A quick visit to the dealership for an oil change isn’t exactly the riskiest behavior someone can engage in. The routine procedure should do nothing more than keep the engine running well. But for some dealers, a common service visit can unknowingly expose customers to possible identity theft and fraud.

LifeLock reports that the ever-growing problem of identity theft affects more than 16 million Americans annually. It’s a common problem. And if you’re having trouble figuring out how an oil change and identity theft are connected, consider this scenario.

Jane brings her Dodge Durango into the dealership for routine maintenance. In the Express Lane, the technician prints out a parts request and heads to the parts desk. After grabbing the oil filter and charging out the oil, he heads back to the bay and tosses the parts request into the trash or a stack of scrap paper. All it contains is an RO number, VIN, the customer’s name, and address.

Harmless enough, right?

Someone with bad intentions gets their hands on a stack of these parts requests. Still no big deal since LifeLock says an identity can’t be stolen with just a name and address. But it can be to mine more information.

With a name and address, a fraudster could look up public information that may contain details they need to know to commit identity theft. Examples include phone numbers, marriage and divorce records, education records, employment history, and more. Social media can provide birthdays and employment info in seconds.

That can lead to thousands in legal bills, years of red flags, and untold hours of frustration and tears. All from a scrap piece of paper.

Guard Customer Data

Preventing the potential for customer data getting into the wrong hands is a relatively easy task for the service department. All it requires is putting documents into secure shredding bins rather than the garbage, and securely filing the important docs. Diligence is the tough thing to master.

Everyone handles much of the same information. Invoice reprints, repair orders, estimates, and parts requests all contain enough information to cause issues.

Service advisors must ensure all repair orders are kept securely out of sight during their day and correctly filed with all documents attached after the work is complete.

Cashiers should ensure invoices are kept out of reach and that any reprints or mistakes are disposed of in secure shredding.

Technicians and parts advisors should toss parts requests into secure bins as soon as is feasible.

If it has customer information, it’s sensitive information. If it was your information and you wouldn’t be comfortable having it get out, protect it as if it were your own.