It wasn’t a smashed window or a stolen car that triggered this investigation — it was a refund that didn’t make sense. What started as a single $3,000 transaction quickly unraveled into a months-long alleged scheme that cost a Connecticut dealership tens of thousands of dollars and exposed how vulnerable even established operations can be from the inside.
Esteban Naranjo, a 39-year-old former employee of Devan Chevrolet in Wilton, is now facing multiple felony charges after police say he orchestrated a pattern of fraudulent transactions using the dealership’s own systems. The case isn’t just about one employee crossing a line — it’s about how easily trust inside a dealership can be turned into an opportunity for financial damage.
How One Refund Raised Red Flags
The entire situation began with a suspicious refund issued on April 21 through the dealership’s parts department credit card machine. Staff noticed something unusual when the transaction appeared on one report but vanished from another, creating a gap that couldn’t be explained.
Management immediately began asking questions. Both Naranjo, who worked at the parts counter, and the department manager claimed no knowledge of the refund. That alone was enough to escalate concerns, especially since issuing refunds required a specific code known only to select employees.
When the dealership contacted its payment processor, it was able to identify the card used in the transaction but not the cardholder’s name. That limitation forced investigators to dig deeper, and that’s when things started to take a turn.
Surveillance and Access Tell a Different Story
Police reviewed surveillance footage from the day of the transaction and focused on activity around the parts counter. According to the investigation, Naranjo appeared to be alone in the area and was seen moving in and out of the space where the credit card terminal was located.
No other employees were observed accessing the system during that time. Investigators also confirmed that Naranjo had both the access code required to issue refunds and physical access to the department’s equipment.
That combination — exclusive access and suspicious behavior — quickly shifted the case from a questionable transaction to a targeted investigation.
A Pattern of Transactions Emerges
As investigators dug further, the scope of the alleged activity expanded dramatically. Dealership records pointed to a series of unauthorized transactions between July 2024 and April 2025 totaling more than $30,900.
But that figure only tells part of the story. Additional losses tied to parts inventory, invoicing, and voided transactions pushed the total financial impact even higher. Authorities say parts valued at over $37,000 were effectively removed from the system through manipulated purchases and cancellations.
The pattern suggests a sustained effort rather than a one-time lapse in judgment. It also highlights how internal access can be leveraged repeatedly when safeguards are limited or overlooked.
Customers Caught in the Middle
The fallout didn’t stop at the dealership’s balance sheet. In the days after Naranjo’s termination, multiple customers showed up demanding answers. They claimed they had paid him directly for parts and services using payment apps like Zelle and Venmo, expecting legitimate work in return.
In one case, a customer was charged significantly more than an initial repair quote and was promised a refund that never arrived. The transaction appeared briefly before disappearing, mirroring the earlier $3,000 refund that triggered the investigation.
These situations put customers in a difficult position. They believed they were dealing with a trusted dealership employee, only to find themselves caught in a dispute with little immediate resolution.
Digital Evidence and Financial Trails
The investigation didn’t rely solely on internal records. Police traced the credit card used in the fraudulent transactions to a PayPal-linked account and obtained financial records through subpoenas.
Those records showed multiple credits tied directly to the dealership’s payment system, reinforcing the connection between the unauthorized refunds and the account receiving the funds. Additional data extracted from Naranjo’s phone revealed searches and messages related to financial issues, payment platforms, and credit card use during the same timeframe.
While those details don’t tell the entire story, they helped investigators build a timeline that aligned with the dealership’s reported losses.
Charges Stack Up Quickly
Naranjo now faces a long list of charges, including larceny, forgery, computer crimes, and illegal use of a payment card. Several of those charges are classified as serious felonies, reflecting the scale and complexity of the alleged scheme.
After his arrest, he was released on a $50,000 bond and is scheduled for a court appearance in November. Police also noted that he declined to participate in interviews during the investigation and did not unlock his phone when requested.
The legal process is still unfolding, but the charges alone signal how seriously authorities are treating the case.
Why This Hits the Industry Hard
For dealerships and independent shops, this case hits close to home. The automotive service world runs heavily on trust — not just between businesses and customers, but within the teams that keep operations moving.
When an employee with long-term tenure — in this case more than 15 years — is accused of exploiting that trust, it raises uncomfortable questions. How many systems rely on access codes and internal controls that aren’t regularly audited? How often are financial processes assumed to be secure simply because they’ve worked in the past?
For enthusiasts and everyday drivers, the takeaway is just as important. Whether you’re buying parts, paying for repairs, or trusting a shop with your vehicle, transparency matters. Direct payments outside official systems can carry risks that aren’t obvious until something goes wrong.
A Bigger Problem Than One Dealership
This isn’t just a local story about one employee and one dealership. It reflects a broader issue in the automotive world where digital payments, internal systems, and human access points intersect in ways that can be exploited.
As more transactions move through apps and electronic systems, the opportunity for misuse grows alongside convenience. Dealerships and shops are expected to move fast and handle high volumes, but that speed can sometimes come at the expense of oversight.
The Question Moving Forward
At the center of this case is a simple but uncomfortable reality: the biggest threat to a dealership isn’t always external. Sometimes it’s sitting behind the counter with the keys, the codes, and the trust of everyone involved.
The real question now is whether the industry is willing to tighten those internal safeguards — or if cases like this will keep surfacing, one suspicious transaction at a time.
Source
About the Author
