Ed Becker, ADP Dealer Services’ business security analyst, said dealers know they need to secure their DMS from fraud and identity theft, but they – particularly small dealers and sometimes dealer groups – are reluctant to do so because they fear tightening access hampers productivity.
Another reason (or excuse) is that at their stores, staffers wear many hats.
Becker said ADP recommends limiting employee access to the DMS in general and only to what they’re responsible for.
Securing the DMS is not difficult, he said, if there’s a will.
“There are some best practices. But we know there are dealers who don’t heed them. They are taking on risks they don’t need to take on.”
First of all, he urged dealers to write down the store’s DMS access guidelines. If not, they can’t be enforced. Next, put someone in charge of security.
He went on to list the security features of ADP Drive, its DMS product, many of them standard features.
He noted that ADP Drive supports the setting up of strong passwords and password aging. There can be “levels of restraint” or limited use. That means, for example, that the service department manager may get more access to data than a service advisor.
Kim Saylor, ADP product marketing manager for fixed operations, argued that security and productivity aren’t necessarily at odds.
The cashier at a small store may have access to “change payments” from VISA to cash, for example, but the dealer may not want that staffer to have access to the “add discounts” tool. That can be done.
Discounts are common in the service department. But there needs to be control on the per cent discount or the total amount, Saylor insisted.
In particular, there is a DMS setup option that could restrict applying a discount more than once. If there are overrides, the authority to do so and the amount can be limited while the use of overrides can be and should be tracked by management.
And what if the cost of the work done exceeds the estimate and repair order needs to be modified? This a common problem.
She said ADP Drive has solutions: Electronic Repair Order or Technician Work Bench. These are solutions that let the technicians pull up the repair order on the screen.
When the service advisor contacts the customer, the reason for the change, the date and time of the approval are recorded on the electronic version of the order.
Another major concern is the amount of paper with confidential customer information that circulates all too freely in the service department.
“The best practice is to keep the repair order at the service advisor’s desk, where it can be locked up when not in use or after hours. The ADP solution is to allow the technician to pull up the repair order on their screen, so the paper (version) doesn’t travel,” she said.
Usually, sloppy paper handling practices lead to sloppy paper storing.
“There are many dealerships that do store the paper, often not in a secure cabinet. ADP has DSDA - document storage and archiving - that automatically archives all documents generated on the ADP system.”
As for any other documents the customer signed, “these can all be scanned and stored and the originals destroyed,” she added.
This saves storage space and cuts the risk that confidential customer information will fall into the wrong hands.
Becker offers one more piece of advice: when an employee moves on, remove them from the system immediately.
“If dealers have the will, our DMS has evolved to plug those (security) holes.”