Solink Secure Summit February 12-14 2024 CRIA International Criminal Investigators Training Conference February 13-15 RCC Retail Secure Conference March 21 RLPSA Annual Conference March 24-27 2024 RH-ISAC Cyber Intelligence Summit April 9-11 ISC West April 9-12 NRF PROTECT 2024 June 4-6 See More Events

Check out the Daily's Exclusive Reports D&D Daily's Mid-Year 2023 Robbery & Burglary Report D&D Daily's Mid-Year 2023 ORC Report D&D Daily's Q4 & 2022 ORC Report D&D Daily's Q4 & 2022 Retail Robbery Report D&D Daily's Q4 & 2022 Retail Violent Fatalities Report See more reports

2023 National Retail Security Survey 2022 NRSS Survey 2021 NRSS Survey 2020 NRSS Survey 2019 NRSS Survey 2018 NRSS Survey 2017 NRSS Survey 2016 NRSS Survey 2015 NRSS Survey NRF's 2021 Top 100 Retailers

Appriss Retail Introduces Workbench for Enhanced Access to Fraud Prevention Tools

Now, retailers are empowered to proactively address even the most costly instances of fraud by increasing efficiency of loss prevention teams

Appriss Retail, a leading provider of data and analytics solutions designed to reduce retail losses, decrease returns, and provide a more seamless consumer experience, announced the launch of Workbench, a new feature that enables diverse business users to proactively identify and address fraud.

According to the 2023 National Retail Security Survey, the retail industry lost over $112 billion to retail crime including shrink, theft, organized retail crime, and returns fraud in 2022. In response to the growing problem, retailers are demanding more control over loss prevention strategies and are looking to implement leading tools quicker than ever before.

In response, Appriss Retail developed Workbench to offer a user-friendly dashboard that helps a variety of business users across departments pinpoint the situations, people, places, products, and processes that need attention. By allowing these users to access more than just reporting functions, they are empowered to proactively identify fraud, reduce losses, and ensure a secure shopping environment for customers.

With Workbench, Appriss Retail customers benefit from heightened operational efficiency and shorter time-to-value. They also gain access to:

• Early Detection: Leveraging AI and machine learning, Workbench enables the early identification of negative trends that will negatively affect profits, allowing for early intervention that minimizes financial losses and preserves businesses’ reputations.
• Comprehensive Dashboards: The intuitive dashboard presents prioritized lists of potentially fraudulent incidents, highlighting those that require immediate attention based on severity and impact.
• Actionable Insights: Workbench guides decision-making and streamlines loss mitigation efforts.  appriss.com

Suspect Arrested for Stolen Nike Products Worth $5 Million

The high-profile raid is the latest in an ongoing crackdown on organized retail and cargo theft out of Los Angeles.

Harvey was booked on suspicion of receiving stolen property.

 

Going After Tougher Sentences for ORC

New ORC Bill Gaining Traction in Arizona State Legislature

This is not your average person putting something in their purse and walking out," said Michelle Ahlmer, Executive Director of the Arizona Retailers Association. "This is a big huge problem in Arizona."

The goal of House Bill 2435 is to deter organized retail theft by imposing tougher sentences on criminals. If passed and signed into law, the bill would require enhanced sentences for a repeat offender who commits three or more organized retail thefts with intent to sell the stolen items for profit.

The legislation, which is headed to the House Judiciary Committee Wednesday, sets up harsher sentencing for repeat offenders. In the three sentencing tiers, prison terms would range from three months to 12.5 years in the lowest tier to 2.5 to 35 years in the highest tier.

"It really is a simple bill," said State House Speaker Ben Toma (R-District 27). "It will impose tougher sentences on offenders who engage in organized retail thefts."

Maricopa County Attorney Rachel Mitchell said in 2023, her office received nearly 600 submittals for the charge of organized retail theft. She said that number is going in the wrong direction.

"Arizona, specifically Maricopa County, will not tolerate this type of offense that is driving retailers to close stores, to hurt the communities that the stores are located in, and driving people out of business," said Mitchell.  fox10pheonix.com    azpbs.org

 

Most Notorious All Reside in China

USTR Releases 2023 Review of Notorious Markets for Counterfeiting and Piracy

The 2023 Notorious Markets List also identifies 39 online markets and 33 physical markets that are reported to engage in or facilitate substantial trademark counterfeiting or copyright piracy. This includes continuing to identify the China-based e-commerce and social commerce markets Taobao, WeChat, DHGate, and Pinduoduo, as well as the cloud storage service Baidu Wangpan. Other listed markets include seven physical markets in China known for the manufacture, distribution, and sale of counterfeit goods.  ustr.gov

 

Crooks targeted Berkeley Apple Store 5 times this month alone

Twice, their plans were foiled, but three other times they made off with Apple devices, Berkeley police said.

 

Violence is so Bad Employees Can't Even Go Outside for Lunch or a Break

Oakland's largest employer reportedly tells workers to eat lunch inside & avoid downtown

Kaiser Permanente, has recommended employees "stay in their buildings for lunch and work, in response to street robberies of workers who went out to grab something to eat."  sfgate.com

 

 

New survey uncovers ripple effects of workplace violence fears within companies and need for proactive prevention

Employees often choose to keep their workplace violence concerns private. The unspoken nature of these concerns can mislead employers, giving them a distorted view of the risks facing their workforce and organization – from mental health to productivity and retention.

Workplace violence threats, both real and imagined, affect both sides of the employment equation. As workplace violence incidents rise, companies face increased pressure from state legislatures, OSHA and courts to take proactive measures to provide a secure workplace.

Survey results revealed that almost 1 in 4 have witnessed workplace violence happening to another employee in the last five years. While the majority (70%) of surveyed workers had received training on workplace violence, nearly a third of respondents have not been trained – a big gap employers need to close.

A majority of survey respondents (76%) say their employer has a workplace violence plan, but far less (60%) were confident in their employer’s ability to act on the plan in the event of an incident.

California takes the lead in workplace violence prevention

Nearly two million U.S. workers experience workplace violence annually according to the Occupational Safety and Health Administration (OSHA). In response, states have begun adopting measures that require employers to proactively take steps to prevent workplace violent threats or potentially be held liable for damages in certain situations.

In 2023 California passed a first-of-its-kind workplace violence law in the US that requires employers to address the following by July 1, 2024:  hrdive.com

 

'Retail chains rethinking their self-checkout strategies'

A grocery store chain is limiting how many items you can buy at its self-checkouts as concerns over theft mount

Schnucks customers soon won't be able to buy more than 10 items at its self-checkout

"We do expect there to be some benefits to stopping theft," the Midwest retailer said.

"While the primary intention is to improve customer service and checkout efficiency, we do expect there to be some benefits to stopping theft," Schnucks said in a statement. "Because self-checkouts are more susceptible to theft, this item limit will help us maintain our costs while keeping the prices lower for our customers."

Schnucks operates 115 stores in Missouri, Illinois, Indiana, and Wisconsin. It told BI that all its stores had self-checkouts, with between four and eight on average at each location.

"When self-checkouts were first introduced, they were intended for smaller orders," Schnucks continued in its statement. "Over time, larger orders began moving through self-checkouts, and we are hoping to address that concern."

Walmart is trying to combat theft at self-checkouts by using technology that alerts staff if it detects a problem, such as an unscanned item, but current and former workers told BI that this led to uncomfortable confrontations when they had to approach customers.

And Costco is cracking down on membership card-sharing at self-checkouts by getting staff to check people's cards.

Research also shows that some customers find self-checkouts alienating, too.

Dollar General said it's beefing up staffing in its checkout areas to provide more customer service.

"We started to rely too much this year on self-checkout," CEO Todd Vasos said in December, noting that it should only be used "as a secondary checkout vehicle."  businessinsider.com

 

PacSun taps Nedap for RFID strategy 

PacSun is partnering with Nedap to deploy RFID across the brand's store fleet.

The retailer is implementing Nedap's iD Cloud Store solutions to increase inventory accuracy and attain data-rich insights for operational processes, according to a press release.

The deployment is expected to be completed in Q1 of this year.

The RFID effort will also create a higher level of transparency with customers and fulfill more customer orders.

Nedap's Virtual Shielding algorithms digitally identify article location at 98% accuracy.  retailcustomerexperience.com

 

Looming Presidential Election Could Bring Heated Workplace Conversations

Why Mental Health Will Be One of the Biggest Topics of 2024

There’s no question that employee burnout and mental health issues have been a continuous problem over the past several years. But despite various employer investments in benefits to troubleshoot stress and improve emotional well-being, employees are still dealing with significant anxiety.

Well over half of employees (57 percent) are experiencing at least moderate levels of burnout, according to a recent report from Aflac. Meanwhile, employees’ confidence in how much their employers care about them has declined significantly: 48 percent said they have confidence in their employers caring about them in 2023—down from 56 percent in 2022 and 59 percent in 2021.

With a looming presidential election—and the polarization and heated conversations that come with it—coupled with financial worries, long work hours and other stressors, burnout might be even more of an issue this year.  

“People tend to be much more polarized in their views. Maybe five or 10 years ago, people could just disagree on and have different perspectives on certain topics, but now it’s become much more polarized and sometimes even aggressive. Mental health—and areas around helping reduce stress and improve emotional wellness—will be a massive focus for the next year.”  shrm.org

 

Sick Shaming Rampant in the Workplace Amid COVID-19, Flu Surge

At a time when COVID-19 and flu cases are rising throughout the country—and the workplace—a new report finds that sick shaming is almost as widespread, causing employees to either feel guilty about taking sick time or, worse yet, come to work sick.

A survey of 1,000 managers from Resume Builder found that 20 percent of managers say they encourage workers to come into the office even when they are sick. Surprisingly, 45 percent of these managers (11 percent of the total sample) admit to “often shaming visibly sick workers” who then come into the office after they were told to.

A quarter said they think workers “lie or exaggerate their illness,” and 34 percent often ask for medical documentation as proof of illness for workers who request a sick day. Additionally, 27 percent of managers overall believe a culture that encourages sick employees to work is good for productivity. shrm.org

 

Walmart to Build or Covert 150 New Stores & Remodel 650

Grocery report shows best curbside pickup experience at Albertsons

 

Retail & Hospitality Threat Landscape Briefing

February 15 | 1 p.m. ET

Join RH-ISAC for a threat briefing about the latest intel on observed incidents and emerging threats relevant to the retail and hospitality community, as well as mitigation or response techniques. This month’s briefing will feature intel and research from Red Sift, DataDome, and Splunk.

Register for Briefing

 

2024 RH-ISAC Summit

April 9 - 11 | Denver, Colorado

We're moving the annual RH-ISAC Summit to the spring! Join us in April 2024 for the premier cybersecurity conference in the retail and hospitality sector.

Interested in attending the Summit at no cost? Reach out to Clair Green to obtain free admission to the 2024 Summit. Don't miss out on this limited opportunity!

 

Question is How Will This Impact Retailers & Their Solution Providers

In 2024, the cybersecurity industry awaits more regulation — and enforcement

Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.

The Biden administration — less than a year after launching its national cybersecurity strategy — is moving forward with efforts to protect critical infrastructure, hold manufacturers accountable for product security and compel private sector companies to disclose material events.  

Concerns about cyber risk have become one of the most pressing issues facing companies today. The annual Allianz Risk Barometer showed cyber events — including data breaches, ransomware and IT outages — are the top concern for U.S. businesses, replacing business interruption. 

Baker McKenzie’s 2024 dispute forecast found cybersecurity and data privacy are the two leading concerns in terms of investigations. 

Fueled by a surge in malicious cyber threats from criminal ransomware and rogue nation-states, the push for cybersecurity regulation is expected to reach new heights in 2024. 

The new and enhanced regulatory environment is forcing companies to take a more proactive risk management approach so they can identify potential threats before they escalate into cyber incidents, according to Cyrus Vance, former Manhattan district attorney and the co-chair of Baker McKenzie’s North America Enforcement Practice. 

“This will involve creation of more robust risk assessment processes, continuous monitoring and implementation of more advanced security measures,” Vance said via email. cybersecuritydive.com

 

83% of Finance Leaders Dealt With Cyber Fraud in 2023

Wire transfer fraud, vendor fraud, and CEO or CFO impersonations were the most frequent, according to a Trustpair survey.

Phishing, hacking, deepfakes — strategies cyber criminals can wreak havoc on a business — have forced CFOs to allocate more toward cybersecurity amid rising technology dependence. Cyber crime targets companies’ financials and so the finance chief has become one of the primary defenders against bad actors.

According to new data from Trustpair’s 2024 U.S. Fraud study, a large portion of CFOs and finance teams may have learned this lesson firsthand. Of the 266 U.S.-based director and C-level finance and treasury professionals with over $1 billion in revenue surveyed, 83% said they have had some type of fraud attempt on their business within the past 12 months.

Payment Fraud Hits Hard

Within that group, payment fraud in particular experienced a sharp rise. In 2023, of the companies that were targeted, 96% said it was in some form of payment fraud attempt. And that 96% is a stark jump from 2022, when just over half (56%) of respondents said they had been targeted, representing a 71% year-over-year increase. 

Of those targeted, 36% of organizations lost more than $1 million. cfo.com

 

Johnson Controls reports $27M hit from ransomware attack

Johnson Controls International spent $23 million on its response and remediation of a September ransomware attack that disrupted and limited access to internal IT systems, the company said Tuesday in a quarterly filing with the Securities and Exchange Commission. 

The company, which manufactures industrial control systems, physical security systems and facility-related technology and infrastructure, reported an additional $4 million in lost and deferred revenues from the attack. The incident response and associated lost revenues amounted to a collective $27 million impact on net income for the company’s first quarter of fiscal year 2024, which ended Dec. 31.

“The cybersecurity incident consisted of unauthorized access, data exfiltration and deployment of ransomware by a third party to a portion of the company’s internal IT infrastructure,” Johnson Controls said in the filing.  cybersecuritydive.com

 

Cactus Gang - Relatively New Gang in Town With 100 Victims in 10 Months

'Cactus' Ransomware Strikes Schneider Electric

Schneider's Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January.

the company faces potential repercussions if its clients' business data gets leaked. According to Bleeping Computer, the Cactus ransomware gang — a relatively young yet prolific group — has claimed the attack. (When Dark Reading reached out to Schneider Electric for corroboration, the company did not confirm nor deny this attribution.) 

Schneider Electric has not yet revealed the scope of data which may have been lost to its attackers, but did acknowledge one affected platform: Resource Advisor, which helps organizations track and manage their ESG, energy, and sustainability-related data. 

Cactus isn't even a year old yet, having first arrived on the ransomware scene last March. Already, though, it is one of the planet's most prolific threat actors.

Cactus has been claiming double-digit victims nearly every month since last July. Its busiest stretches thus far have been September when it took 33 scalps, and in December, 29 scalps, making it the second busiest group during that period, behind only LockBit.    darkreading.com

 

Gang allegedly targeted Apple, AT&T, Verizon, and T-Mobile stores in 13 states.

SIM-swapping ring stole $400M in crypto from a US company

The US may have uncovered the nation's largest "SIM swap" scheme yet, charging a Chicago man and co-conspirators with allegedly stealing $400 million in cryptocurrency by targeting over 50 victims in more than a dozen states, including one company.

A recent indictment alleged that Robert Powell—using online monikers "R," "R$," and "ElSwapo1"—was the "head of a SIM swapping group" called the “Powell SIM Swapping Crew.” He allegedly conspired with Indiana man Carter Rohn (aka "Carti" and "Punslayer") and Colorado woman Emily Hernandez (allegedly aka "Em") to gain access to victims' devices and "carry out fraudulent SIM swap attacks" between March 2021 and April 2023.

Powell's accused crew allegedly used identification card printers to forge documents, then posed as victims visiting Apple, AT&T, Verizon, and T-Mobile retail stores in Minnesota, Illinois, Indiana, Utah, Nebraska, Colorado, Florida, Maryland, Massachusetts, Texas, New Mexico, Tennessee, Virginia, and the District of Columbia.

According to the indictment, many of the alleged victims did not suffer financial losses, but those that did were allegedly hit hard. The hardest hit appears to be an employee of a company whose AT&T device was allegedly commandeered at a Texas retail store, resulting in over $400 million being allegedly transferred from the employee's company to co-conspirators' financial accounts. Other individual victims allegedly lost cryptocurrency valued between $15,000 and more than $1 million.  arstechnica.com

 

PCI DSS v3.2.1 is Retiring on 31 March 2024 – Are You Ready?

Where to Begin 
Whether you have already started the transition or are not sure where to begin, here are Eight Steps for the Journey to PCI DSS v4.0.  pcisecuritystandards.org

An Industry Obligation - Staffing 'Best in Class' Teams Every one has a role to play in building an industry. Filled your job? Any good candidates left over? Help Your Colleagues - Your Industry - Build a 'Best in Class' Community Refer the Best & Build the Best Quality - Diversity - Industry Obligation

Asset Protection Specialist Newburgh, NY - reposted January 2 The Asset Protection Specialist role at Ocean State Job Lot is responsible for protecting company assets and monitoring store activities to reduce property or financial losses. This role partners closely with store leadership and the Human Resources team, when applicable, to investigate known or suspected internal theft, external theft, and vendor fraud...