Brave New Car Dealer: fingerprints required to buy a car?

Imagine you’ve gone through a multiple week process to purchase an automobile.

You know the drill. Research every feature, pick your color, then, it’s negotiations for purchase price and for trade-in. Everything is done and agreed-apon, and excited, you are ready to hand over the check and collect your new car.

But wait!

You are handed a slip of paper and told to mark your right thumbprint in a box. The paper says clearly that it’s a request, for your protection, and to prevent your identity theft.

When you politely decline, the dealership refuses to sell you the car.

This is precisely what happened to me today when I tried to purchase a new X3 at the South Bay BMW dealer in Torrance, California.

Let me restate: In order to buy a car, with cash, you must authorize the release of your official DMV-recorded thumbprint to the dealership. This is not a law, this is a “dealership policy.” More on that in a minute.

Taken completely by surprise by all this, my husband and I asked many questions about this process. We were told that the data would remain on file at the dealership for seven years. That this policy is in place to protect us. That there are many bad, bad people in the world, who commit fraud, and that by recording everybody’s fingerprints, they would be deterred from committing fraud.

We were unsatisfied with the answers, and we explained that we were not comfortable with this arbitrary demand for biometric data and if this was required, we would not buy the car.

The resident fat cat was phoned, taking our call from his vacation spot in Hawaii. He replied that the collection and storage of biometric data is his policy.

He would not make any exceptions. The sales staff was clearly paralyzed here – they’d spent time making this sale happen too.

“He pays our salary, and that’s his rule,” they said.

“Well, customers pay his salary, and if he keeps treating them like criminals, I can’t imagine he’ll be able to afford many more trips to Hawaii,” I replied.

I might as well have been talking to the carpet.

According to the staff, this is the process at all dealerships owned by the Hitchcock Automotive Resources Company. They’ve had this program in place for over three months, and only other one person has refused to go through with the sale. The implication was clear; policy had singlehandedly stopped a bad guy, right in his tracks.

One criminal, over three months. Hundreds of people hassled. Clearly the deterrent is working. Right?

We walked out of the dealership, but not before learning that none of my personal data which was copied and recorded would be returned to me or destroyed.

It’s going to be kept on file for 7 years. Policy, you see. It goes in the same file where they keep the fingerprints.

So now I’ve lost copies of my driver’s license, credit report (which was also run without my knowledge), and marriage certificate (a copy of which was required in order to process the sale under my new name).

When I looked all this up online, I found… nothing. How is this possible? This is the Internet. Hundreds of people find my website each week from looking for photographs of owl vomit. But somehow this bizarre infraction of personal privacy has gone totally undocumented.

Looking a little bit deeper, I came across SB 504, a bill introduced to the California Senate by San Jose-based Senator Elaine Alquist, on February 18 2005. It was created as an act “to add Section 11713.15 to the Vehicle Code, relating to dealers.”

In one of its earliest incarnations, SB 504 stated:

No dealer issued a license pursuant to this article shall sell
a vehicle without first obtaining the right thumbprint of the
purchaser and a photocopy of his or her valid form of identification

The bill was ultimately chartered into law, but not before everything related to car dealers was edited out. I’m no legislator, and I won’t pretend to understand this process, but in fact the final chartered version seems not to have anything to do with car dealers at all.

I resent the implication that I am somehow a less worthy customer, a potential criminal due to my refusal to provide my fingerprints to a private, non-government entity. But what I resent even more is that a private business has been somehow “entreated” to enact a bill that failed to make it through the California legislature in the first place. The bill failed, so who is pressuring these dealers to enact it, regardless of the law?

I asked the dealership if I could keep a copy of the fingerprint form. Here’s the text:

“As you are aware, there is a national problem of identity theft. Southern California formed a multi-jursidictional law enforcement group, the Taskforce for Regional Autotheft Protection (“TRAP”).

Car dealers (especially luxury car dealers) are one of the prime targets for identity and auto theft. For your protection from identity fraud, we are now requesting all of our clients who purchase or lease a vehicle, to provide a thumb print, along with a copy of their current Driver’s License.

We have learned from law enforcement officials that the requirement of a thumb print is deterring criminals who engage in identity theft. Law enforcement officials also recommend that the dealer retrieve a DMV Driver License record to verify all information. This information will be kept confidential.

We appreciate your assistance in helping Southern California and South Bay with this very serious problem.

X________________ X_____________
Customer’s Signature Date

Print Name

By signin (sic) this form, I authorize (insert dealership name) to run a DMV Driver License record to verify all information.

Please place right thumb print in the square.

Witnessed by (signature) Print Name


According to Google, there’s no such thing as the “Taskforce for Regional Autotheft Protection“. At least, not that’s been indexed yet.

Digging around in some of the other California police sites only brings up a few flacky ten year old press releases:

But looking a little further, there’s finally some recent and useful information from the LAPD, which leads to the nonprofit group NICB which is, as far as I can tell, an insurance lobbying group. And did they mention they’re not-for-profit? Because they are. Totally not-for-profit. Their report on how auto theft fraud is orchestrated (PDF) is fascinating reading, especially since it doesn’t ever mention a single thing about this kind of fraud, the kind that can be prevented by recording a thumbprint.

The dealership claimed that the fingerprinting was for my protection. To make sure I’m really who I say I am, and haven’t just stolen someone’s social security number.

But I don’t get it. How does that work? No one’s checking to make sure the fingerprint I leave matches the one on file with the DMV. There’s no forensics expert on staff. And I don’t have data on this but I feel pretty certain that any car thief worth his salt probably already has more than one set of prints on file.

My point: If I had wanted to steal a car today, I could have simply popped my thumbprint down, and driven off with the car. I could do that twenty times at twenty different dealerships, if I were so inclined. This system protects nothing. It’s no deterrent.

And what about the legality of all this? Frankly, it doesn’t sound like such a great situation for the car dealerships. Who’s pushing this? Is it coming from the LAPD? Or is it from NICB, that friendly you know, “not for profit, nope-no-profit here” group? Is someone strong-arming the dealers? Is there some financial incentive, cheaper insurance rates maybe? Maybe the participating dealers are just being good homeland citizens.

Dollar Rent-A-Car tried fingerprinting their customers for a while. They gave up after realizing that it had no effect on fraud or theft. Simply, treating your customers like felons is bad for business.

That’s exactly why I will not purchase a car from South Bay BMW & Mini. There’s no legislation that I know of to regulate how this kind of data must be kept or stored.

And while they were nice enough to give me a copy of the thumbprint letter, nobody could provide me with a clear company privacy statement that outlines exactly how this data will be handled.

I already use my fingerprint to unlock my laptop computer. In five years I may be using it to unlock my front door, or access my medical records. Last month, my personal data was stolen during the big UCLA database break-in. So, if this thumbprint thing is really my last remaining way to prove my identity, well, pardon me for not trusting your sales force with it.

In this kind of situation, your only option is to vote with your feet (and your wallet). Calling around to a few other dealers, I felt like a criminal simply by ASKING whether they intended to fingerprint me as part of their sales process. At the very first dealer I called, the receptionist said “We don’t believe in treating our customers like criminals.”

So maybe there’s still hope.


138 Responses to “Brave New Car Dealer: fingerprints required to buy a car?”

  1. lorna Says:

    Peter, thanks for your comment. I definitely have trouble when anyone says uses the word “request” to mean “required”.

    You’re right: I don’t get the point of the fingerprinting. I don’t see how it protects the dealer because it’s simply not a transaction that’s done in a legal way (meaning admissible in court). I think you mistake my claim: I am saying this is a foolish policy that could potentially put consumers at risk. And further the dealer is actually not protecting itself by having a staff member taking the customer’s fingerprint.

    As Ben said above, Notaries are important because they are a neutral third party. Notaries in CA are highly regulated. If the dealer wants fingerprints, do it the correct right way and have an on-site notary.

  2. GEORGE Says:


  3. Louis Elovitz Says:

    I bought my Toyota mini pickup in 1993,

    it now has 220,000 same engine, going strong.

    Anyway, I bought it at Longo Toyota then with

    $9500 CASH. I was there all day waiting about 7 HOURS.

    Now, they did not ask for any fingerprints, but anyway!

    When I read your story it struck a bell. They did let me

    go down into their Indie Car museum, still?

    My truck was made in Tennessee and many Delco parts.

    I love it.


  4. Tnandy Says:

    I just love these idiots that think a thumbprint will do anything to stop fraud or a crime…..just “feel good” policies that have no effect except to antagonize their customer base. Absolutely AMAZING how some businesses go out of their way to be anti-business ! Radio Shack used to be bad about wanting your phone number, for something even as simple as a pack of batteries purchased. I wouldn’t give it to them, just out of plain ornryness…..Clerk would say “But I HAVE to enter you in the computer”…..and I’d reply “Buddy….we’re right at that point in the road where you have to decide if SELLING stuff is more important than COLLECTING information……your call “.

    By the way, TRUE crooks like me know all you have to do is put a dab of clear silicone caulk on your thumb before you go into a place requiring a print and the resulting “print” is totally worthless, and different every time….ahahahahaaaaa

  5. liz Says:

    Why and how does the DMV have your fingerprint to begin with? I just renewed my SC driver’s license this week…… no fingerprint. If I wanted to buy a hitchcock beemer…. how would I?> WTF???????????????????????????????????????

  6. Mike Says:

    Hello Lorna,
    Thank you for reporting this. Thank you for being one out of hundreds to not be sucked in. As others have posted, it is troubling and does not bode well for the future of this nation when people so easily relinquish their fundamental rights against self incrimination. We will always have crime. What I find equally disturbing is your comments on leaving a “fingerprint” when you visit blog sites. As a relative new “surfer” could you explain this? Or perhaps direct me to a link? Thank you.
    Ubi Dubium Ipi Liberata!

  7. Mike Says:

    Correction(hit wrong key)

    Ubi Dubium Ibi Liberatas!

  8. Sashi Says:

    I think that you really need to get back ALL the copies of any personal information that the dealership is in possession of. Have your lawyer request it so that he can word it legally that they have to return EVERY SINGLE piece of paper that has your information on it. No loopholes. I think that the whole experience is very sinister. Just because it’s a BMW dealership, it’s still basically run by one man. Suppose he is really collecting all of this information to use illegally? I mean it doesn’t seem to me like he really cares about selling cars. Maybe he has another source of income or a plan for another one? One that is more lucrative and less legal. Anyway, this is probably not the case but, it’s better to be paranoid and safe.

  9. John Says:

    Regarding TRAP, there is such a unit that’s run by the DMV. The dealership didn’t make that up. TRAP was put in place to make sure dealers are treating their customer’s right. This is a unit that investigates dealerships to make sure they are doing things right. Now, I don’t agree with the way they treated you, but ID thieves are really focusing in on dealerships these days because of the high-ticket item vehicles represent. So, the actions this dealership took doesn’t suprise me. However, I don’t agree with how you were treated.

  10. J. Shamburger Says:

    You might want to simply consider NOT buying a new car from ANY dealership.
    I have found that buying second hand, well maintained vehicles from first time owners you usually don’t have to do anything but hand over the cash…

    The system isn’t going to change – it will get much worse as our government tries to protect us from everything – skinned knees, tripping on the garden hose, backing over the kids bicycle, etc. You cannot legislate safety – you can only raise the penalties. You cannot legislate away crime – you increase it with more of these stupid laws…

    Buck the system – buy a used car and let all the regional distributors kiss your bottom!!

  11. Mel Says:


    With every one of your postings it becomes clear that you have a knack for reading your own meanings into things. “Giving up Essential Liberty” ? The “mellow drama” is killing me.

    It is apparent that I need to spell it out for you. It is not about dinner… it’s about being “unique…different” and that is what dinner and thanking your customers represents. That is what taking an extra step to “Deter” a threat rather than “taking the money and running” represents. And that is the point that you have led many of these bloggers to miss… This fingerprinting process is meant as a deterrent… nothing more. You have misplaced this whole issue to focus on your own agenda for your little 15 minutes of fame.

    How many people has it deterred? There is no equation for that is there, Michael (who’s equation was based on theft not fraud)?

    And by the way…”Lina, you sound like a peach.”??? Who says that? You are the laughing stock of SoCal right now and don’t even realize it. I think most of these bloggers are probably writing to egg you on because you are so entertaining.

  12. Alyson Says:

    Lorna, you seem pretty internet savvy (hence your “professional” internet drawings). If you have EVER purchased ANYTHING online, you will notice that they ask for your credit card, exp. date, date of birth, ect. That information can easily be sold, hacked into, ect… You probably don’t think twice about submitting that information online to MILLIONS of people who have access to your personal information, with the ability to abuse it.

    It is unbelieveable that you can ramble on for days on end about how outraged you are that someone is trying to discourage (again, not completely prevent, but deter) identity theft when you buy such a high ticket item as a new BMW. Who cares if South Bay BMW IS trying to protect themselves as well. They are smart. And, I absolutely respect that. You, my dear, need a life and need to step into 2007.

  13. lorna Says:

    Mike, you asked for more information about what’s viewable about you online, and it’s a good thing to be aware of.

    Sometimes it’s kind of fun. For instance, I only need to look at the server logs to see that Mel and Alyson are writing from the same IP address. That means that they are either the same person, or were sitting about 10 feet from each other. I could go further just based on that ‘electronic thumbprint’ they left behind, but I’m pretty sure that they care about their privacy too.

    If you want more information about this, I would recommend a visit to and read their explanation. It’s confusing, but worth it to actually get educated about this stuff.

  14. Alys Says:

    Mel, you sound like quite a peach yourself.

    Regarding your “unique [and] different” dinner, sounds like you plunk down a chunk of cash at that dealership for personal and corporate vehicles— if they can keep your $$$ flowing into their coffers with a token dinner, hell, you’re a cheap date. As to fingerprints, do please elaborate on HOW they deter theft in this type of scenario—you keep claiming they do but failing to spell out anything of substance that backs your statement.

    Btw, I’ve never addressed an omniscient being before— I’m sure the entire SoCal region thanks you for representing them on this issue… you’d know that better than I, of course.

  15. Dan Says:

    Mel/Alyson gives out his/her date of birth to buy stuff online? And he/she has had her identity stolen? Why am I not surprised?

    Whenever a website requires information that it has no business asking for, I get something from Works like a charm.

    I am in the market for a new car, and thanks to Lorna, now I won’t be blindsided if a stealership ‘asks’ for my fingerprints.

  16. Mel Says:

    (LOL) …So Nancy Drew, Alyson and I are the same person?

    I work in an eight story, two block wide building…guess what? Everyone in that building has the same IP address.

    I hope you spent more time on the fingerprinting research than you did on your IP address research. Cheers!

  17. Mike Jennings Says:

    Social security number is more useful for identity theft now, and we’ve now seen the results of letting it get out there. In the (near) future, biometric data is going to replace it as a key identifier. This is why you need to protect this data starting right now.

  18. Terry Lowe Says:

    Here is a link to a list of data thefts aroung the country:

    Call me a loonbat if you will, but my belief is that some entity, perhaps our own government, is hell bent on collecting every American citizen’s information for a data base and for a reason we do not yet know. What could possibly be the purpose? Why is there so little protection by these institutions and if they can’t stop these numerous and systematic thefts, why would we trust a car dealer with our information? I bet each and every one of you reading this is onthe list (linked above) of stolen information!

  19. no more fwds » Blog Archive » DNA please Says:

    […] lornamatic details their incredible (and I mean literally in-credible, as in un-believable) story of a BMW dealership requiring a thumbprint to buy a car. Why? To keep up safe. […]

  20. Bill Hudson Says:

    Lorna, I stand behind you 100% about protecting personal information. Never had “I-T” happen to me because I have been so paranoid about the subject. Ever since the early ’80’s, when I worked on the computer systems where such data are collated. For 20 years, I was just a “paranoid old crank”. The last few, though, it seems like I was actually a little visionary.
    Had a similar experience a number of years back, cashing a payroll check drawn on that bank from a large, international company. I got a little heavy handed and managed to break the (non-safety) glass in the front door. After I recovered the paycheck from the manager when he wouldn’t give it back; after refusing to cash it. WITH THE FINGERPRINT ON IT! Last time I’ll ever trust ANY of the bastards. S’quse mah frainch… A week in jail for breaking OUT of a bank. I think that’s a first…
    Let’s see now: IP address: My DSL carrier presents the same IP address for all customers. An entire county. is what I do. Mostly a place for an Email address. All of it will point back to S. Carolina, where most of my work is. But I reside some 300 miles from here. And, that, dear, you WON’T find out. Even the vehicle tags and other information go through blinds from that address.
    So, am I a criminal? Only in that I believe in working for a living and being left alone. I don’t work, I don’t eat. It’s that simple. And hiding from the “public” is how I stay “left alone”. ?Like some interesting insight into privacy vs “public” knowledge? I use “Black’s Law Dictionary”, 1993 edition. Black’s is a standard accepted by the “courts” in this country. Read up on the word “public”. The definition is NOT the same as colloquial usage. We joke about “reading the dictionary” as though it is a waste of time. But, to read Black’s Law is to understand just how we are being manipulated.
    Bill Hudson; Paranoid Old Crank, et al
    Large International Company: US Steel, Fairfield Iron, Steel and Casting
    Bank: AmSouth Bank of Birmingham Ala (where the payroll account was)
    Computers: Field Engineer for Wang Computers, in the FSM and Republics of Palau & Marshals and the CNMI. Local governments under the auspices of the U.S. Dept of Interior. What a crock… All we ever gave them was beer cans along the roads, diesel generators and tinned fish.

  21. AutoMuse » Car Price May Include Fingerprint Barter? Says:

    […] As if buying a car is not complicated enough, at least one BMW dealer in California has added yet another layer of complication to the activity.  A well-spoken blogger in California wrote about her attempted car buying experience that culminated in a “No Sale” all because the dealership refused to sell her the vehicle unless she first provided her right thumbprint. […]

  22. Missives from the Technocave Says:

    Biometrics for a Beemer?

    Give this a read.
    Sound familiar? How about when I put it like this:
    1. We must do something to prevent fraud in buying autos!
    2. Taking your thumbprint is something!
    3. It must be done!

  23. Fredrick Says:

    Im sorry.. but i dont agree with everything you say. i have no problem leaving a fingerprint for a major purchase. if you go cash a check at a bank,you leave a fingerprint. If you refinance your house you leave a fingerprint. Having your social security number on a application is far more dangerous than your thumb print. just my 2 cents.

  24. David Says:

    ID theft? The only reason or way someone can steal someone else’s ID is because the government and financial institutions have created an ID ‘problem’ to begin with. But that is typical,,, they create a problem so “they” can provide the solution,, which causes only more problems. If no one had any “ID” or credit cards or the “almighty” social insecurity number then their really wouldn’t be anyway or reason to ‘steal’ someones ID. So the solution is get rid of Ids of all kinds………………..

  25. heidi Says:


    I leased a BMW 3X sports model one month ago….since I am 55 and lost my mind for a moment, I thought I could enjoy driving it and look younger! the car but my back issues are making it difficult…am looking for someone to take over the 3 yr lease…$596.88/mo….interested? Dark silver with black leather interior, all the bells and whistles!

    Sorry for your trouble!


  26. Mel Says:

    Just wanted to make sure everyone saw the NBC news update on this issue. Apparently it looks like lorna made a big to-do and made several false statements about something that the auto industry has been doing for years and is actually becoming a more prevalent practice. So either get some really comfortable sneakers or deal with the thumbprint issue. As Frederick stated, leaving your ss# is much more dangerous and we have all been conditioned to do that without a second thought.

    Also, lorna… thanks for trying to block the IP address of my entire company to keep Alyson and I from offering our comments. There is something to be said for a fair and balanced blog. What are you afraid of?

  27. lorna Says:

    Fredrick, thanks for your opinion – it’s really about what the consumer is comfortable with at the end of the day.

    Heidi, you’re a sweetheart, thank you so much for your offer. I was hoping for a lighter color interior – black gets SO hot here. I think that car sounds perfect for you anyway!

    And Mel, welcome back – we missed you. Glad you’re following along on TV, though I don’t think we saw the same NBC story. You were spending so much time here, I started getting worried you weren’t paying enough attention to your work.

  28. Mad as Hell Says:

    Lorna, you go gurl!

    With all the people that auto dealers lie and cheat it’s funny how they now treat their customers like theives.

    I would have walked out also and wish more people did.

    The ID theft problem is caused by banks and people who handle our personal information. Also if the courts treated ID theft as a real crime with real strong jail time it would stop. Right now it is rarely investigated.

  29. Davi Ottenheimer Says:

    Definitely some interesting perspectives coming through this discussion. Couple of quick notes for those who have commented in support of the dealer’s actions:

    1) Equating an email address to biometric information is a very curious practice. These two bits of information are so vastly different when it comes to actual security calculations (asset value, etc.) , I am truly surprised to see anyone try and make such a point.

    2) The issue is not about how nice a dealership might be or how pleasant they are when you are compliant with their demands. It is about how a company manages your sensitive identity information, especially when there is no risk to them if they mishandle the information. No amount of positive relations and perks can change the fact that a company may engage in the type of improper information handling practices linked to identity theft and/or privacy violations. A thorough and independent information security audit would be the correct and fair approach to assessing “goodness” in this scenario. Do they have a privacy policy? Do they follow the policy…etc.

    While I agree in principle that a dealer needs to use an identification process to reduce the risk of grand theft, this does not mean they should be free to demand whatever identity information they want without proper safeguards and assurances to the consumer. Yes, I know this is completely counter to the Ashcroft-led movement that says Americans will be free only when everyone has surrendered all of their privacy to loosely regulated private firms like ChoicePoint (who then will sell it to the government(s) and/or use it to “clean” elections):,12271,949709,00.html

    Again, Lorna was clearly wise to ask for clarification and then walk away if not satisfied. The trickier question is really how a consumer/citizen can get comfortable with information security practices of companies without some kind of accountable oversight body or independent regulation.

  30. Pam Says:

    Good for you to refuse the finger print! How atrocious that only a few others complained about this practice. People need to start waking up and standing up against such invasions of privacy. We are most definitely entering the realm of Orwell’s 1984, though most of the population has no clue this is happening and act like sheep simply following the herd without questioning much of anything. The rumors about having a national id card, limiting travel and the building of government detainment camps for US citizens seem all the more real when you can’t even go buy a damn car without giving your life away. The sad thing about this all is how the thieves they are supposedly protecting you against know how to work the system and would find a way around the stupid finger print requirement. It’s only hindering good, honest citizens. People, read the Patriot Act – you wouldn’t believe what’s in there and what’s happening to your liberties!

  31. Jay Says:

    Digital fingerprints, those used to log on to your PC or open a door, are nothing more than templates made from 1’s & 0’s. It may be fine to a degree, but as we move to using it as identification for banking, online credit card transactions, etc., it will become no more secure (or just as unsecure) as anything else we’re using. If someone can hack the systems to steal the data, they can create the “template” for a transaction. No one will know whether they just swiped their finger on a reader, or sent a duplicate template. When that time comes, I would’nt want my fingerprints on file at car dealers and retailers, etc.

    My 2 cents.

  32. evlfred Says:

    What everyone seems to forget is that the dealership is under no obligation to sell you a car. Just as you are under no obligation to purchase one. At our dealership, we will not sell a car to anyone who will not identify themselves. It’s our right to require identification and your right to refuse to do so.

  33. lorna Says:

    evlfred, thanks for your comment. It’s really interesting to hear from people in the industry. In this case, I think I provided way more than enough information for the transaction for any car dealer, and when that still wasn’t enough for this dealer, I left.

    Dealerships can only afford to refuse so many sales before it cuts into profits. But when some dealership starts going all homeland security on its customers, there’s just not a good enough deal for me to willingly support that.

    I believe that the only reason 5200 people gave their fingerprints to that dealership is because the negotiation process wears the customer down completely – it’s designed to. After you’ve spent so much effort shopping and then haggling, and the dealer sneaks in this policy at the last minute, well – most people feel stuck in the deal. They don’t feel like they can say no, so they don’t. That doesn’t mean it’s a good policy, it just means people don’t feel like they have a choice, and that’s what stinks about it.

    Bottom line? To this dealership, my lost sale is the equivalent of 25% of their stated last years’ losses to fraud.

    They said one other person walked out because of this policy in the past three months. If they lose one sale over this every three months, they’re exactly break-even with the losses from fraud. Currently, they’re at double that.

    Except losing your customers due to your own bad policies, that isn’t covered by insurance.

  34. evlfred Says:

    It wouldn’t be 25% of the loss, they don’t make 100% profit on every car they sell, and the other commenter’s numbers are way off too. If a dealer looses a car to theft they loose the profit equal to at least 20 cars. And most won’t claim it on insurance, because their insurance rate (which would shock you) would rise alot. I’ve had customers refuse to provide even a drivers license copy to me, and we refused to sell them a car. In one case a lady was so upset she tried to call the governors office to “tell on us”. The bottom line is, if that’s what that dealership requires and you don’t like it, go elsewhere. Obviously, it is helping them reduce losses, or they wouldn’t be doing it.

    Also, don’t bother trying to get the dealership to return all copies of your information. If they pulled a credit bureau on you they are required by low to maintain that information for at least 24 months. However they are also required to keep it secure with limited access. We are very careful with all information left with us.

  35. evlfred Says:

    FTC’s Information Safeguards Rule and the Consumer Information Disposal Rule are both applied to dealerships and enforced rigorously. Not to mention the Privacy act, the Equal Opportunity Credit Act, and yes, the Patriot Act to some degree. Read an industry publication sometime (like Dealer magazine available online) every issue there are several articles about “compliance”, meaning compliance with Laws and Regulations in the auto industry. I think it would be a real eye opener for you.

  36. lorna Says:

    wow, I need to close the comments on this post soon due to all the incoming spam, but I really don’t want to.

    evlfred, thanks again for the comments. point taken regarding profit / loss. As for not liking the policy, that’s the exact point I want to make. You can always go elsewhere, but I believe it’s actually important to say no when you don’t like someone’s made-up, non-standard policy.

    Here’s a totally straightforward question for you. If a 100% loss on a stolen car comes to $50 per car (the four lost cars number came directly from the dealership in question, the average cost number may be off but with four lost cars it seems like it’s the right ballpark), why wouldn’t a dealer simply add that into the price for all new cars, rather than trying to take fingerprints? That’s usually what a store does when there’s loss: prices go up. Why would you decide to fingerprint all your customers? Where does that even come from? Most customers aren’t going to shop elsewhere to save $50 on a $30K purchase. I wouldn’t, but I was so surprised with the fingerprint demand that I went home and wrote about it. I suppose if you don’t know a dealer’s doing this, you get stuck with the demand at the end of the process and comply, but at least if you know some dealers are doing it, you have the choice to shop around to one that doesn’t.

    In terms of keeping things secure, especially in any kind of retail environment I’ve worked in places where I was astonished by the amount of unsecured data, and I’ve worked in places that were unbelieveably careful. Both places would claim to be extremely careful and you can’t tell from the outside what you’re dealing with. UCLA was extremely careful – they had a break-in anyway. I believe completely that your dealership is careful, and I’m sure there are many dealerships that take this very seriously, but after this whole experience I am reminded why it’s important to not offer up information when you’re not legally bound to do so.

    I’m glad to hear there’s a lot of concern from the auto sales industry regarding this. When these guys presented me with a photocopied legal-ish document with spelling mistakes, that’s when I started thinking: maybe this company is not as careful as I would like for them to be. And that’s when I walked out, and I’d do it again if the same thing happened tomorrow. If one good thing came out of it, people who’ve read this post will be more aware and careful with how any personal data is used.

    I read up on many of the topics you mentioned above while learning about all this. And my conclusion is that when a merchant asks for extra information that isn’t legally required to close the sale, it is because they are trying to protect their own interests, and often at the potential risk of my own interests.

    Curious, what do you think about the Dollar-Rent-A-Car results from their similar thumbprint experiment? The company dropped it, because it bothered customers and in the end it didn’t make a difference to their bottom line.

  37. evlfred Says:

    I would say that while on the surface the Dollar-Rent-A-Car issue would seem to relate, I don’t think it applies. For one, I really doubt that there are chop shops out there just itching for Dollar-Rent-A-Car vehicles to process, but I’m sure any would be ready for a new brand new BMW. Second, why would an identity thief go to all the trouble of researching someone and taking all their info to go down and rent a car? Not much profit in it. Third, when someone is laundering money, new vehicles are considered prime property, that’s why the IRS makes us report all cash sales in excess of $9999, and I would imagine new BMW’s are on top of the list for launderers.

  38. lorna Says:

    I’d guess most of the Dollar Rent A Car fraud was aimed at reselling stolen parts for things like Toyotas. There’s something to be said for having mass market consumers for your chop-shop parts.

    I don’t have any info about fraud directly from dealers, you would know this better than I, but there are two BMW models on the HLDI 10 most stolen new car list, the 7 series and the X5. Most people who would be buying a 7 series or an X5 probably should be able to provide two forms of photo ID, like a license and a passport. Many state agencies don’t ever require more data than that, although the new RFID passports are reportedly insecure, and hey, have you seen those new ink-jet printers?

    I suspect the IRS has many reasons for tracking high dollar cash sales, but it seems that is much more likely due to people notoriously forgetting to claim cash transactions on their tax returns. The IRS doesn’t care about stopping car theft – they don’t even require a thumbprint to file your taxes. Ahem.

    I’m closing comments because I really don’t need any more offers for cheap viagra and it’s killing my blackberry battery. If you have more to say, you can always reach me at the email address you’d expect.

    I still don’t feel like I have a clear answer on why or how thumbprinting deters car thieves, but I’ve learned a lot in the last week. Thank you all for the comments and conversation – this has been a much more interesting adventure than I thought I would be having when I walked into a car dealership last week.