Customer Relationship Connections
THSRC endlessly creating thoughtful services that exceed customer expectations is the driving force for THSRC's perennial improvement. We have prepared a dedicated management department to open up multiple communication channels to respond to passengers' needs in real time, deepen customer relationships, provide consultation by Artificial Intelligent Customer Service, corporate website e-mail message and other functions, and configure the customer service line service with Mandarin/ Taiwanese/ English responses. The Feedback Collection Channels and Customer Service Operations System are detailed in the figure below.
Current Feedback Collection Channels and Customer Service Operations System
THSRC has set up a Current Customer Complaint Resolution Mechanism to not only provide immediate consolation and attention but also submit customer feedback to the quality management authority and responsible department of each department and the cross-departmental customer opinion review meeting, so as to truly incorporate customer feedback into management and implement improvements. We manage customer feedback in a systematic way, automatically notifying and reminding the responsible department to investigate and explain, and the responsible department will compile and reply within 7 working days, with a 100% achievement rate in 2024. In 2024, the inbound passenger service center and the use of Artificial Intelligent Customer Service inquiries were about 733,000 cases, and the main consultation items were about ticketing, lost items and THSRC promotions. Part of that, Artificial Intelligent Customer Services received 312,000 (accounted for 43%) inquiries or applies for timetables, ticketing problems, guide for travel, properties lost and found services.
Current Customer Complaint Resolution Mechanism
Information Security Management
With the development of technology, online infringements and digital crimes have become more and more frequent, THSRC established the "Information Security Management Committee" in 2017, and appointed information security officers from the company's interdepartmental office to hold information security management review meetings every six months and convene information security officer meetings every quarter. Review the development direction, strategy and related implementation results of information security, so that the information security management system continues to operate steadily. A total of two information security management review meetings and four information security representative meetings were held in 2024. The information security governance report and results have been recorded in the report of the14th Board of Directors of the tenth session in 2024. For more information about the policies and management plans related to information security, please refer to THSRC Corporate Website.
THSRC Information Security Management Framework
Implementation of Personal Information Security Maintenance Measures
| Safety Maintenance Measures for Personal Information Protection Management |
Personal Information Management Measures and Implementation Results in 2024 |
|---|---|
| Establish a management organization and allocate considerable resources |
Segment representatives formed the “Personal Information Protection Implementation Group.” In 2024, there were 17 personal information representatives and a personal information representative meeting is held every quarter, and a total of four meetings were held in 2024. |
| Risk assessment and management mechanism for personal information |
A three-level management model is adopted as per the security level of personal information files, and risk identification and assessment of personal information files were conducted every year, and personal information files inventory audits were performed twice every year, to maintain the correctness of the “Personal Information File Inventory.” |
| Information security management and accident prevention, notification, and response mechanisms |
Information is divided into three types: written forms, electronic files, and system files, and relevant regulations on personal information security incident response, a complete notification mechanism, and a review and improvement policy have been formulated. In 2024, no personal information leakage security incident occurred. |
| Awareness promotion, education and training | One hour of education and training for new employees and one hour of annual training for all employees. |
| Equipment safety management | Terminal equipment (including personal computers, notebook computers, and mobile devices) and various types of servers are all handled in accordance with THSRC's relevant information security management regulations. |
| Overall continuous improvement of personal information security maintenance |
The annual audit results are regularly reviewed at the personal information representative meeting and reported to the review meeting of the Information Security Management Committee. |
In 2024, some member accounts of the TGo website were credential stuffing and their points were stolen. A total of more than 500 members' TGo membership accounts were abnormally redeemed. A credential stuffing occurs when an attacker uses a compromised username and password combination to attempt to automatically log in to different websites or services. This incident involved criminals obtaining people's mobile phone numbers and passwords from an unknown external source and launching a credential stuffing on the THSRC's membership system. The company immediately launched an investigation and confirmed that the information about members had not been leaked from within THSRC. Although this incident was not attributed to THSRC, in order to protect the rights of members, THSRC has proactively notified affected members, reminded them to change their passwords, and compensated the losses by giving membership points. It has also reported the incident to the relevant authorities and was cooperating with the Ministry of Justice Investigation Bureau to conduct an in-depth investigation. To further prevent similar incidents from happening again, THSRC has strengthened the security measures of the membership system, including adding a login notification function. When a member account has a successful login or redemption action, the system will automatically send a notification email to the member's email address.
THSRC continues to strengthen security operations in 2024, such as the use of the Virtual Private Network (VPN) and the employee remote work emergency measures and security are listed below to improve our information communication security environment:
Availability and Stability
- Increase equipment capacity to ensure sufficient number of employee connections.
- Increase network bandwidth and circuit redundancy to improve network connection stability.
- Cooperate with national information and communications security operation, conduct internal inventory and replace products that endanger national information and communications security, and restrict the use and provision of products that endanger national information and communications security when selecting external business partners.
Security
- Employees log into the company's intranet from the external network and use two-factor authentication.
- If an abnormality occurs, the VPN device will complete the switch within 1 second, and the password and One Time Password (OTP) must be re-verified.
Monitoring Mechanism
- VPN uses two-factor authentication and monitors the source IP of the connection.
- Integrate information security monitoring mechanisms and conduct 24/7 monitoring and reporting through the information center computer room.
- Track usage of high-privileged accounts and user endpoint devices.
In response to the goal of "Accelerating Digital Optimization and Moving Towards Digital Transformation," one of the six strategic directions of THSRC in the medium and long term, while accelerating digital innovation and transformation, we have formulated four development strategies for high-speed rail information technology, including management information digital optimization, maintenance management digital optimization, operation management digital optimization, and marketing digital optimization. The projects and goals we planned to introduce are as follows:
