Carrier Vetting Best Practices: How Brokers and Shippers Work Alongside FMCSA to Stop Bad Actors

If you've read my earlier piece on [what makes a motor carrier "safe,"](/blog/what-is-considered-a-safe-motor-carrier) you know the answer is a composite read of FMCSA's public data — safety rating, BASICs, out-of-service rates, authority, crash history. That data is the foundation of carrier vetting. But here's the part nobody says plainly enough: **the FMCSA public record is the foundation, not the whole house.**

The brokers and shippers who actually stop bad actors — the fraud rings, the chameleon carriers, the operators whose insurance lapsed last Tuesday — don't stop at pulling a SAFER snapshot. They layer additional mechanisms on top of the public data. And increasingly, FMCSA itself is signaling that the future of carrier oversight is exactly this: a **public/private model** where the agency provides the authoritative data backbone and improves its fraud and identity controls, while the private market builds the tools that turn that data into operational, documented decisions.

This is the full best-practices playbook — every mechanism a broker or shipper can actually use beyond the FMCSA score, how the private market and FMCSA fit together, and where the regulator is heading.

The mental model: defense in depth, three layers

Borrow a concept from cybersecurity: *defense in depth.* No single control catches everything, so you stack independent layers and assume each one will occasionally fail. Carrier vetting works the same way, in three layers:

1. **The FMCSA public-data foundation** — authority, safety rating, BASICs, OOS rates, crashes, insurance *filings.* Free, authoritative, and the baseline a reasonable operator is expected to check.

2. **Private-market verification and monitoring** — identity confirmation, real certificate-of-insurance verification, continuous monitoring, shared fraud intelligence, chameleon detection. This is where you catch what the public snapshot can't show you.

3. **The documented diligence record** — the timestamped, attestation-backed, retained proof that you did layers 1 and 2 on this carrier, on this load, on this date.

Most operators do a partial version of layer 1 and almost nothing in layers 2 and 3. The bad actors know it. Let's build out the whole stack.

Layer 1, briefly: the FMCSA foundation

I won't re-litigate the [safe-carrier guide](/blog/what-is-considered-a-safe-motor-carrier) — but the floor is: active authority, an acceptable (not Unsatisfactory) safety rating, BASIC scores below intervention thresholds, OOS rates near or below national averages read against a real inspection count, and no concerning crash pattern relative to fleet size. Pull it on every tender, not just at onboarding, because the profile decays.

That's the foundation. Now the part that separates real programs from box-checking.

Layer 2: the private-market mechanisms that actually catch bad actors

1. Verify *identity*, not just authority

The single most important shift in fraud prevention: confirm that **the carrier you booked is the carrier that shows up.** A clean FMCSA record is worthless if a fraudster is impersonating that carrier or has re-brokered your load to an unvetted one.

Concrete best practices:

• Call the carrier on the phone number FMCSA has on file — not the number on the rate confirmation or the email signature. Fraudsters spoof contact info; the FMCSA-registered number is much harder to fake.
• Email the FMCSA-listed email address, and be suspicious of recently-changed contact details that don't match the public record.
• Cross-check the entity name on the insurance certificate, the W-9, the banking/remittance details, and the FMCSA record — mismatches are a classic double-brokering and identity-theft tell.
• Use a fraud/identity verification service. A whole category of private tools now specializes in this — examples include Highway, Carrier Assure, and the fraud-detection features inside the major load boards (Truckstop, DAT). They verify carrier identity, flag impersonation and suspicious behavioral patterns, and confirm the entity is operating as itself. This is precisely the gap the public FMCSA record cannot fill on its own.

2. Verify the *real* certificate of insurance — not just the FMCSA filing

This is the heart of "having insurance vs. not having insurance," and it's where a lot of programs are quietly broken.

FMCSA's Licensing & Insurance (L&I) system shows insurance *filings* — that liability coverage is on file, the insurer, the form, effective dates, and pending-cancellation dates. That's a real and useful public signal. But the **authoritative proof of coverage for your specific load is the certificate of insurance (COI/ACORD 25) from the carrier's insurance agent.** L&I filings can lag reality, may not reflect cargo coverage, and don't show the exclusions buried in the actual policy.

Best practices on insurance:

• Request the COI directly from the carrier, and confirm liability limits and cargo limits adequate for the freight (and watch for commodity exclusions on the cargo side).
• Verify the COI with the issuing agent — by calling the agent's number from an independent source, not a number printed on the certificate. Fraudsters forge COIs and list a confederate's phone number. A forged COI is worse than none, because it creates false confidence.
• Name yourself (or your shipper) as a certificate holder so you receive cancellation notice — coverage is a status that changes, not a one-time check.
• Cross-reference the COI against FMCSA L&I — if L&I shows a pending cancellation but the COI says all-clear, dig in.

Note something important here: insurance verification is fundamentally **the broker's job**, performed with the COI the carrier's agent provides. No public database does it for you, and that's by design. The FMCSA filing tells you a policy is on file; the COI and the agent confirm it's real and in force for your load.

3. Monitor continuously — don't set and forget

A carrier vetted clean at onboarding can have its authority revoked, its insurance cancelled, or its BASIC scores cross into Alert by the time you tender three months later. Point-in-time vetting misses all of it.

• Re-screen at tender, every load — the cheapest form of continuous monitoring.
• Subscribe to a monitoring service that alerts you when a carrier's authority, insurance, or safety status changes. Carrier411, RMIS, and similar services are built for exactly this — watching your roster and pinging you on material changes.
• Treat monitoring and screening as **two different jobs**: monitoring watches for changes over time; the per-load screen captures the decision-time record. (I wrote separately on [why monitoring isn't the same as documented due diligence](/blog/carrier411-isnt-legal-protection-difference).)

4. Tap shared fraud intelligence

The industry has built networks for sharing bad-actor reports, and they work because fraud is a repeat game — a carrier that burns one broker usually tries the next.

• Watchdog / FreightGuard-style reports (Carrier411 and others) and **TIA Watchdog** let members flag and see fraud, double-brokering, and service-failure reports across the network.
• Load board fraud flags surface entities that have been reported.
• The value is collective: you benefit from everyone else's bad experience before you have your own.

5. Hunt chameleon carriers specifically

A **chameleon carrier** (also called a reincarnated carrier) is an operator with a terrible safety or fraud record that shuts down and re-registers under a new name and DOT number to shed the history. The new entity looks clean — *because it's new* — which is exactly why the FMCSA score alone won't catch it.

How to detect them:

• Cross-reference the new authority against deactivated ones. Shared physical address, phone number, email, officer names, or even the same trucks (VINs) appearing under a prior, deactivated carrier with a bad record are the classic tells.
• Be extra skeptical of brand-new authority combined with any other anomaly — a fleet size that doesn't match the loads bid, contact info that traces back elsewhere, an address that's a known reincarnation hotspot.
• Use private tools that specialize in reincarnation detection — several carrier-vetting and fraud platforms now run cross-entity linkage analysis precisely to surface chameleons, because the linkages live across multiple records that no single public snapshot exposes.

This is the hardest problem in vetting, and — not coincidentally — the one FMCSA is most actively working on (more below).

6. Verify banking and payment details

• Confirm remit-to/banking details and watch for changes — a sudden change in where a carrier wants to be paid is a leading fraud and double-brokering indicator.
• If a **factoring company** is involved, verify the Notice of Assignment and that the remittance matches.

7. Document the work and capture attestations

All of the above is wasted in a courtroom or a vendor audit if you can't prove you did it.

• Write down your carrier-selection standard so "reasonable care" is defined by you.
• Capture a timestamped record of what you screened, when, and by whom — for each load.
• Get the carrier's attestation — its signed representations about insurance, safety, and operating capacity — so that if the carrier lied, your reliance was documented and reasonable.
• Retain the records for years — negligent-selection and fraud claims surface late.

Layer 3, and the point of the whole stack

Layers 1 and 2 reduce the chance you ever onboard a bad actor. Layer 3 — the documented record — is what protects you when the rare bad load slips through anyway, and it's the layer almost everyone skips. The record is the asset. It's the difference between "we have good practices" (a story) and "here is the dated proof we followed them on this carrier" (evidence).

How the private market works *alongside* FMCSA

Here's the framing that ties it together, and it's genuinely a partnership, not a competition:

FMCSA provides the authoritative public backbone. No private company can replicate the federal registration system, the safety rating authority, the SMS/BASIC data, the crash and inspection record, or the insurance filing system. That data is the source of truth, it's free, and it's the foundation a reasonable operator is *expected* to check. FMCSA's job is to maintain it and to improve its integrity — especially its fraud and identity controls.

The private market operationalizes it. Government data, by itself, is a static record you have to know how to read. The private market builds the layer that makes it usable at the speed of freight: identity and fraud verification, real-time insurance confirmation, continuous monitoring, cross-entity chameleon detection, shared bad-actor intelligence, and — critically — the **documented, defensible due-diligence record** that turns a data pull into a decision you can stand behind.

Neither layer replaces the other. FMCSA can't (and shouldn't) build a COI-verification call center or a per-load litigation record for every broker in America. The private market can't issue operating authority or set the national safety standard. The system works when the public backbone is strong and the private layer is sophisticated — each doing what it's built to do.

FMCSA is steering toward this model — on purpose

This isn't wishful thinking. FMCSA has been signaling, for years and with increasing urgency, that it wants a stronger public backbone *and* a healthy private ecosystem layered on top — specifically to identify bad actors, root out chameleon carriers, and make insurance status transparent. A few of the threads:

• Registration system modernization. FMCSA has long pursued a more unified, harder-to-game registration system — the Unified Registration System (URS) effort — explicitly aimed in part at making it harder for chameleon carriers to re-register and evade their history. The agency continues to modernize registration to fight fraud.
• Chameleon carriers are a named target. The GAO flagged, in a well-known report, that FMCSA should expand new-applicant reviews to identify carriers reincarnating to evade detection. FMCSA has been working to identify these linkages — exactly the cross-entity analysis the private market is also racing to provide.
• Fraud and identity crackdown. Amid an explosion of freight fraud and double-brokering, FMCSA has moved to tighten registration identity controls (logins, PINs, identity verification) and has convened the industry on combating fraud. The clear direction: make it harder to *be* a bad actor in the first place, and easier for the market to spot one.
• Broker transparency rulemaking. FMCSA has advanced rulemaking around broker transparency (the 49 CFR 371.3 transaction-records question), part of a broader push toward visibility in the chain.
• Toward data-driven safety determinations. FMCSA has explored moving safety fitness determinations away from infrequent, manual compliance reviews toward continuous, on-road data (the Safety Fitness Determination work, proposed and then withdrawn, and the ongoing SMS reform effort). The throughline is *more data, surfaced faster* — which is precisely what lets the private layer build better tools.

Read together, the message is consistent: FMCSA wants to identify bad actors and surface the information the market needs — chameleon linkages, insurance status, identity — to make informed decisions. The agency provides and improves the data; it expects the market to use it. That's the public/private model, and it's the direction of travel.

The best-practices checklist

For brokers and shippers who want the whole stack, here it is on one page:

• [ ] **Foundation:** Pull the FMCSA record at *tender* (authority, rating, BASICs, OOS, crashes) against a written standard.
• [ ] **Identity:** Confirm the carrier is who they say they are — FMCSA-listed phone/email, entity-name cross-check, a fraud/identity tool for higher-risk loads.
• [ ] **Insurance:** Get the real COI from the carrier's agent, verify it with the agent independently, confirm limits/exclusions, name yourself as certificate holder, cross-check against L&I.
• [ ] **Monitoring:** Re-screen every load; subscribe to change-monitoring for your roster.
• [ ] **Fraud intel:** Check watchdog/FreightGuard/TIA Watchdog and load-board flags.
• [ ] **Chameleon check:** Cross-reference new authorities against deactivated ones (address, phone, officers, VINs); extra scrutiny on new authority + any anomaly.
• [ ] **Banking:** Verify remit-to details; watch for changes; confirm factoring NOA.
• [ ] **Record:** Written SOP, timestamped per-load screen, carrier attestation, multi-year retention.

Where DOTScreener fits — honestly

I'll be precise about this, because the whole point of a public/private stack is knowing what each piece does. DOTScreener lives in **layer 1 and layer 3**: it pulls the FMCSA foundation (QCMobile, L&I filings, OOS orders, authority and census data), evaluates it against a configurable standard, surfaces the red flags and the plaintiff's-eye view, captures the carrier's risk-adaptive attestation, and freezes the whole thing into a **timestamped, retained, audit-logged record.** It's the documented-diligence engine.

It is *designed to sit alongside* the layer-2 mechanisms a broker already owns — your COI verification with the carrier's agent, your monitoring subscription, your fraud/identity tooling. It doesn't verify your COI for you (that's the broker's job, with the agent), and it doesn't replace a dedicated fraud-detection or chameleon-linkage service. What it does is make the *foundation* fast and consistent and turn the entire diligence effort into a defensible record — the layer the market and the courts increasingly demand, and the layer almost everyone skips.

That's the honest version, and it's the right one. Best practices aren't one tool; they're a stack. Build the whole thing, document it, and you're doing what FMCSA, the courts, and common sense all point toward — working alongside the public record instead of stopping at it.

— Mason Lavallet

Founder, DOTScreener.com

---

Sources

• [FMCSA — Registration & the Unified Registration System (URS)](https://www.fmcsa.dot.gov/registration/unified-registration-system) — registration modernization aimed in part at curbing reincarnated carriers
• [GAO — Federal Motor Carrier Safety: Reviews Should Expand to Identify Carriers Evading Detection (chameleon carriers)](https://www.gao.gov/products/gao-12-364)
• [FMCSA — Broker Transparency rulemaking (49 CFR 371.3)](https://www.fmcsa.dot.gov/regulations/rulemaking)
• [FMCSA — Safety Fitness Determination / CSA & SMS reform](https://csa.fmcsa.dot.gov/)
• [FMCSA — Protect Your Move & freight-fraud / double-brokering guidance](https://www.fmcsa.dot.gov/protect-your-move/double-brokering)
• [FMCSA Licensing & Insurance (L&I)](https://li-public.fmcsa.dot.gov/LIVIEW/pkg_menu.prc_menu) — insurance filings and cancellation tracking
• [FMCSA SAFER Company Snapshot](https://safer.fmcsa.dot.gov/CompanySnapshot.aspx) — the public foundation data
• [Transportation Intermediaries Association (TIA) — Watchdog & carrier-selection best practices](https://www.tianet.org/)
• [ACORD 25 — Certificate of Liability Insurance (industry standard COI form)](https://www.acord.org/)