How Businesses can Improve “Dark Delivery”

Dark delivery practices keep stores stocked for the next day without interfering with daytime operations, but certain practices can open supply chains to risks.

Adobe Stock 207726863

There’s an old saying, “whatever is done in the darkness, always comes out in the light.” That quote couldn’t be more accurate regarding dark delivery practices when goods are delivered overnight outside regular business hours, such as for restaurants and stores.

Dark delivery practices keep stores stocked for the next day without interfering with daytime operations. They’re often executed with the help of third-party logistics companies and drivers who must access these locations after hours.

When the methods to provision and monitor afterhours access are manual and based on human intervention, they are error prone and unreasonably costly. Most of the time, it’s inefficient for businesses to have their location managers present for afterhours deliveries. Without manual intervention it’s also challenging to confirm a delivery and to know that the goods are correctly stored. If a delivery is not completed because a manager arrives late or a driver doesn’t have access, the loss can be catastrophic for a business. 

For dark deliveries to be effective, companies must rely on good communication, good faith and trust. Delivery drivers are often given temporary access to stores using a spare set of keys, alarm system codes and access cards to unload overnight shipments. They are trusted to lock up, keep the facility safe and not overstay their welcome. These access credentials can be compromised through sharing or copying resulting in added risk and high replacement costs. 

Some businesses recognize this and adopt a layered approach to after-hours access, but this can be complicated and error prone. When alarm and access codes are changed, all employees and suppliers need to be notified, and there is still no control over those codes being improperly shared.  Also, the transition to new codes can result in people being locked out or false alarms being generated. The problem is similar for physical credentials. While sharing a physical credential places the credential owner at risk of exposure they can be lost and even copied. If the organization is using non-encrypted physical credentials or does not have a proactive process for disabling lost credentials, the risks of using physical credentials are magnified.

When keys and codes are used, it can be difficult, if not impossible to specify a narrow time window for a specific delivery. This exposes the property to long periods of time when a compromised key or code could be used. 

In some instances, security services are responsible for the building and must verify the delivery drivers. Drivers and security guards change frequently, and new staff must be confirmed, opening companies to errors and risk. This added layer can be challenging and inefficient because it requires constant interactions between suppliers, logistics, and security. For example, large restaurant chain took an average of 30 minutes to register a driver for the access system and equip them with the necessary token. When the drivers changed, the plan was no longer valid, and the process had to be repeated. 

With all these complexities, how can businesses reduce risk and protect themselves, so operations run smoothly and safely? 

Safeguards can be put in place, from digitizing access with mobile credentials to having the dynamic access control permissions synchronized with driver dispatch systems to keep operations moving efficiently. With the right solution, access control can be rolled out to thousands of locations via the cloud ensuring that only the right people have access at the right times. Staff can manage access from anywhere, at any time, eliminating the need to be physically on-site to grantor revoke access, and eradicating the need to recover keys or physical credentials while providing a complete audit trail of all actions.

Mobile credentials enable a simplified access experience that increases security and convenience for the business and its external partners. Access authorization and authentication can be implemented via smartphones instead of plastic cards. The smartphone is the “key” to access buildings or specially secured areas if the owner has access rights. The mobile credential app communicates with the credential reader at the door and allows users to access the premises.  Mobile credential access rights can be granted and revoked remotely in real time just like computer login rights. Mobile credentials make use of the security features built into smartphones including secure data storage and biometric authentication for the use of apps.

Standards-based Application Programming Interfaces (APIs) extend the value of cloud-based access by providing a mechanism for integrating workflows from other enterprise applications such as identity management, dispatch and scheduling systems into the access control system for credential management. This combination optimizes logistics schedules, manages a changing workforce and maintains security across dispersed locations and personnel. 

This solution is further enhanced by integrating cloud-based access control with video surveillance. Staff, contractors and vendors who visit locations overnight or anytime can be monitored in multiple ways to ensure safety and support operations analysis.

Access control has traditionally been expensive and complex to manage at scale, requiring heavy ongoing IT investments. This is a particularly difficult issue for businesses with multiple geographically dispersed locations and dynamic workforce. A centralized, cloud-based access control solution changes this. Benefits include driving cost savings by reducing dependence on single purpose IT infrastructure, the ability to rapidly expand or shrink your facility footprint and having an access enablement system that is constantly updated, cyber-secure and linked to your other enterprise applications. 

A digital access enablement system delivered via the cloud can also provide better business intelligence. For example, collecting data across multiple sites enables comparative benchmarking, drives operational efficiencies and helps identify risks. If a business knows how long a delivery typically takes, it can optimize accordingly and enforce service level agreements. It can help companies understand employee work habits and productivity which can inform policy changes and deter theft. 

The pace of digitization in business operations has accelerated rapidly over the last few years. Security operations need to keep pace with this trend especially when around-the-clock businesses require ‘always on’ access management. Putting access control into the cloud should be high on the digital transformation ‘to-do list’ of companies with numerous locations looking to turn security operations from a cost center to a business accelerator. It’s the only way to keep the lights on even in the dark.