Tuesday, October 9, 2018

How Electronic Key Control Attracts Millennials to Your Service Department

Car in Front of Two Gates to Authorized Certified Auto Service
Millennials are about to reach a new milestone: the largest living adult generation. If your service department isn’t targeting this demographic, you risk losing millennial customers to independent mechanics.

It’s important to be aware that millennials are more cost conscious than older generations give them credit for. In fact, 73 percent of millennials say they create a budget and stick to it. This dedication to budgeting can be challenging to the service drive, since 64 percent of millennials are surprised at the cost of vehicle maintenance. However, the fact that millennials aren’t spendthrifts doesn’t have to be bad news — consumers of all ages are willing to pay up to 16 percent more for a quality experience. To get more millennials coming back to your service drive (and telling their friends and family about your dealership), you have to prioritize customer service, and key control is a big part of that.

What Is a Quality Customer Experience?


Speed and efficiency are the top factors that contribute to a good experience. On the flip side, lack of trust significantly contributes to a negative experience. For a service department, building trust is especially important because millennials are more emotionally attached to their vehicles than any other generation — 40 percent have even named them.

Why Key Control Affects the Customer Experience


Key control plays a pivotal part of the customer experience since it affects speed, efficiency and trust alike. If you keep keys to customers’ vehicles in an insecure place, such as on a pegboard, without an effective way to track who has them and when, that’s a customer experience disaster waiting to happen. Ask yourself the following questions about the key control practices in your service department:

  • How much time do you spend looking for lost keys?
  • Do employees handle keys responsibly (e.g., never leaving them unattended or inside the unlocked car)?
  • If an employee removes a key and drives a customer vehicle for non-work-related purposes, will you ever know about it?
  • How easy would it be for someone to get hold of keys and steal a customer vehicle?

If you don’t treat millennials’ vehicles with care and respect, you’ll lose their trust and they’ll never return.

How Mismanaging Keys and Vehicles Damages Customer Trust


Not having the proper controls in place is inefficient, and you risk breaking the customer’s trust in your dealership. Imagine having to explain to a customer why she saw a service employee speeding by in the customer’s own car or why a thief was able to steal the keys to a customer's vehicle while it was in service and total it. These are real scenarios that happened because the dealerships involved didn’t have the proper key control practices in place. As a result, they lost trust not only with the customers whose vehicles were stolen but also with other customers who read about the incidents in the news.

If you can provide a quality customer experience built on trust and accountability, however, you can win over millennials as loyal customers — even if you charge more than the independent mechanic down the street.

To learn how to solve customer experience issues related to key control in the service department and beyond, download our white paper “Three Unexpected Ways Your Dealership Alienates Next-Generation Buyers.”

Wednesday, September 19, 2018

Dealership Craigslist Scam: Is Someone Selling Your Cars out From Under You?

Scam Alert graphic
How would you like to sell more vehicles off your dealership’s lot? This proposition sounds like a no-brainer, but what if your salespeople aren’t the ones selling them? And what if you don’t even know the vehicles have been sold?

Online marketplaces such as Craigslist, eBay Motors and Facebook Marketplace give you more ways to reach potential customers before they set foot in your store, but they’ve also given scammers a whole new way to take advantage of unsuspecting victims — including your dealership.

Fraudulent online vehicle sales have become so common and costly that the FBI Internet Crime Complaint Center issued a warning to consumers. The warning describes how scammers will post photos of vehicles that aren’t in their possession and trick consumers into sending the money by providing a seemingly legitimate explanation of why the transaction is time sensitive. Of course, after the victim sends the money to the scammer, they never receive the vehicle they’ve purchased.

Now, some thieves are going to even greater lengths to carry out online vehicle scams.

How Thieves Sell Vehicles Right off a Dealer’s Lot


A man in Dallas, TX wanted to buy a truck. He started his search online and ended up purchasing a
truck he found on Craigslist. Unlike the victims of the scams described in the FBI’s warning, this man actually received the vehicle he’d purchased. The problem was it had come from a dealership in Huntsville, TX, and the dealership wasn’t aware the truck had been sold to the Dallas man.

The vehicle was one of several that had gone missing from the dealership’s lot, so the police conducted a surveillance operation. During the investigation, police uncovered the scam that led to the dealership’s vehicles being sold on Craigslist. Here’s how the scam works:

  • A thief lists vehicles from the dealer’s lot for sale on Craigslist.
  • The thief fields inquiries from interested parties.
  • After finding a buyer, the thief steals the vehicle from the dealership’s lot and sells it to the victim.

While this type of scam requires more effort on the thief’s part, it’s also easier for the scheme to go undetected. If a buyer never receives the vehicle they’ve paid for, they’ll know immediately that they’ve been scammed. If they receive a stolen vehicle, they often don’t realize it until later.

What You Can Do to Protect Your Dealership From Online Scams


There are two primary ways to protect your dealership from online vehicle sale fraud.

Protect Your Images

When consumers are searching for vehicles to buy, most prefer photos of the actual vehicle rather than stock photos. If thieves are able to steal photos of your inventory from your website or social media sites, that helps their listings look legitimate. There are a few steps you can take to prevent and detect photo theft:

  • Watermark your images.
  • Add a copyright notice.
  • Disable right click to prevent someone from downloading images (granted, this only works on your website, not on social media).
  • Do reverse image searches using Google Images to see if your photos are being used online without your permission. (To search by image, click the camera icon and either paste in the image’s URL or upload the file.)
Screenshot of Google Search by Image feature
Google Reverse Image Search

Of course, some of these steps are time-consuming and impractical. For example, your time is better spent selling vehicles than doing frequent reverse image searches of all your inventory.

Protect Your Keys

Key attached to key tag
Key Attached to Key Tag With Steel Ring
The most effective way to avoid vehicles being stolen from your lot is to make it more difficult for thieves to take the keys. Some thieves familiarize themselves with where your keys are kept or wait for someone to leave them unattended on a desk or counter, swiping them when the opportunity arises. Others use the key-swap scam, where they ask for the keys to a vehicle under the guise of inspecting or test driving it. They then hand the salesperson a dummy key and return later to steal the vehicle.

To thwart thieves, use an electronic key control method that allows only authorized users to access keys. Look for a system where keys are attached via a stainless steel ring to a system component such as a key tag to prevent a thief from swapping the key with a dummy key.

By taking these steps to secure your inventory, you can save your dealership thousands in inventory loss and help protect unsuspecting buyers from scammers.

Thursday, September 13, 2018

Five of the Most Insecure Places to Store Your Business’s Keys

Keys hanging on hooks on wall
When you get home after a long day, what do you do with your keys? Do you toss them on a table near the door? Hang them on a hook in the entryway? Leave them in your purse or briefcase? Place them in a locked safe in a closet? If you’re like most people, your answer is probably one of the first three options. The reason is simple: Those places are convenient. Not many people take time to think about the most secure place to put their keys because they feel safe at home.

Unfortunately, that attitude of prioritizing convenience without regard to security often carries over into the workplace, and it’s risky. Failing to seriously consider where you keep your organization’s keys and how you control access to them — and by extension, the facilities, assets and data they protect — is asking for a security breach or theft.

If you’re wondering where you shouldn’t keep your keys, we’ve compiled a list of places organizations have stored keys that were later stolen. By learning from their mistakes, you’ll save yourself time, money and headaches.

Unlocked Box


If you keep important files or assets in a locked file cabinet, it may seem like it makes sense to throw the keys in a box, where the key is out of sight but still easily accessible. Unfortunately, we learned from one Florida police department that this approach comes with a greater risk of theft. The department kept confiscated cash in a locked filing cabinet and stored the keys in an unlocked box. Eventually, the keys disappeared, along with more than $225,000. Police suspected a civilian employee, but there wasn’t a verifiable audit trail to link the employee to the theft.

Plastic Tub


Plastic tubs are helpful for organizing office supplies, but they’re not ideal for storing keys. One university learned this lesson the hard way. While it was rekeying buildings after several keys had been stolen, a janitor reported that a plastic tub containing more keys had gone missing. The university then had to rekey a second time.

Desk Drawer


When you pack up for the night, it’s easy to throw keys in a desk drawer. Maybe that’s not their permanent home, and you reason that you’ll put them back in their proper place in the morning. However, that window of opportunity could be just what thieves need. At one dealership, a group of teens broke in one night and had no trouble stealing seven vehicles because they found the keys in desk drawers.

Cupholder


Putting keys in a vehicle’s cupholder is tempting if you know you’re going to be returning soon or if multiple people need access to the keys. However, drivers leaving keys in the cupholders of unlocked cars is a common reason for auto theft.

If you keep other types of keys on the ring, that puts other assets or facilities at risk as well. For example, a set of master keys was stolen from a university after an employee left the key ring in the cupholder of a golf cart he’d been driving. It was standard for the keys to be kept there so employees could easily access them. Unfortunately, it was also easy for the thief to take the keys without detection, and the investigation had to be suspended due to a lack of witnesses or suspects.

Bag or Briefcase


While it’s acceptable to keep a few business keys — such as the keys to your office, a filing cabinet and the fleet vehicle you’re driving for the day — in your bag or briefcase (assuming you don’t leave it unattended), it’s risky to routinely carry a complete set of business keys. For example, you wouldn’t want to tote around the keys to all the offices in your suite or all the vehicles in your fleet.

However, some people continue to do just that, whether because they prefer to take keys home with them at the end of each day or because they haven’t found a better place to keep them. This poor key control practice led to a nightmare for one dealership manager and an employee after they left a bag of vehicle keys on an office desk while they went to unlock the dealership’s gates one morning. By the time they returned, the keys were gone.

These examples of key control gone wrong are by no means exhaustive — there are countless other places you shouldn’t keep your business's keys. If you’re not sure if your method of managing keys is secure, ask yourself these three questions:
  • Is it difficult for unauthorized people to access keys?
  • Is it easy to prove who has used each key and why?
  • Can you immediately recognize when a key has gone missing?
If you answered no to any of these questions, it’s time to improve your key management. You might not have experienced a security breach related to lost or stolen keys yet, but that doesn’t mean you won’t. Is the illusion of convenience worth that risk?

Thursday, July 12, 2018

Customer Tip: How to Add and Delete KeyTrak Users

Man touching plus and minus symbols on screen
In its 2018 Data Breach Investigations Report, Verizon reported that 11 percent of breaches involved physical actions, and 28 percent of breaches involved internal actors. Considering that access control and identification are two of the four layers vital to physical security, those are concerning figures. Without proper identity management, there will be security gaps in your access control — the two work hand in hand.

The facts above illustrate why it’s important to manage who can access your KeyTrak system. To add and delete users, your system administrator should follow the steps below. (If you’re not sure how to designate a system administrator, read this post.)

Adding Users


When adding a new user, follow the principle of least privilege. In other words, a user should have the minimum level of access privileges required to do their jobs.

To add a new user to your KeyTrak system:

  • Navigate to "Data Maintenance".
  • Select "Users".
  • Click "Add".
  • Create a user ID and password. You may also add up to two fingerprints and/or a fob for user authentication. Some of the most secure combinations are fingerprint and password (most secure), fingerprint and fob, or fob and password.
Add users screenshot

To make setting up new users more efficient, establish user profiles for specific job types. KeyTrak user profiles can control system access, asset access, power access, checkout reasons and login options. For example, only management should have authorization to power off the KeyTrak system or access drawers with spare keys in them. To control profile settings, login options and other user settings, choose the "Profiles" option in the Administration menu. For guidance on setting access levels for each position, contact KeyTrak support.

Deleting Users


When an employee or contractor ends their employment with your organization, it’s critical that you revoke their access privileges immediately. If you don’t, employees could use their knowledge of your organization’s access control procedures to steal data, keys or money. We’ve seen it happen at hospitals, a dealership, an oilfield service company, a public works organization, an assisted living facility, the postal service and more.

To remove a user from your KeyTrak system:

  • Navigate to "Data Maintenance".
  • Select "Users".
  • Click "Delete".
  • Check "Yes".
  • Click "Remove".
Delete users screenshot

By staying on top of adding and removing users from your KeyTrak system, you’ll improve your physical security and reduce the odds of becoming one of the 28 percent of organizations whose employees caused a breach.

Friday, June 15, 2018

How Inadequate Key Control Puts Hospital Patients at Risk

Cabinet with pill bottles next to hanging keysFrom cyber attacks to active shooter threats, ensuring hospital security is more challenging than ever. Plus, you have to worry about HIPAA compliance and rising insurance costs that are influenced by treatment outcomes and patient feedback.

To reduce your risk, you need to reduce security threats that could impact patient care and satisfaction. You likely have someone to mitigate external cybersecurity threats, and it’s just as important for you to address internal physical security threats. Your facility has probably invested in physical security measures like cameras, metal detectors, public safety officers and training. But how well do these measures prevent employees from misusing facility keys? Let’s take a look at how poor key control intensifies two major risks to your facility and your patients.

Major Hospital Risks


Drug Diversion

With the rise of the opioid epidemic, more medical professionals are diverting drugs. According to DEA data, employee pilferage accounts for 22 percent of drug thefts or losses. Doctors, nurses and pharmacy staff within the VA’s network of over 160 medical centers and 1,000 clinics allegedly stole controlled substances for personal use or to sell. In some cases, this impacted patient care.

In fact, the CDC warns that when doctors or nurses abuse their access to narcotics, patients suffer due to substandard care and infection risks. Since 2005, there have been five separate infection outbreaks caused by healthcare workers contaminating injection equipment and supplies that were then used on patients.

In light of these risks, the DEA does not take drug diversion lightly. It opened an investigation against Effingham Health System for allegations that the hospital’s lax controls allowed employees to divert controlled substances. The investigation resulted in a settlement of $4.1 million. Consider how well your controls could withstand an investigation in a similar situation.

Device Theft or Loss

Data breaches are another risk that could affect patient satisfaction and increase your liability. Every year, security events cost U.S. hospitals approximately $1.6 billion. Of those, 38 percent are related to physical security. Believe it or not, healthcare is the only industry where more breaches are caused by insiders (56 percent) than by external threats. In 2017, 90 percent of the healthcare physical security incidents were thefts of assets such as laptops, portable devices and paper documents. The thefts took place in work areas such as offices 36 percent of the time.

For example, a former IT employee of Chilton Medical Center stole computer equipment from the hospital, including a hard drive he later sold online. The device contained records for 4,600 patients over the course of nine years. At North Texas Comprehensive Spine and Pain Center, a former employee stole an external hard drive from a doctor’s office, compromising the personal information of around 3,000 victims. Both of these examples demonstrate that employee accountability is critical to protecting patient information.

Mitigating Risks With Key Control


Certain employees do have a legitimate need to access keys for areas where narcotics, sensitive data or other sensitive assets are stored. But are you certain employees always use their keys for the authorized purpose? Can other employees gain access to those keys?

To protect your facility from liability and protect patients’ well-being, it’s critical to maintain employee accountability for key usage. The best way to do so is to create an automatic audit trail of key use that’s not vulnerable to human error or manipulation. Electronic key control systems help meet this objective.

Unlike traditional key storage methods such as desk drawers or pegboards, electronic key control systems typically consist of a metal drawer or wall-mounted panel that physically locks down keys. Some even allow you to set up access levels to ensure that people are only retrieving the keys they need to perform their job duties.

In addition, if someone checks out a key outside their shift hours when they have no need to do so, or if they have a key checked out for longer than they should, you can be immediately alerted by text or email. The system is fully automated, so if a security incident occurs, the automatic audit trail can aid in an investigation by providing a report of who checked out keys and when.

If employees abuse their access privileges and you don’t have adequate key control measures in place, are you prepared to answer to patients whose health or privacy has been compromised? Can you absorb the cost of compliance fines, rising insurance costs and more?

Tuesday, June 5, 2018

Holding Mail Carriers Accountable to Reduce Identity Theft

Mailboxes lined up on street corner
Private mail is a treasure trove of information for identity thieves. There are medical bills, credit card statements, checks, ID documents and more.

In Yonkers, NY, 85 people have been victims of mail theft so far, resulting in $660,000 in losses. Police arrested three men who stole 10 public mail bins — but the thefts continued. The officials involved in the investigation reported that it’s possible the thieves obtained a master key through ties to former employees of the postal system.

Unfortunately, it’s not uncommon for identity thieves to exist within the postal service itself. Employees have access not only to high volumes of mail but also master keys to public mail bins and cluster box units (CBUs). The Postal Inspection Service reports that in 2017, there were 1,145 cases of mail theft. From October 2016 to September 2017, the Office of Inspector General investigated 1,364 internal mail thefts — that’s 119 percent of the thefts from the Postal Inspection Service’s reporting period!

Fortunately, there’s a way you can address and prevent these thefts.

How to Reduce Insider Threats Through Key Control


Ensuring the safety of delivery equipment such as post office boxes, collection boxes and CBUs requires that you hold employees accountable for how they use keys. An effective key control policy requires that employees:

  • Only have access to keys required for their jobs
  • Use keys for the intended purposes
  • Report lost or stolen keys as soon as possible
  • Return keys at the end of their shifts

To reduce the risk of insider threats, the manual steps involved in meeting these goals should be automated wherever possible. Here are a few examples of how electronic key control helps improve employee accountability:

  • User Profiles — Rather than manually issuing keys, an electronic key control system controls access to keys based on specific user profiles. The system will also record when a key is removed, who removed it and when it’s due for return. To capture this information, some systems might require you to scan a key tag to update the log, while others will automatically record the transaction when the key is removed from the system. Again, the fewer manual steps required, the more secure the process is.
  • Real-Time Alerts — If the key is not returned when it’s due, some systems will send designated personnel a text or email alert.
  • Verifiable Audit Trail — Ensuring you have a verifiable audit trail of key usage can help with investigating security breaches. Even if someone accesses a key without going through the appropriate channels, the audit trail will help you identify who has used each key in the past and demonstrates that you took reasonable efforts to control access to your assets.

By implementing these measures, you can help ensure that employees use keys for their intended purpose. You owe it to citizens to minimize the risk of their personal information being stolen.

Tuesday, May 22, 2018

Customer Tip: This One Item Improves the Way Your Dealership Stores Smart Keys

Keyless entry systems are all about convenience, but are they making key control more complicated at your dealership? They can be bulky, cluttering up your key control system. In addition, many smart keys (e.g., Toyota, Dodge, BMW) have a built-in valet key that can be separated from the body of the fob.

The problem with this design, as one dealer discovered, is that salespeople can remove the fob from their KeyTrak system while leaving the valet key attached to the key tag in the drawer. When a user doesn’t follow the proper checkout process, there’s no record of the key being removed, which can result in mystery miles and increase the dealership’s liability risk.

Fortunately, you can simplify smart key storage with one simple item: a key fob pouch. Here are the top three reasons you should use them for all your smart keys:

  • Less Clutter in the Drawer — When KeyTrak drawers are full, having the smart key and its pouch attached to the key tag prevents fobs from jostling in the drawer, helping to keep it tidy.
  • Added Security — The pouch containing the smart key is attached to a key tag via a KeyTrak fastener that runs through the top of the pouch, ensuring the valet key and fob stay attached to each other until the vehicle is sold. The fastener also prevents users from removing the fob from the drawer without going through the standard checkout process.
  • Fewer Scratches on the Key — The pouch protects the key from getting scratched so the key stays looking as new as the vehicle. The clear front allows salespeople to easily see and press the fob buttons.

Key fob pouch
  Key fob pouch with KeyTrak fastener

If you’re a current customer, you can purchase the pouches from our supplies catalog or call 1.800.541.5033 (option 2).