Before deciding to send this article, some friends have stopped me. Because writing this article will let a lot of logistics companies and E-commerce companies (packet phone shopping, television shopping, online shopping and other direct sales companies) will be affected. and affect the reputation of some practitioners in the industry.
This topic for some companies is really very sensitive, so there will be subsequent articles, the real name of some case company and the true name of the party.
This article is for your reference only and will give you advice on prevention.
Before this article, I wrote an article called "Data leakage, leaked who" did not see the reader can go again to see. In fact, as early as in 2002, the logistics of the cut single (cut single, we collectively called a single bar) has been very popular, because the profits than the actual delivery of the merchant is much higher, because of high returns, So cut a single in the later evolved into a variety of very strange mode, in the following will give you a number of bizarre cases to introduce!
Several patterns and cases of single cut (just for what I've learned, and more I haven't been able to confirm) I
General cut single cases (first and third parties):
1. When the merchant accepts the order, the contact of the merchant to the key link of the order will disclose the order information, before the shipment of the information transferred to the single company, cut a single company in accordance with the order content of the same products to the original shipping company's head to carry out shipping and delivery, to achieve the purpose of cutting single;
resulting in a single link: CS Center, IT department, marketing Department, Finance Department, Warehousing department, etc. have to see the full information of the department or personnel;
2. The Merchant accepts the order to entrust, carries on the normal order audit processing flow, carries on to the packing section, the distribution to the logistics distribution company, the receiving company according to the Order packing information (note, the General City distribution company, is no face single management, the list direct face-to-face distribution, Orders issued in the field will be based on the product attributes of the surface list. The information sold to a single company, cut a single company because the company is small, flexible operation, and do not need a high cost of promotion so will be high logistics costs for rapid logistics response, to achieve the first to the end.
resulting in a single link: Warehousing Operations department, logistics Collection company, the school of Materials companies, logistics company Information Entry links.
3. Cut a single company to buy the business internal key post personnel, in order to make a single, delivery and other important aspects of the operation of the position of the computer on the horse, to achieve real-time access to information purposes;
Or directly commissioned hacker companies and individuals to carry out system intrusion to achieve the purpose of obtaining order information.
.......
Non-conventional single cut case (with serious deceptive nature);
1. A single company in the acquisition of orders to customer information, to send fake and shoddy products, thus affecting the delivery of business credit.
2. Since most companies now have protective measures against information disclosure, shipping on the list will usually only appear name, address, telephone and collection amount, do not know the product information, in the information is incomplete, bad cut a single company will be issued at any time of the goods, and requirements or cooperation with the logistics companies, can not disassemble the inspection, Only the first payment and then unpacking, there are problems directly to find shipping company (here is the original shipping company), the customer received the goods at the same time, the first reflection is the merchant sent the wrong goods, and thus with the order of the company to negotiate, is generally a negotiation, Because the merchant sends out the goods and the entrusted logistics company with the cut single company uses the logistics company not to be consistent, thus the complaint has no door, the only consequence will be borne by the injured merchant.
3. This is going to surprise everyone, the following picture is everyone to look at, this is the wind's internal system screenshot, 2000, just to spend 2000, you can put an account of the use of authority to you, the internal system Oh, of course, only the permission to view, terrible? You know, * Fung is the leader of domestic private courier, to and Mail * and other Express companies do not say it,
4. What happened to me was that one of the night executives of a well-known company had reached an agreement with another sales company to send out the details of their company's evening orders each evening and tow them out to resell another company, charging by the bill.
5. There will even be some logistics companies publicly on the Internet and forums reselling order data and so on ....
I think not need more content, we should understand, why our system security to do such a good job, orders will still have to cut orders and data will be leaked, do not tell me your company can not have such a situation, I do not believe! is your data safe? Is your system safe? You can promise?
Cut single information now minimum 20 yuan/single, high can to 200 yuan/single, visible high return will let a lot of people to take the risk!
Three months of customer shipping information, from 5 to 5 cents, there are many companies in the market, such a situation, I think we are not unfamiliar with it.
Recommendations for preventive measures
1. The function that carries on the system security Authority to decide
2. Key post personnel (such as cs.mkt. Warehousing operations) The main operating computer, the USB interface is removed, and in the working environment is not allowed to carry Instant messaging tools, network environment restrictions, do not use in addition to the internal OA system other communications equipment (such as QQ, MSN, etc.) or to the network Instant Messaging tools upload and download function restrictions
3. For all export functions in the system, only some of the supervisor has the authority to require that the system must support the recording operation Trace function
4. For the system to view the content, according to the position of each post to view the function limit, and the department can be viewed to reduce the content to the limit and the partial shielding of the field
5. The establishment of the company's internal audit monitoring system, will be satisfied with the posts of each post KPI
6. For external logistics companies do not have very effective monitoring methods, now most of the company's approach is to find a number of logistics companies to cooperate, and KPI ratings to limit the logistics company's project service indicators, and once a cut or information leakage situation immediately stop or replace the delivery port, and signed a confidentiality agreement, and increase the reasonable compensation agreement!
OK, we must be surprised, why I will focus on the company's internal security, I have always thought that we start from the controllable link, starting from their own, only the law has, can be legal person!
Of course, there are more ways to cut and solve the way, if there is not enough to please in the follow-up. Thank you very much!
If you have such experience and for the time of headache, please contact me, or directly to me to ask questions and posts, we share an effective solution to the plan!
The above is a personal statement! Does not represent any official position!