KeelwaySign in
Carrier vetting

How to vet a carrier

Shafay Ahmed··12 min read·FMCSACarrier vettingFraud preventionOperations

Carrier vetting is the single highest-leverage risk-reduction activity in freight brokerage. A broker who consistently checks authority, insurance, and identity before booking eliminates the majority of preventable cargo claims and double-brokering incidents. A broker who skips it is pricing that risk invisibly into every load they touch.

This guide covers the complete pre-booking process — FMCSA authority checks, BOC-3 verification, insurance currency, MC-DOT mismatch detection, chameleon carrier signals, email domain age, and address verification — followed by real-time inbox scoring and post-booking monitoring. By the end you will have a repeatable sequence you can run in under ten minutes per carrier, or automate entirely.

Why carrier vetting fails in practice

The failure mode is not ignorance — brokers generally know they should check FMCSA. The failure mode is volume and speed. A busy rep handling 40 carrier replies on a single posted load cannot run a 10-step manual check on every one. The result is a shortcut: a quick SAFER lookup on authority status, a glance at the insurance tab, and a booking. That two-step check misses chameleon carriers, MC-DOT mismatches, domain-age signals, and most identity fraud.

The solution is a defined sequence — fast enough to run in practice — combined with tooling that automates the data-pull steps so the broker focuses on judgment, not lookup.

Step 1: Confirm active operating authority on FMCSA SAFER

The authoritative source is safer.fmcsa.dot.gov. Enter the MC or DOT number from the carrier's email. Confirm:

  • Operating authority status is Active.
  • Entity type matches what the carrier told you (e.g., a carrier claiming to be a motor carrier should show carrier authority, not broker authority only).
  • The legal entity name is consistent with the email, letterhead, and rate confirmation the carrier sent.

A status of "Revoked," "Inactive," or "Pending" means the carrier cannot legally move your freight. Full stop.

Step 2: Verify the BOC-3 process agent filing

A BOC-3 designates a legal process agent in each state. FMCSA requires it for interstate operating authority. It is visible on the SAFER snapshot under the "Insurance" tab. If no BOC-3 is on file, the carrier's authority is technically deficient regardless of the status field. In practice this is uncommon for established carriers, but it is worth a 10-second scan.

Step 3: Check insurance currency — not just what's on file

FMCSA shows insurance filings, but filings are not the same as active coverage. A carrier can let a policy lapse and the SAFER record may not update for several days. The reliable check is direct confirmation: call the insurer on the SAFER filing and ask for certificate of insurance for the current date. Alternatively, services like QCMobile provide real-time insurance status via API, which is what automated vetting tools use.

The minimum coverage thresholds vary by commodity and equipment type. For general freight in a dry van: $750,000 liability. For hazmat: $5 million. Cargo coverage minimums vary by shipper contract. Always confirm the coverage amount, not just that a policy exists.

Step 4: Cross-reference MC and DOT numbers

An MC-DOT mismatch is a fraud technique where the MC number and DOT number provided belong to different legal entities. The fraudster uses a DOT number with a clean safety record alongside an MC from a different (often newer, lower-scrutiny) entity. The SAFER lookup on each number individually may look clean; the mismatch only shows when you cross-reference both.

The check takes 60 seconds: look up the MC on SAFER, note the legal name and address. Look up the DOT on SAFER, confirm the same legal name and address. If they diverge, decline or escalate.

Step 5: Check authority age against equipment count

The SAFER snapshot shows the date operating authority was granted. A carrier whose MC was issued within the last 12 months but who claims to operate a fleet of 20 or more trucks warrants closer inspection. Organic fleet growth takes time. The combination of a new MC and an implausibly large fleet is one of the primary signals of a chameleon carrier — one that shut down a prior authority and reopened under a new MC to escape enforcement history.

Step 6: Screen for chameleon carrier signals

This step goes beyond a single SAFER lookup. The goal is to check whether the principal officer, registered address, or phone number on the new MC matches any revoked or suspended carrier in FMCSA records.

Manually this requires searching SAFER by company name and cross- referencing officer names — time-consuming but possible. Automated carrier trust tools (including Keelway's carrier trust score) run this cross-reference automatically on every inbound email. The output is a flag on the ranked carrier list before the broker opens the message.

For the full fraud taxonomy, see Anatomy of a Fraudulent Carrier Email.

Step 7: Verify the email domain age

A domain registered within the past 30 days combined with a new MC authority and a large claimed fleet is a three-signal red flag. Run a WHOIS lookup (whois.domaintools.com or any registrar lookup) on the domain in the carrier's email address. Note the registration date.

A legitimate carrier with a 5-year operating history does not typically run on a 3-week-old domain. The exception: large carriers sometimes rebrand or consolidate, so a new domain alone is not disqualifying — it is a prompt to ask a follow-up question.

Step 8: Confirm the physical address

Paste the registered business address from SAFER into Google Maps or a satellite view. Common findings:

  • Residential address: Not uncommon for small owner-operators, but a 20-truck carrier registered at a house is unusual. Worth a call.
  • Virtual office suite: Mailboxes Etc, Regus, UPS Store suite numbers. These are used by legitimate small businesses and by fraudsters in equal measure. Proceed with extra scrutiny.
  • Address does not exist: Hard decline.

Step 9: Review CSA BASIC scores

FMCSA's Compliance, Safety, Accountability (CSA) program measures seven BASICs: Unsafe Driving, Hours-of-Service Compliance, Driver Fitness, Controlled Substances/Alcohol, Vehicle Maintenance, Hazardous Materials Compliance, and Crash Indicator. Scores above the alert threshold in two or more BASICs indicate a carrier with elevated risk across multiple dimensions.

CSA scores are available on SAFER under the "SMS Results" link. A carrier with clean authority and insurance but flagged CSA scores is not a fraud risk — it is a safety and claims risk. The decision depends on your brokerage's risk tolerance and the commodity.

Real-time scoring at email arrival

Running these steps manually on 40 carrier emails per load is not realistic at production volume. Carrier email automation tools parse the MC number from every inbound email, hit the FMCSA and insurance APIs in real time, and surface authority status, insurance currency, authority age, equipment-count mismatch, and domain age as a trust score — all before the broker opens the message. The broker sees a ranked list of carriers sorted by trust score and offered rate, with flags on anything that warrants a second look.

This does not replace human judgment for borderline cases. It removes the data-retrieval burden so that human judgment is applied to the right decisions.

Post-booking monitoring

Carrier vetting is not a one-time check at booking. Authority can be revoked mid-transit. Insurance policies can lapse. A carrier that passed all pre-booking checks can become non-compliant between the time you award the load and the time it delivers.

Post-booking monitoring services watch the MC numbers in your active load portfolio and alert you in real time to authority revocations, insurance cancellations, or new out-of-service orders. If a carrier goes inactive while hauling your freight, you need to know immediately — not during the post-claim investigation.

For the structured checklist version of this process, see the carrier vetting checklist.

What tools automate this

The automation layer divides into three categories:

  • FMCSA API access: QCMobile provides a developer API for real-time authority and insurance lookups. Direct FMCSA API access is available for registered users. Both can be integrated into TMS platforms or brokerage tooling.
  • Email parsing + scoring: Tools like Keelway parse carrier emails on arrival, extract MC numbers, and score each carrier before the broker reviews the inbox. The ranked output replaces the raw email triage.
  • Ongoing monitoring: MyCarrierPortal, Highway, and similar services provide continuous monitoring with alert triggers on authority and insurance changes.

The decision of which layer to buy versus build depends on TMS integration requirements. For brokerages running on McLeod, Tai, or Aljex, the integration surface is well-documented. For smaller shops running on spreadsheets, email-native tooling like Keelway is the lower-friction path.

Frequently asked questions

How do I vet a carrier before booking a load?+

Start with FMCSA SAFER: confirm operating authority is active, insurance is on file, and authority has not been revoked in the past 24 months. Then check authority age relative to equipment count, look up the principal officer against known revoked MCs, verify the email domain age, and confirm the physical address is real. Five minutes of pre-booking checks removes the majority of fraud risk.

What is the FMCSA SAFER system and how do I use it?+

SAFER (Safety and Fitness Electronic Records) is FMCSA's public database at safer.fmcsa.dot.gov. Enter a carrier's MC or DOT number to get operating authority status, insurance filings, safety ratings, inspection history, and crash data. It updates daily and is the authoritative source for whether a carrier is legally authorized to haul your freight.

What is a BOC-3 filing and why does it matter?+

A BOC-3 is a process agent designation — it identifies a legal representative in each state who can accept service of process on the carrier's behalf. FMCSA requires it for operating authority. A carrier without an active BOC-3 on file cannot legally be granted interstate operating authority, so its absence is an immediate red flag.

How do I verify a carrier's insurance?+

FMCSA's SAFER snapshot shows the insurance filings on record, including the insurer name and policy number. For active coverage confirmation, call the insurer directly or use a service like QCMobile that provides real-time insurance status. The critical check is whether coverage is currently active, not merely on file — policies lapse, and FMCSA records can lag by days.

What is an MC-DOT mismatch and how do I detect it?+

An MC-DOT mismatch happens when the MC number and DOT number in a carrier's email or packet belong to different entities. Fraudsters sometimes combine a legitimate DOT (with a good safety record) with a different entity's MC number to create a false impression of clean authority. Cross-reference both numbers on SAFER to confirm they belong to the same legal entity.

How old should a carrier's email domain be before I book them?+

There is no fixed threshold, but a domain registered within 30 days of the email contact is a significant red flag. Legitimate carriers operating long enough to have an established fleet generally have domains that are at least 12 months old. Free-account email addresses (Gmail, Yahoo, Outlook) from a carrier claiming to run 10+ trucks warrant extra scrutiny but are not disqualifying on their own.

Can I automate carrier vetting at the inbox stage?+

Yes. Tools like Keelway parse the MC number from every inbound carrier email, pull live FMCSA and insurance data, and surface a trust score before the broker opens the message. Authority age, insurance currency, principal officer overlap, and domain age checks all run automatically. This compresses the manual vetting process from several minutes per carrier to a visual scan of a ranked list.

What is post-booking carrier monitoring?+

Post-booking monitoring checks whether a carrier's authority status, insurance coverage, or safety rating changes after you award a load but before delivery. Authority revocations and insurance cancellations can happen mid-transit. Monitoring systems alert the broker in real time so they can intervene before a load is stranded or a claim becomes uncollectable.

Does carrier vetting apply to every load or just large ones?+

Every load. The marginal cost of a FMCSA authority check is under 30 seconds. The marginal cost of a cargo claim on an unverified carrier is thousands of dollars plus the time to fight a denied insurance claim. The check should be part of the default workflow regardless of load size.

What is a chameleon carrier and how does it affect vetting?+

A chameleon carrier has shut down one MC authority — usually under enforcement pressure — and reopened under a new MC with a new name. The new MC shows clean on SAFER because the compliance history belongs to the old authority. Chameleon detection requires cross-referencing the principal officer and address against revoked MCs, which is not surfaced by a standard SAFER lookup.

Automate carrier vetting at the inbox.

Every carrier scored before you open the email.

Request access

Related

Carrier vetting checklist (25-point)

The structured checklist version — organized by authority, insurance, identity, and communication patterns.

What is double brokering?

Definition, legal status, and how to detect double-brokering from email patterns before it happens.

What is a chameleon carrier?

How carriers reincarnate under new MCs to escape enforcement — and the three signals that give them away.

Anatomy of a fraudulent carrier email

Seven red flags on any inbound carrier quote — the broader fraud taxonomy for broker inboxes.