It wasn’t a smashed window or a stolen car that triggered this investigation — it was a refund that didn’t make sense. What started as a single $3,000 transaction unraveled over months into an alleged scheme that police say cost a Connecticut dealership tens of thousands of dollars, exposing how vulnerable even an established operation can be from the inside.
Esteban Naranjo, a 39-year-old former employee of Devan Chevrolet in Wilton, is now facing multiple felony charges after police allege he orchestrated a pattern of fraudulent transactions using the dealership’s own systems. The case isn’t just about one employee accused of crossing a line — it’s a window into how easily internal trust can be turned into an opportunity for financial damage.
How One Refund Raised Red Flags
The situation began with a suspicious refund issued on April 21 through the dealership’s parts department credit card machine. Staff noticed something unusual when the transaction appeared on one report but vanished from another, creating a gap that couldn’t be explained. Management immediately began asking questions. Both Naranjo, who worked at the parts counter, and the department manager claimed no knowledge of the refund — a response that alone was enough to escalate concerns, especially since issuing refunds required a specific code known only to select employees. When the dealership contacted its payment processor, it could identify the card used in the transaction, but not the cardholder’s name. That dead end forced investigators to dig further, and that’s when the case took a turn.
Surveillance and Access Tell a Different Story
Police reviewed surveillance footage from the day of the transaction and focused on activity around the parts counter. According to the investigation, Naranjo appeared to be alone in the area and was observed moving in and out of the space where the credit card terminal was located, with no other employees seen accessing the system during that window. Investigators also confirmed Naranjo had both the access code required to issue refunds and physical access to the department’s equipment — a combination of exclusive access and suspicious activity that shifted the case from a questionable transaction into a targeted investigation.
A Pattern That Expanded Quickly
As investigators dug further, the scope of the alleged activity grew substantially. Dealership records pointed to a series of unauthorized transactions between July 2024 and April 2025 totaling more than $30,900. That figure only tells part of the story: authorities say parts valued at over $37,000 were effectively removed from the system through manipulated purchases and cancellations, a pattern investigators say suggests a sustained effort rather than a single lapse in judgment. It also underscores how internal access can be exploited repeatedly when safeguards are limited or simply go unchecked.
Customers Caught in the Middle
The fallout didn’t stop at the dealership’s balance sheet. In the days after Naranjo’s termination, multiple customers reportedly came forward demanding answers, claiming they had paid him directly for parts and services through apps like Zelle and Venmo, expecting legitimate work in return. In one case, a customer says they were charged significantly more than an initial repair quote and promised a refund that never arrived — a transaction that appeared briefly before disappearing, mirroring the original $3,000 refund that triggered the entire investigation. Situations like these left customers who believed they were dealing with a trusted dealership employee instead caught in disputes with little immediate resolution.
Following the Digital Trail
The investigation didn’t rely solely on internal dealership records. Police traced the credit card used in the alleged fraudulent transactions to a PayPal-linked account and obtained financial records through subpoenas, which reportedly showed multiple credits tied directly to the dealership’s payment system, reinforcing a connection between the unauthorized refunds and the account receiving the funds. Additional data extracted from Naranjo’s phone reportedly showed searches and messages related to financial issues, payment platforms, and credit card use during the relevant timeframe — details that, while not conclusive on their own, helped investigators build a timeline aligning with the dealership’s reported losses.
Charges and Where the Case Stands
Naranjo now faces a lengthy list of charges, including larceny, forgery, computer crimes, and illegal use of a payment card, several of which are classified as serious felonies reflecting the scale and complexity of the alleged scheme. He was released on a $50,000 bond after his arrest and is scheduled for a court appearance in November. Police noted he declined to participate in interviews during the investigation and did not unlock his phone when requested. The legal process is still unfolding, but the scope of the charges signals how seriously authorities are treating the case.
Why This Hits the Industry Hard
For dealerships and independent shops, this case hits uncomfortably close to home. The automotive service world runs heavily on trust, not just between businesses and customers, but within the teams keeping day-to-day operations moving. When an employee with long tenure — in this case, more than 15 years — is accused of exploiting that trust, it raises hard questions: how many dealership systems rely on access codes and internal controls that aren’t regularly audited? How often do financial processes get assumed to be secure simply because they’ve worked without incident in the past?
For enthusiasts and everyday drivers, the takeaway is just as relevant. Whether you’re buying parts, paying for repairs, or trusting a shop with your vehicle, transparency in how you pay matters. Direct payments made outside a business’s official systems — straight to an employee’s personal payment app, for instance — can carry risks that aren’t obvious until something goes wrong and there’s no paper trail to fall back on.
A Bigger Problem Than One Dealership
This isn’t just a local story about one employee and one dealership. It reflects a broader issue across the automotive world, where digital payments, internal systems, and human access points intersect in ways that can be exploited. As more transactions move through apps and electronic systems, the opportunity for misuse tends to grow right alongside the convenience. Dealerships and shops are expected to move fast and handle high transaction volumes, and that speed can sometimes come at the expense of the oversight that would otherwise catch a scheme like this sooner.
At the center of this case sits a simple, uncomfortable reality: the biggest threat to a dealership isn’t always external. Sometimes it’s sitting behind the counter with the keys, the codes, and the trust of everyone around them. The real question now is whether the industry tightens those internal safeguards, or whether cases like this keep surfacing one suspicious transaction at a time.
