In this transcribed episode of the Used Car Dealer Podcast, Zach interviews Todd Smith, founder of QoreAI, a startup focused on identity verification and transactional fraud prevention in the automotive space. They discuss the recent CDK DMS hack, the prevalence of transactional fraud, and the future of secure document management in the automotive industry. The conversation also delves into how technology impacts credit affordability and what dealers can do to enhance their security measures.

Zach: Zach here, and we have a great guest on the podcast today. Todd Smith, the CEO and founder of QuoreAI also a serial entrepreneur. Todd, thanks so much for joining me on the podcast today.

Todd: Super excited to be here, Zach. As we talked a little before in the green room, it was good to catch up. It's been a while. So, it's amazing what you did with Selly.

Zach: Well, glad to have you on. Tell us a little bit about your background, your entrepreneurial journey, your previous company, and how you got started in the auto industry.

Todd: Yeah, I believe my entrepreneurial background probably started in third grade when I would go to the local WWA and buy Jolly Ranchers by the bagful and sell them until ultimately, I got suspended for doing that in school. So, obviously, selling candy to kids at a quarter apiece and making good money was a bad idea. So, they kind of stymied my entrepreneurship early, but, you know, I've always been an entrepreneur at heart. I was raised by a mom who had her own business, so I just came from that type of family.

The car business has always been around me. Both my neighbors were big auto dealers, FC Kerbeck on one side of me and the Miller family on the other in Ocean City where I grew up. So, I've always just had a love for cars. My dad restored a bunch of cars. There were all these cars in garages that we had, half-assembled, some running, some with cool rumble seats in the back. So, I was always in those old cars from Model Ts to 56 Roadsters as a kid. I just loved the business.

I surfed my whole life too, since I was like five, and competed. At a point, you know, you have to make money to travel, so I started cleaning cars at 16. And then I thought, "Man, those guys with the white shirts inside seem to have a better life. They have access to donuts, food, air conditioning; seems like a good idea." So, I started my hand at selling cars at 18.

That turned into sitting at basically every seat in the store, from used car manager, new car manager, GM, and ultimately running a multi-store group. Eventually, I became a partner and owned a Chevy store in North Jersey. But, running a car dealership, while super entrepreneurial, my heart was still somehow stuck in tech.

I don't know why. I have an older half-brother; he had one of the first Gateway computers. We were on Compuserve. I just felt like I had this crazy passion for technology. I don't know why; it just was always there and still is even today.

Zach: Very impressive. And with Qore AI, what inspired you to focus on identity verification and fraud prevention in the automotive retail space?

Todd: Yeah, a crazy story. Two things led to it. Qore AI always started as a vision of, "Hey, how can I rethink my previous tech company into a new light, making it more collaborative commerce?" And to do that, I also realized, well, for many people, that's gonna start online. And the question was, "How do you tell who the person online really is?"

I sat and had dinner with an ex-FBI person, pretty high up in the organization. We were talking about fraud, and he told me that during the pandemic, we had all these PPP loans, and I guess about $300 million was defrauded from the US government, which is staggering to think about where our taxpayer dollars went. He said that during that time, all these fraudsters honed their skills to produce fake licenses, fake documents; they got really, really good at it. And then that money dried up. So, they started looking for new avenues.

This dinner conversation stuck with me. This was about three years ago. And I thought, "Wow, that's interesting." He said, "You know, auto will be one of their next targets." It was probably two years ago, I was sitting there, and a dealer lost like a quarter of a million dollars in a month on fraud. It was like four transactions. And I sat there and thought, "Oh my gosh." Then you start asking dealers, "What are you doing to prevent fraud?" I heard everything from "We just photocopy a license" to "We maybe run some synthetic ID or something in the back." And I thought, "Well, that's not going to stop fraud."

Some dealers, maybe less than 20%, had ID scanners. And I thought, "That's not going to stop it because they already figured out how to fake licenses." You can buy fake licenses on Telegram, Signal, or on the dark web with a Tor browser. You can buy one for 6-700 bucks, and it'll pass any of the scanners. So, I realized there's a problem that needs to be solved here. Smart dealers who are trying to organize compliance and stop fraud early will always have a competitive advantage.

That led me to believe that this became one of our core things for QoreAI: identity verification and figuring out how to quickly onboard consumers, do it with the least amount of friction possible, and also in a way that the consumer onboards themselves, so the dealer doesn't have to touch their ID or any of their PII (Personally Identifiable Information).

Zach: That's really interesting and kind of leads into my next question. Something really big in auto cybersecurity happened recently, and I wanted to get your perspective on the recent CDK hack and how it impacts the auto industry from your perspective. And a short story on my side, what was surprising the day CDK got hacked, and it was national news on CNBC. Even my neighbors in San Francisco were asking me about auto software and dealer management systems. It was surprising for me to hear that on national news. So, what's your take on that?

Todd: The same for me. My mom even asked, "Hey, I heard about this hack. Did that affect your business?" And I said, "No, Mom, it didn't." But it was a long time coming; it was inevitable. For multiple reasons: one, most of these systems are using monolithic-style architecture with firewalls that are prone to full-frontal attacks. And most of them, you put up a good vault door, but you walk around the side, and it's like a screen door—you just pop your finger through it and find one open port, and that's what they hunt for.

With phishing schemes and all kinds of different ways to gain access to these systems, some of these big companies also have vulnerabilities because they acquired multiple companies that all have different architectures. None of them have been stitched together well, causing huge security gaps and opportunities for cybercriminals. At the end of the day, outsourcing a lot of your development overseas comes with risks. There are amazing developers all around the world, and I can't blame them as the sole reason something like this would happen.

But, you know, doubling or tripling down on security versus spending on a $20 million booth at NADA might be a good idea, just food for thought. It's hard when some companies are out there selling security services, and they're not really in the security business. It's like another way to capitalize on dealers being naive and not really understanding that security is a whole different world. It's like going to Mars; it's not a moon landing. Building software is one thing, but building a system that operates at the highest level of security today takes a tremendous amount of effort and different thinking.

I feel that almost all of the systems in auto today just don't have that. They weren't built with that in mind, or they were cottage products that grew up and were bought by one of these big companies and bolted on, leading to all kinds of tech incompatibilities. It was inevitable, and I think you'll see more breaches. I don't think this is the last, and honestly, I don't even know if I would say for 100% that they still don't have access inside CDK. From what I've read and listened to, I don't have any true inside knowledge, but I do know that with these types of breaches, they never recover 100% of their systems. There's always increased vulnerabilities.

It's kind of a double dip, right? CDK paid the hackers, which is like paying a terrorist organization if you think about it. Often, these companies have state ties, as they work for governments. Did the hackers leave a backdoor? We'll never know. They could continue scraping data from the system, and we'll never know. It's dangerous, and that's why I think different architectural styles, like serverless architecture using zero-trust protocols and perimeterless security functionality seen in systems like AWS, which I consider among the most secure, are crucial. Nothing is bulletproof, but you want to lean into the companies that are willing to commit the financial resources to security at a level that doesn't currently exist in the auto industry.

Zach: I definitely agree with some of the points you made. Even looking at the fine or ransom that CDK had to pay the hackers, it opens up the floodgates. It shows a lot of hackers the value of automotive data, how large some of these companies are, and the potential for larger fines or ransoms. It brings more awareness to auto software in the hacker community.

Todd: Yeah, it didn't help. It definitely shined a light on the industry, and not in a good way. That kind of leads me to my next point, thinking about fraud in the industry. How prevalent is transactional fraud in auto dealerships, and what are some of the common types of fraud that dealers face?

Todd: That's a really good question. If we look at the data, probably this year, somewhere around $7.9 billion in fraud will enter the auto industry through lending. This can come from a multitude of ways: identity theft, where people present fake documents to buy a car; synthetic ID fraud, where people have created a clone identity of someone and nurtured it for a couple of years, then go crazy buying a bunch of stuff. And then it all hits your credit report, and you're like, "What happened? I didn't see that coming."

Another major issue is income misrepresentation. This happens when, for example, a salesperson says, "Oh, they're on the verge of being qualified. Hey, don't you drive Uber once a week and make an extra $300 a month?" and pencils it in, or they just help fill out the credit app. This happens because salespeople want to sell cars, and I can't blame them; they have families to feed.

There's also internal fraud, where almost 60% of it starts. This is when someone within the dealership takes data off a system, like downloading all your sold customers' information, which includes PII, because there's no protocol to prevent that download. There are multiple risks for the average dealer, and these risks cascade. If someone steals your ID, you might sue the dealership for not protecting your consumer rights. The lender might come back and say, "Hey, this isn't the real person. You owe us now," because for the lender, it's considered an arm's length transaction.

The dealer is the direct transactor with the consumer, and because of that, the dealer is liable, not the lender. The lender's recourse is to say, "Give me my money back," and the dealer is left to deal with it. Many times, the dealer will try to call their cyber policy, only to find out it doesn't cover these situations, especially not for remote transactions. So that's a problem.

There are lawsuits. I just posted about one today where cyber insurance will most likely not cover a transaction that happened for a remote party or even people who didn't walk into your store. So again, problems arise, and the lender might start watching your loans more closely if they think you've let one slip through. There's a secret list, a sort of "naughty list" among lenders, where they share information about known offenders and watch those loans more closely.

So, as I said, it's a rippling effect. Smart dealers will stop fraud upfront, and groups need to normalize processes, reduce bias in onboarding customers, and protect data outside the hands of individual salespeople or F&I managers making those decisions. It's like the wolf determining which chicken in the henhouse is good. You can't have that because someone's pay plan is tied to selling cars, and now you're putting a process in place that might stop them from selling cars. It goes against what you're telling them to do every day, leading to deals getting done, deals slipping through, and dealers facing the consequences later.

Zach: Wow. Could you explain how secure deal document management works and why it's essential for protecting PII?

Todd: This is definitely a growing concern. I was just talking to a friend of mine, Tom Kline, who has a compliance company. He showed me pictures of a dealership he visited. There was an open-air sales desk, typical, and behind the sales desk was a cabinet with a key in it, the door open, and in a bin were probably 60 credit reports. This type of data held in paper form is an enormous risk.

Anything a dealership can do to digitize that information is a step in the right direction. Stop printing out driver's licenses and photocopying documents, which exposes PII to the real world instead of holding it securely. I've seen a lot of manila envelopes; I've never seen one secure. You just pop the lid, and you can get into it. You go into dealerships, and they have all these printed jackets, which are opportunities for someone to mishandle that data and take advantage of it.

In any dealership today, you'll find PII on salespeople's phones, copies of driver's licenses, insurance cards, proof of income, W-2s. You'll find it on desks, in desk drawers—it's all there. So part of our goal is helping dealers digitize that information. There are solutions out there, like document vaults, but we wanted to make it easier through conversational commerce. The customer is already in the conversation; if we can securely provide a way for them to upload data, store it, and manage it digitally, that's the best world we should all focus on to help dealers reduce what we call "document exposure."

Zach: I wanted to move on to some questions around credit. How does credit affordability impact a customer's ability to purchase a vehicle, and what trends are you seeing in this area? What role does technology play in this area as well?

Todd: That's a really good question. In your CRM, you pull credit and get a credit report, right? You're looking at a FICO score, trade lines, getting a flow of the customer's financial health. This is typical, whether it's a soft or hard pull. You look at a customer with an 810 score and think, "Golden, no problem." But then you submit them to the bank, and the bank says, "No, they're at 96% debt ratio; they're buried," and you're surprised.

Affordability is rising to the top as one of the most important factors to consider today. We've had a rise in interest rates, affecting deal flow. Lenders are definitely scrutinizing deals more closely. Many consumers are now what I call "post-COVID," looking to trade out of cars they're buried in, leading to a lot of negative equity that needs to be addressed.

It was just reported today that U.S. citizens have saved the least amount of money recently, and everyone's debt is on the rise. So, we look at affordability as a better indicator of purchase potential. We can assess a household's income and debt, apply a mathematical formula, and determine which inventory fits them better.

Todd: And also based on other characteristics, with our partnership with Equifax, we get lots of data. So we know behaviorally that a customer is likely to buy a vehicle like a Traverse, a Honda Pilot, or something similar. We even know what vehicles they're shown, but you need to consider affordability first. I think affordability is rising in importance because, over the last couple of years, we haven't had to negotiate deals very hard. We had less inventory, and customers came in and paid what we wanted. As long as their credit matched, we would submit it to one or multiple banks, and lending was easier—it just all worked.

Now, I see constraints everywhere today, right? Constraints from the lender, inventory value, and customers being deeper in debt. All of that has to be reconfigured and triangulated. AI is literally perfect for this—it's perfect for taking multiple data sets, finding commonalities or uniqueness, and now giving us an understanding of what we're looking at. That's where I see our business going in this direction. I think it will just speed up transactions, but it's also going to speed up matching the product to the consumer. Nothing is worse than, for example, a customer comes in and says, "I want to drive the Subaru Outback."

As a salesperson, I go, "Okay, this customer wants to buy a Subaru Outback." That's not what the customer said; I'm just assuming the consumer wants a Subaru Outback, right? So I show them a Subaru Outback, but let's say the customer can't afford a Subaru—pricing is wrong. Most salespeople will just stop there, but we have other options. That's a very loose example, but our goal is to help the salesperson say, "Okay, the customer may be interested in the Outback, but here are some other vehicles in stock that this particular consumer, based on what we know about them, has a very high propensity to buy."

We don't want to say we've predicted it all because that sounds super creepy, but we want to show them, "Hey, this customer, this is their true credit profile based on affordability, so match this." The desk sees one thing, the salesperson sees another, and this allows the salesperson to have a better conversation with the consumer that's more thorough. Instead of going back to the desk and hearing, "Yeah, we can't do that deal," and the customer leaves to think about it, drives to another lot, and buys a Honda Pilot, which you had a late model of but didn't even offer to the consumer. So I see using this type of data in a new lens to help the dealer better match the product to the consumer.

I call it almost like a "fit and finish," like Toyota is really great at that fit and finish for product, Tesla not so much. I see there's a huge world of opportunity there, and for us, we just want to be at the tip of that spear.

Zach: Definitely, and going back to your product, how does it help dealers with identity verification and fraud prevention, kind of what we've been talking about so far?

Todd: Our identity verification process is built in; it's what we call a multi-signaling process. For the consumer at home, the first thing we look at is the browser. Is this browser on a VPN? Are they in incognito mode? Is it from a known fraudulent IP address? We collect all this data through partners. We look at over 200 signals just from the browser. We actually tag the browser, so even if they move between devices, we still know it's them because we've wrapped that data.

So we start there. Then, once the consumer is coming in or has committed to coming in, we want to verify the device first. Before even getting to the driver's license, we look at the device because your device has a SIM card. Was that SIM card recently activated? Is it a burner phone? We can tell a lot from our partnership with the carriers, knowing if this device has longevity. With that information, we can now ID you and confirm it's in your possession at that moment.

Our process goes like this: we do browser checks, then we have an app for salespeople. When the customer comes in, they pull up the app and add their phone number. We then verify this with the carriers, and we prefill all the data from the carrier, including the customer's legal name and home address. We leave the email field open, even though we get a 20-plus percent hit rate, because most consumers have multiple email addresses, and we want them to provide their best one. We validate the phone number, and all that data pushes automatically to the CRM, tagging the salesperson.

Next, we move to the driver's license. We want a live capture of the front and back and a liveness selfie of the consumer. We check the attributes of the license—does the front match the back? We OCR all that data to use downstream. We match their face to what's on the license, and in 43 states, we'll go to the DMV if necessary. This doesn't need to happen for every customer. For instance, if you're a known entity, like if you've bought six cars from me, we don't need to check the DMV. We can just go through a less friction process, but we still capture some data.

Finally, we run synthetic ID checks, red flag checks, and additional services in the background. We usually hold these until we see a pre-qual or credit check because there's no use incurring that expense as a dealer unless we've gotten that far in the process with the consumer. We've created this multi-signaling triggering process that can do as little or as much as needed. The browser check always happens, and maybe the customer comes in and says they're just looking around and not buying today. No worries, we can do a device ID and move on. If they want to test drive, we add the driver's license to it. If they want to fill out a credit app, they can do it right through the same experience.

For us, fraud is a very dynamic process, constantly evolving. While we use AI to protect consumer identity and the dealership, fraudsters are also using these tools against us. You've probably seen things like voice cloning. Reid Hoffman, for instance, created a whole digital clone of himself. If that clone started talking to you, you'd think you were talking to Reid Hoffman, not a digital clone.

So we have to contend with all these tools that fraudsters are utilizing today. As we counter them, they counter us. There's no end to this; once you jump into this pool, we'll be fighting fraud for our dealer clients forever. It's constantly changing, and we'll be adding and changing processes in the system. Our ultimate mandate is to provide the consumer with the least amount of friction while ensuring the maximum protection for the dealership.

Zach: What are some of the challenges that dealers face when they're trying to implement new security measures, and how do they overcome these challenges?

Todd: I'll give you two main challenges. One is what I call "software PTSD" among salespeople and dealership staff. They've tried so many systems that they're skeptical. Salespeople often think, "What do we have to learn now? How long is this going to last before we revert to old habits?" So, it's essential to make it easy for salespeople in the dealership to adapt to these new systems.

On the other side, smart dealers think compliance first. They organize their dealership to remove sensitive spots that expose customer PII to their team and put them outside of alignment with legal requirements, like the FTC's upcoming rules or others like TCPA or CPPA. Dealership processes often operate on the edge of these regulations, which is dangerous. With potential fines of over $50,000 for non-compliance, dealers will need to double down on a compliance-first process, automating as much as possible to reduce human bias.

It's interesting because the data shows that if the system asks the questions, consumers are more likely to provide the information than if a salesperson asks. Automation takes out the bias and makes it easier. I'll share a story: I was in a store in Minnesota, and a customer completed a device ID check. The customer looked down and said, "How do you have this address?" I was there and asked, "What do you mean?" The customer replied, "Yes, that's my new address. I just moved here two weeks ago, and you have it. I still have a Florida driver's license." Through our partnership with Equifax and the carriers, we're consolidating so much data on 300 million-plus citizens, so we see all that data.

My mom was the same. She's on my business plan, and her phone number resolves to a business address. She went through our security check and it pulled up her home address, which even I found impressive. This clean data helps dealers with accurate marketing, reduces friction for consumers, and prevents errors in data entry. For example, if your name is Zach and it says Zachary on your license, we don't want to have to reprint all the paperwork.

Zach: So, Todd, in your opinion, how will the future of ID verification and secure document management evolve specifically in the auto industry?

Todd: I think we'll see more automation and more AI doing the heavy lifting. Our AI is already checking if a driver's license is legitimate in real-time by holding a camera over the ID. I see this technology expanding, and we're only at the beginning. It will get faster, and there will be points where we want to insert friction to slow down certain processes, like having customers read and digest information.

I believe identity verification will continue to be central. The younger generation, like Gen Z and millennials, rip through systems like ours without much trouble. Even if there's an error, they know how to overcome it. For older generations, like Gen X or Boomers, there might still be some struggle points. I've had managers push back, saying they don't want their customers to take a selfie. But I remind them that their customers have plenty of selfies on Instagram and Facebook.

I've even seen older customers put on lipstick before taking their selfie for the system. It's less and less of a barrier. It's a good way to ensure that I have your physical presence along with your ID in real-time. However, AI on the fraudster side is also advancing. They're creating AI clones that could pass some of these checks.

So, we'll have to constantly innovate and find new ways to secure transactions. You may have heard of "out-of-wallet questions" or KYC processes. Here's a statistic that might surprise you: 62% of legitimate consumers fail their own out-of-wallet questions—they don't remember their first car or old addresses. But over 90% of fraudulent buyers pass these questions because they've studied your credit report. It's their business to know these details.

It's a constant battle, and I wouldn't be surprised if lenders move away from such methods. It's a rabbit hole, Zach. I even monitor fraudster activities on platforms like Telegram, where they openly share how they create fake IDs and other fraudulent activities. It's a real business for them, especially since they have the skills to defraud the government and now need other markets.

Cars are a high-value, highly mobile asset, making it easy to defraud car dealers who are eager to sell. They might look the other way, not intentionally, but because they're focused on the 30-day cycle of moving inventory. This kind of thinking puts dealers at risk, especially in states like California, Texas, Michigan, New York, and Florida, which are hotspots for fraud. It's surprising, but even places like Michigan are high-risk areas.

Remote transactions are also becoming more common, which adds another layer of complexity. I had a case before we implemented our system where a dealer got burned by a customer who claimed to own a pizza place and wanted to meet at 2 a.m. after his shift. The salesperson, eager to make a sale, went to the customer's house in the middle of the night, did the paperwork, and left.

Todd: It was a fraudster using the person who actually lived in that house's address as the jump spot, did a fraudulent deal. Now I'm going to scare you even more with AI voice cloning. You've seen this, right?

Zach: I have.

Todd: I have my voice cloned because I like to read my own blog posts. So I want it in my voice, which is terrible, but I just want people to hear my voice. So, a voice clone. I actually cloned the head of the Montana Dealers Association's voice the other day and sent him a message, and he's like, "How do you have my voice?" I took 15 seconds of his voice and cloned it. Here, let me back it up. The TV show?  They are all. No, if you know what I mean? Just last week, I had a dealer ring me up about our event. Was he asking about sales strategies or cutting-edge tech? Wanted to know what kind of… Totally not him.

I totally made that up. Sent it to him. He's like, "Dude, how did you do that?" I was like, "I have 15 seconds of your voice." Now, I'm going to give you a real-world scenario. I call your dealer, I talk to him for 20-30 however long, I grab his voice print. I now take that voice print, I sit in the store, I know some people's names. I take a salesperson, I call that salesperson. I use that owner's voice. I say, "Hey, I need you to go get that F-150 Raptor. I need you to take it down to my dentist. Put it out front, put the keys under the mat. He's really busy today. He's going to drive it later, put a tag on it, and come back to the store. He's going to come back around six tonight." Why not? How would you ever know that’s real? Listen, if my owner called me, I'd do whatever he told me to do. Why would I question that? That is the fear of what we're entering right now. I said like, I don't know if you have kids.

Zach: No, not yet.

Todd: So I feel like you almost have to have a safe word. I say "blue," you say "bucket," then I know I'm actually really talking to you. Yeah, I've talked about that with my parents too because I have so much content online. It's on CNBC, Wall Street Journal, etc. It's so easy to get a clip of me. So, I've thought through that as well, like a safe word. So very, very clever.

Zach: And, you know, I was also going to... My next question is, what we've talked about is so fascinating. But the other component of this industry is regulatory changes. And I'm curious, from your perspective, are there any regulatory changes on the horizon that dealers should be aware of regarding data protection, identification verification, that sort of thing?

Todd: Yeah, so look, we've all heard of this FTC Cars Act, right? That's in this limbo state like, well, it's going to pass at some point. Now, what pieces of it? I don't know. There is one line in there that I've held on to since I read it. And this line basically states that if you sell a car, you have to keep all the conversation, all of it across mediums around the transaction, you have to store it for 24 months.

So practical purpose, you're a car dealer, you use a CRM. In the CRM, you send emails out of it and text messages. Okay? But the lead started as a chat in some other service, so that let’s say comes in the CRM maybe, maybe not. But let’s say it comes in. So now you have the chat transcript, you have the email, you have the text, but now you use another app like SnapCell or something else that you took video to send to the consumer. Different. Now you use Podium because you want to get a review, and you have a conversation with that consumer. Now you have a phone call on your phone system. Now the salesperson is using their personal device to communicate. You see this? We live in this multichannel environment that is absolutely going to be destructive for the dealer.

This was one of the driving factors to build Qore. I wanted to build this messaging center, a synchronous solution where everything can happen inside that. And yeah, we have text and email, but there are a lot of wrappers around this comms layer because of this point where lots of conversations are cutting across mediums. Everything I've ever seen in auto is all multichannel. We had to build that first true omnichannel that all comes in one spot that I could attach to that customer sales transaction and store it for the dealer for years.

And I think that's going to be a nightmare for the average dealer to figure out that piece without something like we're building, right? I see obviously more dealers or more states adopting like CCPA, which to me is a watered-down version of GDPR. If more of GDPR starts to enter the US space, it's going to get really hard for how we move, store, and manage data because the systems, the archaic systems inside auto retail today are not built to manage that. They're not built to pull someone out of a system and out of multiple systems simultaneously because there is no organized data structure.

So, that to me is going to be a nightmare regulatory-wise. And I think as I've watched these states all operate using CCPA as that nucleus, there are all types of nuances and trick bags for dealers. Plus, we have TCPA just in general. Texting to me is not only not secure, it is not manageable because most dealers are using six products that all have a text component. So there's no way to normalize. The DR tool has a text component. The CRM has a text component. The other tool I use to send videos has a component. My reviews have a component. So how do I opt them out? You can't. And again, that's going to break CCPA because you need to be able to pull them out.

So these are those challenges, and I think it's a technology challenge. But first, it's understanding the dealer's processes. The dealer needs to really graphically understand their processes and then go back and say, "Okay, what tech do I need to execute my processes?" Because right now they just keep adding stuff, and it creates so much noise. It's a compliance nightmare. It's an unmanageable nightmare currently, and it's only getting worse with more tech.

Zach: Very true. And, you know, Todd, you've been so gracious with your time. I could talk with you all day. I've learned a lot just doing this podcast, but I wanted to give you the last question and ask for your advice to dealers who are just starting to focus on improving identity verification, fraud prevention. How can they stay ahead of the curve? How can they ensure that they're putting in the right practices as they're just getting started at their dealership? Like, what's your advice to them?

Todd: Yes. So the first thing is they have to look at identity as a process of the sales process, right? And photocopying a license is not identity verification. Scanning a license is like a baby step of identity. So, educating themselves on available applications that are in the market. I mean, beyond Qore, there's Geo, there's a sea of tools around identity. Now, you want something easily integrated with the tools you already use, right? I mean, that's kind of why we exist, but I think it's education. There's lots of free eBooks about it out there. I'm more than happy to share any resources because I feel education and reading about it and understanding that fraud is multidimensional, it's going to attack you all over the place. Identity is one piece, even to the point of spotting liars.

So, a customer presents a license to you, right? There's all kinds of crazy things like if a customer stands up really straight, I will tell you there are probably 10 behavioral things that fraudulent, I'm going to put "liars," are going to do. I don't remember them all, but I'm more than happy to, again, share. They will point at you, they'll crinkle up a little bit, they'll start touching their neck, vulnerable spots on their body, they will do certain actions. It's crazy that all these things happen subliminally. So, training your salespeople to start to spot weird behavior. Having the spidey sense that we naturally have is important, and we know when something's off with someone. They either talk in circles, they'll just try to repeat themselves. This is like a glitch in the matrix that liars get caught in. "No, no, no, no, no, this is right. No, this is correct. No, this is my real stuff." These are telltale signs that something is amiss in the process.

So, I believe we're great lie detectors if we have just a basic understanding of it as a first line of defense. Then I think your process dictates the technology. Look, dealers have to decide how much risk is acceptable. Is it worth 3-4 bucks a customer to not have risk, or do you want to spend a dollar? You're going to take on more risk, right? Dealers have to balance that in their business, and I think smart dealers will always look to de-risk their business, especially around something so critical that affects so much.

If you're a used car operator, your relationship with your lenders is absolutely critical to the survival of your business. If you send them one or two bad transactions, you're blackballed, and you're going to get dried up. Good luck finding a new resource because they all talk. It's not like, "Oh, I said no to one lender, so I'll just move to BOA, 5th 3rd." They all talk; there's a little list, a Santa bad list. They won't talk about it, but it exists because they're protecting themselves. And for the lender, the lender has to trust the dealership completely that the dealer is going to protect them. It starts with identity, starts with verifying information, it starts with gathering steps that are valid, right? It starts with these things.

And I think smart dealers realize that if they do a good job there, it gives them great trust on the other side. It gives them a lender that buys deeper. It gives them a lender that streamlines transactions, minimizes steps because there's a trust built between the dealer and the lender. But if you want to erode that trust, send them one bad deal, send them two. So, I think dealers should begin to really start to pay more attention to this. It probably hasn't been as top of mind, right? Because when things are good, everyone's happy. But as dealers start scraping, looking for more deals, fraudsters are going to come out, and they're already out.

I'm watching them all over. I see deals every day with fraudulent people. Fraudulent person comes in and says, "I'm not, you can't verify my phone. What are you talking about? I'm not coming here; I'm leaving." And the salesperson is like, "No, don't leave." And I'm like, "Let them leave. That's on purpose." One of the biggest things we see is it's not just stopping the fraud; it's deterring the fraud from ever starting. So, when a fraudster runs into a system, there are other dealers that don't have a system; they'll just go down the road. And you want that to happen. You just don't want to be the guy holding the bag when the lender comes back and says you owe me $47,000.

Zach: 100%.

Todd: So, I feel, dealers, look, it's about education and looking at your business through a lens of de-risking it. Finding a trusted partner who wants to help you sell more cars but is also there to protect you, even when you don't want to protect yourself. Kind of like, how I look at it, like, you know, you've got to have the dad saying, "Listen, you can jump off this cliff, but it's going to hurt at 60 feet down, right? I'd wear your shoes if you're going to jump." He's still going to let you do your stuff, but he's going to caution you on your journey.

Zach: Very well. I can only say this because I have a 14-year-old who's crazy like I've always been. So I'm like, "Oh my God, this kid is going to be the death of me."

Zach: Something I guess for me to look forward to. But I'll tell you this, Todd, it's been an awesome episode. It's been a pleasure to talk with you. Thanks so much for joining us.

Todd: Thank you. I really appreciate being here. It's been awesome. It's great to reconnect, and I've had nothing but a blast today. Thank you so much.