signs.

Fraud is not always obvious. That’s why employees receive training on the main phishing methods, particularly via email.

Messages that appear to come from an owner requesting urgent payment or access should always be verified by another means. This vigilance helps prevent transfers to fraudulent accounts.

Finally, new employees' criminal records are checked during the hiring process. Make sure that the person does not have a record that could compromise the security of operations.

Prevention against cyberattacks: insurance to the rescue

Insurance against cyberattacks can play a key role in protecting your organization.

It’s important to check whether your coverage:

• Covers cyberattacks
• Is up to date according to your actual needs
• Takes into account your current risks

And what about insurance?

Does your basic commercial insurance policy protect you in such circumstances? Not necessarily. To find out, check with your insurer to see if your business is protected against property theft, fraud (internal and external) and cyberrisks. They can also provide the amounts covered, the deductible and any exclusions.