Sensormatic Solutions and Intel Announce Technology Collaboration
Collaboration will provide a broader set of artificial intelligence (AI) solutions to the market

Johnson Controls announced today its leading global retail solutions portfolio, Sensormatic Solutions, and Intel Corporation will collaborate to deliver scalable, AI-powered solutions for retailers. Moving forward, Sensormatic Solutions AI portfolio at the edge will be based on Intel® platforms. Sensormatic Solutions will also leverage Intel® Distribution of OpenVINO toolkit as well as Intel models for delivering its solutions.

This collaboration will come to life at NRF 2020: Retail's Big Show at Jacob K. Javits Convention Center in New York City. Among many other innovative technologies, the companies will showcase the Computer Vision Platform, which leverages Intel® OpenVINO and the Sensormatic Smart Hub and Artificial Intelligence Camera developed collaboratively with Intel for the edge. businesswire.com

Agilence Introduces Artificial Intelligence (AI) and All New Mobile Capabilities in Latest Software Release
Agilence, Inc., the leading provider of predictive data analytics & reporting solutions to the retail, restaurant, and convenience industries, today announced it's 2.8 release of the Agilence Data Analytics Platform. The release adds new Artificial Intelligence (AI) features and a dedicated app-based user experience to shorten the analytics learning curve for enterprise businesses.

"Innovative retail & restaurant organizations are adapting to the evolving consumer landscape through smarter stores that deliver fantastic customer experiences while optimizing store operations," said Russ Hawkins, President and CEO of Agilence. "Our goal is to enable all retail and restaurant chain operators to unlock the power in their data assets, breakdown data access bottlenecks and empower all associates to make better, data-driven decisions throughout the organization. agilenceinc.com
 

NRF 2020 Day 1 Insights: The Digital Economy Is Here
The National Retail Federation (NRF) kicked off its Retail's Big Show in New York City on Sunday, January 12.

These are our key insights from the first day of the event:

• Retailers need to increase technology intensity, which means greater technology adoption and expanded capability.

• Companies need to invest in employees and employee communications to better understand the challenges they face and implement policies to drive employee engagement and productivity.

• Around 9% of purchases are made on merged digital destinations: Brands and retailers need to be everywhere, relevant and delightful.

Convenience Is Everything to Today's Consumer Today's consumers have more options and greater power today than ever before, according to Chris Baldwin, Chairman and CEO at BJ's Wholesale Club, adding that 83% of consumers say convenience is more important to them now than it was five years ago.

Digital Economy Is Here Microsoft CEO Satya Nadella believes that digital is already embedded in the economy, outlining that 92 top retailers use Microsoft cloud technology and that some 31% of the world's GDP is driven by retail. To enable intelligent retail, companies need to embrace four key pillars: know your customers, empower your employees, create an intelligent supply chain and reimagine retail.

Retail Jobs Are Changing Zeynep Ton, Professor of the Practice at the MIT Sloan School of Management, discussed key retail topics with Walmart US CEO John Furner, including digital capabilities and employee engagement. Furner outlined some of the steps Walmart is taking to increase employee engagement, such as introducing new technology for scheduling. Management needs to ensure robust employee communications channels to truly gain insights into what motivates their teams-and what challenges they face in delivering an excellent customer experience. He pointed out that although machines may actually replace some jobs, positions in different functions-such as analytics and more experience-related roles-will be added in the future. coresight.com

NRF Big Show: Kohl's CEO: 'Amazon is working'
Speaking at the NRF's Big Show, Michelle Gass defended the retailer's returns partnership with the e-commerce giant after a disappointing holiday.

Despite some recent questions whether the partnership, which was first established in 2017, is paying off, CEO Michelle Gass on Sunday defended it.

"Amazon is working, this returns program is working," she said during a panel discussion at the National Retail Federation's Big Show. "We're seeing the traffic, we're getting the customer, we're getting a younger customer. To what we expected, some of them are buying, you're not getting 100%, but some of them are buying."  retaildive.com

Chain Store Age: NRF 2020: What to expect
Including Closing Keynote with Gwyneth Paltrow,
Founder & CEO, GOOP
The A-list actress joins NRF 2020 Vision in a closing keynote fireside chat about her path in building a wildly successful luxury lifestyle brand and the valuable lessons she's learned along the way. Hear how this formidable entrepreneur, business woman, and CEO sustains success by learning from mistakes while adhering firmly to her self-belief and values, and often times fostering innovations while disrupting the industry. nrf.com

Retail Leader's: NRF Day 1 recap: top five takeaways
 

UK Retailer Southern Co-op Launches Community Program Tackling Causes of Retail Crime
Southern Co-op has launched a new community fund which aims to reduce the threat of violence and the use of weapons.

The cooperative has identified five areas across the south of England - in Portsmouth, Southampton, South London, Bournemouth and Bristol - which it believes would benefit from community programmes tackling the causes of crime.

The Safer Neighbourhood Fund will support local charities who are delivering innovative programmes that help residents to build a secure future and reduce offending.

Gareth Lewis, Southern Co-op's loss prevention & security manager, said: "We commit a lot of time and money to protecting our colleagues and customers from violent offenders but the stark reality is, it's getting worse.

"Every retailer is affected and we've personally seen a 69% increase in crime across our estate from 2018-2019.

Jessica Hughes, Southern Co-op's community investment manager, added: "We're taking a pro-active and holistic approach to reduce offending and reoffending in areas that we believe are some of the worst affected.

"There are numerous reasons why people steal from our stores and there are charities out there that already do some great work in helping those affected by issues such as drugs, homelessness, poverty and abuse. We hope this funding will give them the boost they need to make an even greater difference to people's lives." talkingretail.com

How the Police Use Facial Recognition, and Where It Falls Short
Records from Florida, where law enforcement has long used the controversial technology, offer an inside look at its risks and rewards.

One of the oldest and largest facial recognition systems in the country: a statewide program based in Pinellas County, Fla., that began almost 20 years ago, when law enforcement agencies were just starting to use the technology.

A review of these Florida records - the most comprehensive analysis of a local law enforcement facial recognition system to date - offers a rare look at the technology's potential and its limitations.

Officials in Florida say that they query the system 4,600 times a month. But the technology is no magic bullet: Only a small percentage of the queries break open investigations of unknown suspects, the documents indicate. The tool has been effective with clear images - identifying recalcitrant detainees, people using fake IDs and photos from anonymous social media accounts - but when investigators have tried to put a name to a suspect glimpsed in grainy surveillance footage, it has produced significantly fewer results.

Pinellas County's Face Analysis Comparison & Examination System, or FACES, was started with a $3.5 million federal grant arranged in 2000 by Representative Bill Young, a Florida Republican who led the House Appropriations Committee. The program received more than $15 million in federal grants until 2014, when the county took over the annual maintenance costs, now about $100,000 a year, the sheriff's office said.

The gains in quality of the best facial recognition technology in recent years have been astounding. In government tests, facial recognition algorithms compared photos with a database of 1.6 million mug shots. In 2010, the error rate was just under 8 percent in ideal conditions - good lighting and high-resolution, front-facing photos. In 2018, it was 0.3 percent. But in surveillance situations, law enforcement hasn't been able to count on that level of reliability. nytimes.com

Eddie Bauer Workers Stripped Of Cert. In Security Bag Check Suit
California federal judge decertified a class of more than 1,000 Eddie Bauer retail workers alleging they weren't paid for time spent undergoing security checks before leaving the store, finding the class members did not experience a uniform policy of off-the-clock exit inspections.

The retailer does not have a uniform policy or practice on whether exit inspections are to be done on of off the clock. law360.com

Federal Judge Pushing Carnival To Clean Up Its Act for 3 Years Sets April Hearing

-Carnival Cruise Lines $60M Fines & Threats of Jail For Top Execs Over
Chronic Ocean Pollution

-Carnival's First Compliance Officer Rushing to Prove Value of New Centralized System

Six months on the job, Peter Anderson, Carnival's first chief ethics and compliance officer, is fixing the cruise line's compliance system that was so broken a federal judge once threatened to jail its top executives.

After serving as a federal prosecutor, Peter Anderson carved out a successful career as an environmental and white-collar criminal defense attorney in Asheville, North Carolina. Then he gave it all up to move in-house.

Miami-based Carnival Corp. offered him a challenge he couldn't refuse: become its first chief ethics and compliance officer and fix the cruise line's compliance system that was so broken a federal judge once threatened to jail its top executives for repeatedly polluting the ocean.

Carnival also gave the position elevated status. Anderson explained that he is a senior officer reporting directly to CEO Arnold Donald with dotted-line reporting to the board of directors. He was also made one of eight executives on Carnival's corporate leadership team. Even the general counsel is not a member of that team.

"We have a seat at the table," Anderson said. "I was thrilled with the opportunity."



Survey: Bad returns policy is big turnoff to future purchases
84% of respondents say a fast, easy returns process drives repeat purchases following a return. What's more, 95% of respondents say a bad returns experience would make them less likely to purchase from a retailer again in the future.

67% of respondents make returns within one week of the holiday, with 6% returning items the following day.

Nearly two in three respondents have decided not to purchase a gift due to a retailer's return policy.

59% of respondents say the ability to get a full refund is the most important factor about a return policy.

See all the stats

U.S. Billion Dollar Weather Disasters Doubled in Last Decade
The nation experienced 14 billion-dollar weather and climate disasters last year totaling $45 billion.

The United States saw 14 weather and climate disasters that caused financial losses of at least $1 billion last year, according to the National Oceanic and Atmospheric Administration's annual U.S. climate assessment. 2019 was also the second-wettest year on record behind 1973.

In total, the weather events cost $45 billion and caused at least 44 deaths. They included wildfires in Alaska and California, two tropical cyclones, and inland flooding that affected the Missouri, Arkansas, and Mississippi Rivers. cfo.com

Unlawful Pay Practices Cost Walmart $55 Million
The 9th U.S. Circuit Court of Appeals has upheld a $54.6 million jury verdict against Walmart for its pay practices for truckers in California. The Jan. 6 decision shows that an employer's control over employees, even when they aren't working, can lead to wage and hour liability in California.

The ruling may affect any hourly job that has downtime if the employee isn't performing his or her main job function during that break, according to Branigan Robertson, an employee rights attorney in Aliso Viejo, Calif. "There are many different jobs in California where this might apply: limo drivers, nurses, IT [workers], truck drivers, on-call workers and many more," he said.

A class of plaintiffs alleged that Walmart did not pay them properly, and a jury ruled in the group's favor, awarding $44.7 million for unpaid layovers, $3.96 million for unpaid rest breaks, $2.97 million for unpaid pretrip inspections and $2.97 million for unpaid post-trip inspections.

"The decision reaffirms that California employers must pay for all time employees work, which includes all time under the employer's control," shrm.org

Walmart's UK Retailer Asda Eyes Cutting 2,832 Jobs in Cost-Cutting in Back Office
In its latest cost cutting drive, the Big 4 grocer is looking to halve its back office operations across its 639 stores.

"The way in which we operate our store-based back office has evolved over recent years to adapt to changing customer behavior, such as an increase in card payments over cash. "As a result, we are proposing some changes to increase efficiencies and simplify ways of working across administration, compliance and cash office. retailgazette.co.uk


NRF names new chairman, board members

Women now have more jobs than men - but that's not necessarily sign of progress

Mexico - Walmart Opens 134 Stores in 2019 - Biggest International Market of 3,407 Stores

Five Below to Open 180 Stores in 2020

OSHA: Mavis Discount Tire Warehouse Fined $190,000 Safety Violations in Buford, GA


Quarterly Results
Canada's Aritzia Q3 comp's up 5.1%, net sales up 10%
Urban Outfitters Holiday Sales Nov-Dec comp's up 3%, sales up 2.9%
Five Below Holidays Sales Nov-Dec Comp's down 2.6%, sales up 13.4%
 

Last week's #1 article --

Macy's is closing at least 15 stores - here's the full list

Victims of data breaches are entitled to damages under the California Consumer Privacy Act
Consumers in California now have the right to know what data companies collect about them and can opt out of having it shared or sold. The legislation could be a model for future state or federal laws, according to experts. One possible outcome: Lawmakers could eventually force companies to pay consumers to use their data.

"We're talking about a business profit-and-loss statement at that point," Kathy Delaney Winger, an attorney based in Tucson, Ariz., said Thursday at the WSJ Pro Cybersecurity Symposium in San Diego. "Keep an eye on it. It's conceivable." wsj.com

U.K. regulator fines retailer $654,000 for data breach
The U.K. Information Commissioner's Office fined Dixons Carphone PLC £500,000 ($654,000) for a data breach the company discovered last summer, the Guardian reports. Malware infected 5,390 cash registers in the company's Currys PC World and Dixons Travel stores between July 2017 and April 2018. Hackers collected payment-card data from 5.6 million people and personal information such as email addresses and details of failed credit checks from around 14 million people, the regulator said. wsj.com

Companies: Lean into consumer privacy to win
Effectively, the CCPA gives regulatory power to the individual because consumers can opt out of having their data sold and have the right to be forgotten. To achieve compliance, companies need to adjust, and switch from a one-size-fits all mindset on data management to a highly agile, personal approach for consumer data.

This means that companies need data policies that sit with and follow the data so that a consumer can opt to share one piece of data about themselves with company A, but not company B, and another piece of data about themselves for some purposes, but not others.

The data about the data

Being able to do that sounds like a daunting prospect, and it is: legacy technologies and ways of handling data can't do it. But next generation database technologies allow companies of all sizes to get specific with data.

In effect, the CCPA and the GDPR require companies to have a 360-degree view of their data. Achieving that means breaking data out of silos and integrating it in a central hub where it can be governed according to consistent policies and accessed appropriately.

This governance and management of data depends on being able to also manage metadata. Metadata is the data about the data. When that metadata sits with the data - versus a separate and disconnected repository of data rules - companies get to the granular level that new regulations require. helpnetsecurity.com

Rethinking "Red Flags" - A New Approach to Insider Threats
A whole threat and whole person approach to efficient and effective insider early warning is needed.

At the core of the insider mitigation process is the insider "red flag" methodology, a legacy approach that is increasingly failing us. The evidence is all around; insider incidents increasing in number and impact, most with abundant (but generally unactioned) "red flags." How often do we look back following an incident and immediately recognize clear indicators? Far too many times.

The reasons for this failure can be found within most organizations. First, insider threat early warning programs often lack the attention, expertise, funding, incentive programs, information-sharing processes and programmatic approaches necessary to be successful. Second, organizational cultures often undercut the effectiveness of early warning programs through denial, privacy concerns, lack of accountability and a cognitive bias toward technical cybersecurity.

There is some good news - significant opportunities exist for stopping insider attacks, around which an affordable and effective early warning system can be created.

These opportunities are created by the simple fact that insider attacks are generally not impulsive in nature. Regardless of motivation, the insider plans for months or even years before action. And no matter how hard they try to cover their tracks, they leave evidence during the slow progression from idea to action. This evidence is observable; the changes in attitude and behavior are discernable and detectable.

More importantly, these relatively slight changes in attitude and behavior serve as predictors of how an insider will react to greater stress. In essence, minor events will showcase a natural reaction, allowing one to predict reactions to major events. By knowing that specific personalities are negatively affected by specific events, one can identify "tripwires" for more significant problems.

To summarize, insiders tend to slowly evolve toward action and often provide indications of their progression. Leveraged properly, these indicators can be used to track, predict and stop attacks.

The Insider Kill Chain - Applying the Insider Kill Chain - The 13-Step Framework - Insider Threat Profiles securitymagazine.com

5 Tips on How to Build a Strong Security Metrics Framework
Solid metrics can help an organization measure and track risk and performance as well as make educated adjustments and decisions as required. While most security professionals recognize and understand this, in practice, only a few organizations actually realize significant benefits from security metrics.

Tip 1: Know your audience. The first step toward building a strong metrics framework is to understand who you're building it for, even if there are multiple audiences. The metrics reported to the board and executives will be different than those you use to make operational improvements and tactical adjustments. The metrics provided to customers showing that their data is protected will be different than the metrics for security management to make well-informed decisions. A good metrics framework provides the right metrics to the appropriate audiences, even when there are multiple audiences.

Tip 2: Aggregate: One great way to provide the right metrics to the appropriate audiences is to aggregate strategically. Each tier is more detailed than the tier above it, and more granular metrics roll up into broader, more strategic metrics as you move up through the tiers.

Tip 3: Map to controls. Ultimately, a good metric will help assess whether or not a control is effective at reducing risk. This has many benefits, including allowing the security organization to gain an understanding of where gaps may exist or where controls may need to be either designed or implemented differently. Of course, these benefits are only attainable when metrics are mapped to controls.

Tip 4: Designate acceptable values and objective ranges. Once you have a solid set of metrics, define acceptable values for those metrics together with ranges that define different levels of risk (for example, low/medium/high, green/amber/red, or any other set of groupings that suits your organization). That will allow you to more objectively calculate risk levels for each metric, different aggregates of metrics, and in total across the organization.

Tip 5: Measure and report regularly. Metrics should be living and dynamic, rather than snapshotted and static. It's important to measure frequently and report metrics regularly. This allows the security organization to trend over time, spot abnormalities early on, and prevent additional risk from entering the organization unnecessarily. darkreading.com

Cybercrime's Most Lucrative Careers
Crime pays. Really well. Here's a look at just how much a cybercriminal can earn in a month.

"Into the Web of Profit," a study released earlier this year by Dr. Michael McGuire at the University of Surrey, also backs that up. The study examines what is being sold on the Dark Web. Categories of goods include credit card information, login credentials to financial accounts, stolen subscription credentials, and usernames and passwords of all kinds.

Also available: services and jobs, according to Alex Guirakhoo, strategy and research analyst at Digital Shadows.

"In February 2019, the threat group TheDarkOverlord was seen advertising monthly payments of over $60,000 to tempt recruits willing to join their extortion schemes," Guirakhoo says.

So how much does cybercrime pay? A separate study, also conducted by McGuire, dives into the details of how much cybercriminals earn. McGuire interviewed 50 convicted or active cybercriminals, and spoke with dozens of experts from law enforcement, financial institutions, and IT security companies. Total cybercrime revenues are around $1.5 trillion, he found. And the cybercriminals earning the most are making as much as much as $2 million a year.

Yes, you read that right. The highest earners take home more than $167,000 a month. Lower wages hover around 75,000 a month. And as Guirakhoo notes, certain skills net a better income.

The Most Profitable Markets And Services
McGuire's "Web of Profit" report details not only how much money cybercrime can net, but which markets are the most lucrative. Here's how profits break down by criminal venture:
• Illegal online markets: $860 billion
• Trade secret, IP theft: $500 billion
• Data trading: $160 billion
• Crimeware/Cybercrime-as-a-Service (CaaS): $1.6 billion
• Ransomware: $1 billion

While ransomware is at the bottom of the list, Digital Shadows' research shows it's one to keep a watch on, Guirakhoo says. darkreading.com

Addressing the $12B Lost Annually in Online Retailing
With annual sales projected to reach over $630 billion going into 2020, online retailers are a high priority target for hackers, so much so that annual losses attributed to website attacks are estimated at $12 billion. So, what tactics will hackers use to ruin retailers' holiday and New Year momentum? Let's dive into a recent report that highlights the most prevalent ecommerce attacks and threats facing online retailers.

Top Ecommerce Web Attacks

1. Account takeovers (29.8 percent). Stolen or guessed user credentials are used to log into a website site, allowing the hacker to change customers' settings, lock them out and place fraudulent orders. A validated user name-password combination will then be tried against a large number of additional financial and E-Commerce sites.

2. Bot impostor attacks (24.1 percent). A bogus search bot request, or "fake bots," are used to gather pricing and inventory data. These result in false requests, price scraping, and gift card cracking.

3. Cross-site scripting (XSS) (8.7 percent). A method using malicious JavaScript code to take control of a user's shopping cart and have the goods shipped elsewhere for resale.

4. SQL Injection (SQLI) attacks (8.2 percent). Attackers seek to gain privileged information by bypassing application security measures. The information can include company data, user list and customer details.

5. Backdoor file attacks (6.4 percent). These attacks use malware to install a persistent vulnerability on a system, which allows additional attack activity for as long as it remains undetected. These attacks are the fastest-growing because they make it possible to circumvent normal authentication processes in the future.

Cyberdefense Strategies

There's no silver bullet for ecommerce fraud; online retailers must develop comprehensive cyberdefense strategies aligned with the types of threats they face, including:

- Integrate security tools into software and IT (DevOps) processes.
- Monitor.
- Interpret and act on monitoring data effectively. dealerscope.net

Amazon Takes a Swipe at PayPal's $4 Billion Acquisition
"Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit," the message read. "To keep your data private and secure, uninstall this extension immediately." It was followed by a hyperlink where users could learn how to do so. Screenshots of the warning were posted to forums and social media by Honey users, like Ryan Hutchins, an editor at Politico.

Honey isn't some obscure browser extension from an unknown developer. Founded in 2012, the Los Angeles-based startup now boasts over 17 million users. It finds discount codes to save shoppers money at tens of thousands of online retailers, including Amazon. In November, PayPal agreed to purchase Honey for an eye-popping $4 billion, its largest deal ever. The acquisition was completed this week.

Amazon's warning, which began appearing on December 20, confused and angered many of Honey's users, some of whom complained on its official social media channels. The browser extension has been compatible with Amazon since it was founded, and it is a significant part of Honey's appeal. Amazon is one of the most popular retailers in the world and the place where most Americans begin when looking for a product online. wired.com

Robust fraud prevention strategies help retailers decrease chargeback, increase sales

The rise of bad bots in retail ecommerce