Analysis. A criminal gang which has stolen at least 150 Jeep Wranglers since 2014 has been caught in California , but theirmodus operandi leaves questions about dealerships and FCA’s oversight.

The gang members chose a target car, then obtained a duplicate key from a dealership in San Lucas, Mexico, all without the owners ever being informed, according to the police. That one method was used for all twenty Jeep Wranglers stolen by the gang in the San Diego area, and was likely their system for the other thefts as well.

A prior car-theft team in the Houston area, captured by police, stole cars by using codes and equipment from a dealership. That team stole over one hundred FCA vehicles using stolen key-codes, taken from a dealership.

Car dealers have always been able to get access to keys; in pre-computer times, they had paper records of key codes and could grind new keys without having the old ones. The corporation had no way of knowing when this was done.

With computer networks, FCA could likely notify customers when a spare key is made, just as credit card companies can send an email with each mail-order charge. Most people are used to the idea of getting notifications when, say, they log into their bank account, transfer a large sum of cash, or make certain charges.

Even without customer feedback, FCA can, and apparently does, monitor these events remotely, leading to the question of why the two sets of criminals were not caught earlier.

We can speculate that FCA may implement stricter security measures in the future. The official FCA US response to Allpar was"
FCA US LLC is committed to the safety and security of our vehicles. The Company has processes in place to address vehicle theft, including monitoring duplicate key requests. Additionally, the Company routinely works with law enforcement, but does not publicly share the details of any such investigations or cooperation.
Several people have since written to remind us that the Wrangler still uses an earlier system, which has a static immobilizer code. Newer FCA (and other) cars have codes which expire after a few hours, and validate the key-programming process on-line. The information from these newer systems allows FCA to flag events such as out-of-state PIN requests. They can also capture the vehicle location when an immobilizer component is replaced.

Several dealer personnel also wrote in to say that most United States dealerships require identification and proof of ownership before duplicating keys.