In my last post I wrote about what pops into an auto dealer's head when you say "Special Finance." For some car dealers, this category of financing is too troublesome to bother with. For others, this is all they do.

Let's take a closer look at how putting together a financing deal for a Special Finance or subprime customer differs from financing for a prime consumer.

I sat down with one of our dealer relationship managers, Nicole Diamond, to get her take on the differences. For those of you who don't know her, before she came to us she put in 16+ years in finance, including supporting car dealers with prime and subprime lending for SunTrust Bank. So she knows the deal.

What it really boils down to is risk - for the dealership and for the bank. A dealer has to look at a combination of factors when reviewing a special finance loan application in order to ensure that it's a good deal for them, including:

• Employment & Income
• Beacon Score
• Downpayment
• Stability

Underlying all of that analysis is the people element - dealers have to have good relationships with their lenders in order to get some of these deals done. Lenders have requirements for risk that they have to meet, and they manage their portfolios based on serving their dealer client base and limiting their exposure on the downside. Only a certain percentage of their lienholdings can be outside of the Prime category of credit.

By building a good relationship with their lender based on trust, dealers can get their financing packages turned around more quickly. Dealers that have earned a lender's trust by bringing them good customers also enjoy a little more flexibility when it comes to getting their Special Finance deals done.

This element is key in the Special Finance world, which is a far cry from the cut-and-dried Prime lending world.

I've just scratched the surface on this topic, and you can already see how complex this kind of lending is. And having a kind of lending support system in place is crucial to running a successful Special Finance department.

Continuing on in this series, we'll look at some of the other aspects necessary to working in Special Finance. Watch this space.

In the meantime, feel free to hit us up with any questions via Twitter at @carloanco. Look forward to hearing from you.

In my last post I wrote about what pops into an auto dealer's head when you say "Special Finance." For some car dealers, this category of financing is too troublesome to bother with. For others, this is all they do.

Let's take a closer look at how putting together a financing deal for a Special Finance or subprime customer differs from financing for a prime consumer.

I sat down with one of our dealer relationship managers, Nicole Diamond, to get her take on the differences. For those of you who don't know her, before she came to us she put in 16+ years in finance, including supporting car dealers with prime and subprime lending for SunTrust Bank. So she knows the deal.

What it really boils down to is risk - for the dealership and for the bank. A dealer has to look at a combination of factors when reviewing a special finance loan application in order to ensure that it's a good deal for them, including:

• Employment & Income
• Beacon Score
• Downpayment
• Stability

Underlying all of that analysis is the people element - dealers have to have good relationships with their lenders in order to get some of these deals done. Lenders have requirements for risk that they have to meet, and they manage their portfolios based on serving their dealer client base and limiting their exposure on the downside. Only a certain percentage of their lienholdings can be outside of the Prime category of credit.

By building a good relationship with their lender based on trust, dealers can get their financing packages turned around more quickly. Dealers that have earned a lender's trust by bringing them good customers also enjoy a little more flexibility when it comes to getting their Special Finance deals done.

This element is key in the Special Finance world, which is a far cry from the cut-and-dried Prime lending world.

I've just scratched the surface on this topic, and you can already see how complex this kind of lending is. And having a kind of lending support system in place is crucial to running a successful Special Finance department.

Continuing on in this series, we'll look at some of the other aspects necessary to working in Special Finance. Watch this space.

In the meantime, feel free to hit us up with any questions via Twitter at @carloanco. Look forward to hearing from you.

Last week we took a look at best practices for handling consumer data offline. This week, we're taking a closer look at online practices.

Remember, always consult your lawyer when working with consumer data -- we've got best practices for you and your best interests at heart, but they're the ones who will make sure you've got all the legal questions covered.

On we go!

Privacy Policy

As thrilling as it is to watch you dealers migrate your store marketing to the web, there are still some places where you need to do your homework. Featuring a privacy policy on your website is one of them. (Wrote about this recently, too.)

If you’ve been paying attention, you know that you need a privacy policy if you’re collecting consumer information. The U.S. federal government requires that you describe what you’re gathering and why, and how it will be used. Your website visitors also need to be able to find it easily, which means it needs to be linked on each page and featured prominently on any of your contact forms.

Here’s a sample of what one looks like: this is the policy we have developed to use with our network of websites that car buyers use to apply for financing. Since they’re filling out a full application, including employment information and SSN, we have to be sure that we make clear what our intentions are for the information they’re sharing.

We spent a lot of time with our legal team developing this policy, which includes clear language describing what we do, why we do it, and how. It also gives the consumer the opportunity to limit how we share information, or to opt out of the process altogether. This is especially important to ensure compliance with federal regulations governing the use of the data - similar to CAN-SPAM on the email front.

This policy also addresses some specific questions the consumer might have, such as “How does [company] protect my personal information?” and “Why can’t I limit all sharing?” These are important considerations that a savvy potential customer will take a look at before deciding to share their sensitive data.

It should be noted that you can't just crib the privacy policy we've shared here - you need to work directly with legal counsel well-versed in these laws in order to develop your own.  If you copy someone else’s and run into legal trouble, you will have no recourse if you haven’t dotted your “i”s and crossed your “t”s.

Security

After you put together your privacy policy to describe how you’re going to handle their data, you need to make sure that the method you’re using to capture that information is completely secure.

If you’re using a financial application on your dealership website, you need to make sure that it is using encryption technology to protect the bits and bytes that are moving through your system.

You’d be surprised how many dealers’ websites have financial applications - including those built by some reputable website providers - that are written in unencrypted HTML and do not include “https://” in the URL. That means that the information is wide open. If you’ve got someone on your website who knows anything about data leaks on the Internet, they will not submit their application if they recognize that it’s not being protected.

If you're using a website provider, ask them whether the data is secure, and how. If you don’t hear terms like “SSL”, “site certificate” and “encryption” as part of the conversation, you are not getting the best tool for collecting consumer information from your website visitors.

Take a look at our flagship consumer finance site, Carloan.com, as an example. When you hit the home page, we feature trust symbols from the Better Business Bureau and security services industry leader Network Solutions. When you click through to our finance application, you will immediately notice the “locked” symbol in the URL and “https://” as part of the address string. All of these elements -- and a strong domain name -- help to make it the best-performing consumer finance site in our network.

We also offer our expertise to the members of the Carloan.com Dealer Network, in the form of a customizable application. No muss, no fuss - we can create a secure financial application using your dealership’s branding that you can then use in conjunction with your website, regardless of who built your website and where it is hosted.

Consumer Consent Part II

You might not expect to see this again under online best practices, but think about it from their perspective. If a consumer is not actively engaged with you and sees a hard credit pull on their report - and many of them will - they will interpret that as a fraudulent action on your part and potentially sue your dealership. As far as they know, their financial information has been compromised, and you are responsible. Might sound far-fetched, but we’ve seen it happen.

That makes it worth mentioning again.

You have a legal and moral obligation to make sure that your prospects are aware when you are acting in a way that can potentially affect their credit. Period.

Conclusion

It is entirely up to you to make sure that you're on the right side of the law and tenaciously guarding this sensitive information.  Most of the dealers we see out there are using these best practices, which is great. It’s the bad actors that make it tough for the rest of us.

When you follow these best practices, you are ensuring the safety and security of sensitive personal information for your customers. Put a consistent process in place for handling consumer data, both offline and online. Protect your store and your customers.

If you treat them well, these consumers will expand your business by referring their friends and returning to buy more cars from you. Treat them poorly, and you can expect them to talk to their lawyers.

Be sure to speak to yours when you're setting up to ensure that you're following the letter of the law.

Last week we took a look at best practices for handling consumer data offline. This week, we're taking a closer look at online practices.

Remember, always consult your lawyer when working with consumer data -- we've got best practices for you and your best interests at heart, but they're the ones who will make sure you've got all the legal questions covered.

On we go!

Privacy Policy

As thrilling as it is to watch you dealers migrate your store marketing to the web, there are still some places where you need to do your homework. Featuring a privacy policy on your website is one of them. (Wrote about this recently, too.)

If you’ve been paying attention, you know that you need a privacy policy if you’re collecting consumer information. The U.S. federal government requires that you describe what you’re gathering and why, and how it will be used. Your website visitors also need to be able to find it easily, which means it needs to be linked on each page and featured prominently on any of your contact forms.

Here’s a sample of what one looks like: this is the policy we have developed to use with our network of websites that car buyers use to apply for financing. Since they’re filling out a full application, including employment information and SSN, we have to be sure that we make clear what our intentions are for the information they’re sharing.

We spent a lot of time with our legal team developing this policy, which includes clear language describing what we do, why we do it, and how. It also gives the consumer the opportunity to limit how we share information, or to opt out of the process altogether. This is especially important to ensure compliance with federal regulations governing the use of the data - similar to CAN-SPAM on the email front.

This policy also addresses some specific questions the consumer might have, such as “How does [company] protect my personal information?” and “Why can’t I limit all sharing?” These are important considerations that a savvy potential customer will take a look at before deciding to share their sensitive data.

It should be noted that you can't just crib the privacy policy we've shared here - you need to work directly with legal counsel well-versed in these laws in order to develop your own.  If you copy someone else’s and run into legal trouble, you will have no recourse if you haven’t dotted your “i”s and crossed your “t”s.

Security

After you put together your privacy policy to describe how you’re going to handle their data, you need to make sure that the method you’re using to capture that information is completely secure.

If you’re using a financial application on your dealership website, you need to make sure that it is using encryption technology to protect the bits and bytes that are moving through your system.

You’d be surprised how many dealers’ websites have financial applications - including those built by some reputable website providers - that are written in unencrypted HTML and do not include “https://” in the URL. That means that the information is wide open. If you’ve got someone on your website who knows anything about data leaks on the Internet, they will not submit their application if they recognize that it’s not being protected.

If you're using a website provider, ask them whether the data is secure, and how. If you don’t hear terms like “SSL”, “site certificate” and “encryption” as part of the conversation, you are not getting the best tool for collecting consumer information from your website visitors.

Take a look at our flagship consumer finance site, Carloan.com, as an example. When you hit the home page, we feature trust symbols from the Better Business Bureau and security services industry leader Network Solutions. When you click through to our finance application, you will immediately notice the “locked” symbol in the URL and “https://” as part of the address string. All of these elements -- and a strong domain name -- help to make it the best-performing consumer finance site in our network.

We also offer our expertise to the members of the Carloan.com Dealer Network, in the form of a customizable application. No muss, no fuss - we can create a secure financial application using your dealership’s branding that you can then use in conjunction with your website, regardless of who built your website and where it is hosted.

Consumer Consent Part II

You might not expect to see this again under online best practices, but think about it from their perspective. If a consumer is not actively engaged with you and sees a hard credit pull on their report - and many of them will - they will interpret that as a fraudulent action on your part and potentially sue your dealership. As far as they know, their financial information has been compromised, and you are responsible. Might sound far-fetched, but we’ve seen it happen.

That makes it worth mentioning again.

You have a legal and moral obligation to make sure that your prospects are aware when you are acting in a way that can potentially affect their credit. Period.

Conclusion

It is entirely up to you to make sure that you're on the right side of the law and tenaciously guarding this sensitive information.  Most of the dealers we see out there are using these best practices, which is great. It’s the bad actors that make it tough for the rest of us.

When you follow these best practices, you are ensuring the safety and security of sensitive personal information for your customers. Put a consistent process in place for handling consumer data, both offline and online. Protect your store and your customers.

If you treat them well, these consumers will expand your business by referring their friends and returning to buy more cars from you. Treat them poorly, and you can expect them to talk to their lawyers.

Be sure to speak to yours when you're setting up to ensure that you're following the letter of the law.

Continuing with our Consumer Privacy Awareness theme, I want to take a step back and go back to the basics. What do I mean when I talk about "compliance" when it comes to consumer privacy?

When you applied for your state license to sell cars, many aspects of consumer protection were explained in the requirements for doing business. You and your legal team have reviewed the appropriate statutes and structured your store to follow the letter of the law and safeguard your customers’ personal information.

When looking at consumer privacy considerations for your dealership, there are two primary categories to take into account: how the information will be handled offline, and how it will be protected online.

In this post, we'll take a closer look at offline best practices.

[Note: this content is not intended to replace legal counsel from your compliance attorney - rather to get you to revisit how you're operating. If you have serious questions, contact the guys who get paid to keep up with this stuff.]

Store policies and enforcement

The overriding structure for all of these best practices is your store’s policy for handling sensitive customer data, and the requirements you put in place to ensure that the rules are being followed.

Here are the building blocks for putting together an effective system to manage consumer data properly and protect your dealership:

1)     Define sensitive information -  Government regulations provide guidelines on this topic, and you need to give your employees explicit instructions on how it applies to your store. For example: what besides the social security number (SSN) – which should be a given -- do you guard with your life? Does the definition include last names or mailing addresses?

2)     Secure all personal consumer information-   Here’s the best advice: treat the customer’s information as if it was your own. Would you like your SSN lying around on a desk or open on a computer screen? Make it easy for your team to lock it down -- set computers to automatically lock their desktops after a set period of inactivity, and provide locked areas for hard copy storage.

3)     Design an audit process -  Whatever system you use to protect your consumer data, make sure that it is checked regularly for leaks and loopholes. If one of your employees is using the information improperly or being negligent, you need to know before it develops into a legal problem.

4)     Screen potential employees -  Make sure that you do a thorough reference and background check for anyone that you hire to work your finance process. You are putting them in a key position in your dealership, and they can represent a significant vulnerability if they don’t repay your trust.

Data Handling

Be selective about how you receive and handle consumer information. If you are working with financing applications online and submitting to lenders electronically, there’s almost no reason for you to print out an application with sensitive data on it. If you absolutely have to have a hard copy, be sure to use a permanent marker to obscure the SSN and do not leave these documents out on your desk.

The same with faxes - always black out the SSN completely and turn off fax machines after hours to prevent an accidental data leak. Fax machines and email are two of the most vulnerable methods of delivery, which means you need to avoid them when you can.

If faxes and email are a necessary part of your day-to-day operations, always think “safety first” and conceal the SSN.  If you need to send the application to your lender via fax, be sure to do it only during business hours when they are expecting it -- and confirm receipt.

Data Disposal

This is a critical facet of data handling - important enough to merit its own highlight.

Keep in mind that consumer data is not only security-sensitive but time-sensitive. If they have provided it to you, they are expecting you to use it and dispose of it quickly. It is intended for use in processing their loan application and completing their purchase. Period.

The best method of disposal for hard copy records is shredding. Whether through a business-grade shredder in your store office or a secure shredding service, you must destroy the physical copies of these records in order to keep the consumer’s personal information secure.

If for some reason you are legally required to hold on to hard copies of your purchase agreements beyond the initial purchase period, it is your responsibility to ensure that they are held in a secure location. They should be under lock and key whether they are stored on site or offsite. If you choose to store this information offsite, there are trusted and reputable vendors that can mitigate your risk of a leak.

Consumer Consent

The number one issue we see car dealers running into is consumer consent - you can see my recent post about it here. It is far too easy to simply do a hard credit pull against an application, regardless of whether the consumer is aware that you are running a credit check. You have an ethical responsibility to inform customers when impacting their credit history. Audit your business operations and enforce this practice with your staff.

By getting consumer consent - ideally when they’re already sitting down with you - you protect yourself on two fronts: on the consumer side and on the credit bureau side. Remember, these credit inquiries are traceable back to your business -- we’ve seen consumers track down and sue dealerships who they felt used their information fraudulently. Make sure that your store’s policies around handling credit checks are consumer-friendly.

From the credit bureau perspective, you’re not only running up your own bureau fees unnecessarily, you’re also generating trigger leads. If you didn’t already know, once you’ve pulled credit on a given consumer, the credit bureau then has the legal right to resell that information to subscribers who have signed up to purchase that information as it becomes available. Your store may even be one of the data customers buying this information.

All of which means that unless this particular consumer is already in your store, you’ve probably just sent them off as a potential prospect to other dealerships in your backyard. You’ve just given your competition a chance to work the lead before you’ve even started your sales process.

If that's not a good reason to stop doing it, I don't know know what is.

Hopefully I've given you some food for thought when it comes to managing your customer's personal information offline. Tune in next week when I pull together best practices for handling it online.

In the meantime, take a look around your store and ask yourself: do I have any gaps in my finance process that might compromise my customers?

Continuing with our Consumer Privacy Awareness theme, I want to take a step back and go back to the basics. What do I mean when I talk about "compliance" when it comes to consumer privacy?

When you applied for your state license to sell cars, many aspects of consumer protection were explained in the requirements for doing business. You and your legal team have reviewed the appropriate statutes and structured your store to follow the letter of the law and safeguard your customers’ personal information.

When looking at consumer privacy considerations for your dealership, there are two primary categories to take into account: how the information will be handled offline, and how it will be protected online.

In this post, we'll take a closer look at offline best practices.

[Note: this content is not intended to replace legal counsel from your compliance attorney - rather to get you to revisit how you're operating. If you have serious questions, contact the guys who get paid to keep up with this stuff.]

Store policies and enforcement

The overriding structure for all of these best practices is your store’s policy for handling sensitive customer data, and the requirements you put in place to ensure that the rules are being followed.

Here are the building blocks for putting together an effective system to manage consumer data properly and protect your dealership:

1)     Define sensitive information -  Government regulations provide guidelines on this topic, and you need to give your employees explicit instructions on how it applies to your store. For example: what besides the social security number (SSN) – which should be a given -- do you guard with your life? Does the definition include last names or mailing addresses?

2)     Secure all personal consumer information-   Here’s the best advice: treat the customer’s information as if it was your own. Would you like your SSN lying around on a desk or open on a computer screen? Make it easy for your team to lock it down -- set computers to automatically lock their desktops after a set period of inactivity, and provide locked areas for hard copy storage.

3)     Design an audit process -  Whatever system you use to protect your consumer data, make sure that it is checked regularly for leaks and loopholes. If one of your employees is using the information improperly or being negligent, you need to know before it develops into a legal problem.

4)     Screen potential employees -  Make sure that you do a thorough reference and background check for anyone that you hire to work your finance process. You are putting them in a key position in your dealership, and they can represent a significant vulnerability if they don’t repay your trust.

Data Handling

Be selective about how you receive and handle consumer information. If you are working with financing applications online and submitting to lenders electronically, there’s almost no reason for you to print out an application with sensitive data on it. If you absolutely have to have a hard copy, be sure to use a permanent marker to obscure the SSN and do not leave these documents out on your desk.

The same with faxes - always black out the SSN completely and turn off fax machines after hours to prevent an accidental data leak. Fax machines and email are two of the most vulnerable methods of delivery, which means you need to avoid them when you can.

If faxes and email are a necessary part of your day-to-day operations, always think “safety first” and conceal the SSN.  If you need to send the application to your lender via fax, be sure to do it only during business hours when they are expecting it -- and confirm receipt.

Data Disposal

This is a critical facet of data handling - important enough to merit its own highlight.

Keep in mind that consumer data is not only security-sensitive but time-sensitive. If they have provided it to you, they are expecting you to use it and dispose of it quickly. It is intended for use in processing their loan application and completing their purchase. Period.

The best method of disposal for hard copy records is shredding. Whether through a business-grade shredder in your store office or a secure shredding service, you must destroy the physical copies of these records in order to keep the consumer’s personal information secure.

If for some reason you are legally required to hold on to hard copies of your purchase agreements beyond the initial purchase period, it is your responsibility to ensure that they are held in a secure location. They should be under lock and key whether they are stored on site or offsite. If you choose to store this information offsite, there are trusted and reputable vendors that can mitigate your risk of a leak.

Consumer Consent

The number one issue we see car dealers running into is consumer consent - you can see my recent post about it here. It is far too easy to simply do a hard credit pull against an application, regardless of whether the consumer is aware that you are running a credit check. You have an ethical responsibility to inform customers when impacting their credit history. Audit your business operations and enforce this practice with your staff.

By getting consumer consent - ideally when they’re already sitting down with you - you protect yourself on two fronts: on the consumer side and on the credit bureau side. Remember, these credit inquiries are traceable back to your business -- we’ve seen consumers track down and sue dealerships who they felt used their information fraudulently. Make sure that your store’s policies around handling credit checks are consumer-friendly.

From the credit bureau perspective, you’re not only running up your own bureau fees unnecessarily, you’re also generating trigger leads. If you didn’t already know, once you’ve pulled credit on a given consumer, the credit bureau then has the legal right to resell that information to subscribers who have signed up to purchase that information as it becomes available. Your store may even be one of the data customers buying this information.

All of which means that unless this particular consumer is already in your store, you’ve probably just sent them off as a potential prospect to other dealerships in your backyard. You’ve just given your competition a chance to work the lead before you’ve even started your sales process.

If that's not a good reason to stop doing it, I don't know know what is.

Hopefully I've given you some food for thought when it comes to managing your customer's personal information offline. Tune in next week when I pull together best practices for handling it online.

In the meantime, take a look around your store and ask yourself: do I have any gaps in my finance process that might compromise my customers?

I opened this topic a couple of weeks ago when I wrote a blog post to remind you that you should never pu

ll a consumer's credit without their permission.

That post led me to think about one of our evergreen subjects here at Carloan.com -- consumer privacy.

Think about how the process of financing a car works in your dealership. Throughout the steps of the process, how do you handle the consumer's sensitive personal information? Are there any ways you might be inadvertently putting their identities or even their financial future at risk?

That applies not just in your store, but on your website, too.

Fortunately for you, we've got some great posts in the blog archives to give you some food for thought:

• Get Up to Speed -- Protect Online Consumer Privacy Now!
• Tips on Keeping It Private

We'll be exploring some more best practices around consumer privacy in posts to come. In the meantime, you can check out the privacy policy we use on our primary consumer site, Carloan.com, to see how it's done.

What does your privacy policy look like? You do have one, right?

I opened this topic a couple of weeks ago when I wrote a blog post to remind you that you should never pu

ll a consumer's credit without their permission.

That post led me to think about one of our evergreen subjects here at Carloan.com -- consumer privacy.

Think about how the process of financing a car works in your dealership. Throughout the steps of the process, how do you handle the consumer's sensitive personal information? Are there any ways you might be inadvertently putting their identities or even their financial future at risk?

That applies not just in your store, but on your website, too.

Fortunately for you, we've got some great posts in the blog archives to give you some food for thought:

• Get Up to Speed -- Protect Online Consumer Privacy Now!
• Tips on Keeping It Private

We'll be exploring some more best practices around consumer privacy in posts to come. In the meantime, you can check out the privacy policy we use on our primary consumer site, Carloan.com, to see how it's done.

What does your privacy policy look like? You do have one, right?

Here at Carloan.com, we live at the interesting intersection between the consumer experience with automotive online marketing and the way that dealers work with those consumers who raise their hands.

That means that we've not only seen enough over the years to put together best practices for dealers, we've fielded our fair share of consumer complaints. People who've applied for a loan at Carloan.com but didn't talk to a dealer before a hard credit pull hit their credit report.

Big no-no.

Besides "make contact quickly" and "sell the appointment", the best thing you can do is "don't pull credit first."

Think about it from the consumer's perspective. If they are not actively engaged with you and see a hard credit pull on their report with your dealership's name on it – and many of them will – they will interpret that as a fraudulent action on your part and potentially sue you. As far as they know, their finance application was compromised, and you are responsible.  

Might sound far-fetched, but we’ve seen it happen.

Protect yourselves -- make sure you have a process in place and your staff is trained...and then keep an eye on it.

What are you doing right now to ensure that your team is handling consumer information properly?

Here at Carloan.com, we live at the interesting intersection between the consumer experience with automotive online marketing and the way that dealers work with those consumers who raise their hands.

That means that we've not only seen enough over the years to put together best practices for dealers, we've fielded our fair share of consumer complaints. People who've applied for a loan at Carloan.com but didn't talk to a dealer before a hard credit pull hit their credit report.

Big no-no.

Besides "make contact quickly" and "sell the appointment", the best thing you can do is "don't pull credit first."

Think about it from the consumer's perspective. If they are not actively engaged with you and see a hard credit pull on their report with your dealership's name on it – and many of them will – they will interpret that as a fraudulent action on your part and potentially sue you. As far as they know, their finance application was compromised, and you are responsible.  

Might sound far-fetched, but we’ve seen it happen.

Protect yourselves -- make sure you have a process in place and your staff is trained...and then keep an eye on it.

What are you doing right now to ensure that your team is handling consumer information properly?