Lunch and Learns happen daily at Omnitech. They are a great way for engineers to mentor others, grow professionally, and ensure our clients receive a team-based problem-solving approach. With those daily Lunch and Learns, we order a lot of food. We cannot help but look at these abundant orders with an engineering mindset, always looking to improve the process. Our engineer, Charli, is an engineer through and through. Check out her thoughts on the process.
The Problem
Every day the delivery driver comes to the office and asks for the engineer whose name is on the order. Sometimes that engineer is not available, so another person tries to accept the order. Understandably, the delivery person is always hesitant to give the order to someone other than the person whose name is on the order.
One day after this happened, I mentioned that the food delivery service was not adhering to best software security practices with their food delivery process. As engineers, we wanted to take a deep dive into improving the security of our vital food deliveries.
In software, if a user attempts to log in and fails, whether it is an invalid username or an invalid password, best security practices dictate that the application does not reveal which input was the issue. We do not want to reveal if an account with that username exists. By asking for the person by name, the delivery person revealed that that person has an account and an order. This opens the door for someone to claim an order that does not belong to them.
The Solutions
How would we propose food delivery services prevent this from happening? Take a look:
- Don’t ask for a person by their name. Ask the individual for their name to verify they are the person who ordered food. This would add a layer of security to the food delivery process, potentially limiting the number of orders delivered to the wrong person. They could also add a lockout if the person guesses the wrong name too many times, just like passwords. A person would have to call the delivery service to “unlock” their food after too many incorrect guesses.
- Use codes, not names to verify delivery. This would be more like security systems that use a trusted third party. One method of enacting this for food delivery would be to have the person who creates the order create a code with the food delivery service who would act as the trusted third party. When the driver arrives with the order, they ask for the code and then verify the code with the food delivery service. If the food delivery service confirms the code, the driver would know they can trust the recipient and give them the order.
The Cost-Benefit Analysis
While these methods are good for securing software, they may be overkill for food delivery. Even more important than security for the food delivery business is happy customers and drivers. If the delivery process is too complicated, too long, or too error-prone, the company will lose customers and employees.
What happens if the food is not secure and the wrong person gets the food? What happens if the food is too secure and does not get delivered at all? What is the likelihood of each of these outcomes? The odds of multiple people fighting over deliveries to a single address, thus requiring additional security, is low. As a customer, I would be more frustrated to have my order show up and then the driver refusing to give it to me than to find out they accidentally gave it to the wrong person. In either case, the food could be redelivered. If the order was given to the wrong person, the delivery service could reorder the food and deliver it again. If the food could not be delivered due to security reasons, the driver could go back and give the order to the person, but by then, the food would be cold, and the customer still not happy.
Another thing to think about when analyzing a business process is making it easy to do the right thing. When delivering food, the right thing to do is to deliver the food as quickly as possible. If the security process is too strict, deliveries will take longer, and fewer orders will be delivered. After discussing all the pros and cons, we decided it would be better to err on the side of delivering the order to the wrong person than not to deliver the order at all.
The Conclusion
After a lengthy discussion involving no less than three engineers, we decided that the current food delivery process used, while not secure, is probably the best for bringing value to the company and its customers. If you would like a team of talented engineers to review your business processes and ensure they are optimized for your business’s unique needs, contact Omnitech. If we put this much effort into securing our food and analyzing non-client business processes, imagine what we could do for you and your business!