NRF PROTECT Session Roundup: Day 2 | June 5

By Amber Bradley, Owner, Calibration Group

Content ruled the day for NRF PROTECT as sessions kicked off Wednesday, June 5, with Nikolas Badminton, a world-renowned global futurist. Attendees were treated to Nikolas' predictions of what is to come for retail and how executives should be stepping back from the day to day to understand and help identify critical trends. To hear his keynote, click here.

More than 2,200 loss prevention/asset protection executives are in Long Beach this week taking in all types of valuable sessions for all levels of the organization. For a full list of speakers and sessions: Click here.
 
In case you missed it, here are highlights from some key sessions:

- "Protecting our elders: Gift card fraud and scams" presented by Amy Nofziger, Director of Fraud Victim Support for AARP, and Claire Rushton, Senior Director of Global Investigations for Walmart.

Summary: Knowing that elder fraud is a $3 Billion-a-year problem was certainly disturbing, including hearing a firsthand account from a victim herself, was bone-chilling. Nofziger summarized exactly how these types of abuses occur utilizing gift cards, and provided a few ideas to help retailers curb these scams including placing a mirror on the gift card rack with the phrase, "Is someone asking you to lie to purchase these gift cards?"

Rushton described Walmart's rather mature program to combat this type of gift card fraud explaining their own internal "Redemption" portal that catches the bad guys when checking the financial balances of these cards. Staggeringly, Walmart has more than $12 million in the bank waiting to be returned to fraud victims, of which $4 million has already been returned.

Key takeaways from the session includes:

• Removing the opportunity for gift cards to be purchased with other gift cards

• Making sure to share with industry partners, knowing there is no competitive nature in saving our elders

• Use data to identify trends

• Remediate after your criminal cases

To download the AARP takeaway, click here.

- "It's a small world after all: Loss prevention around the globe" presented by Claire Rushton with Walmart, Ed Velaquez, Sr. Director for Enterprise Risk, Aritizia and Karen Osorio, Head of Security and Compliance for H&M Group.

Summary: This session tackled 5 questions about loss prevention and risk issues from perspectives domestically, among Canadian retailers as well as globally. Each expert provided their perspectives based on their own perspectives. Questions included themes around the landscape of theft/loss/violence varying from geography, law enforcement partnerships, the adoption of technologies/impact of legal considerations, and recommendations for expanding into other countries.

Overall, everyone agreed shoplifting and workplace violence has increased dramatically, law enforcement partnership have been valuable and increased among the most recent legislative successes. In terms of technology, facial recognition is bound by the privacy concerns within the geography and RFID is realizing a big push in Latin American countries.

Key takeaways for expanding into other countries:

• Understand the data - know what's going on even if it's a google search

• Make the relationships with local law enforcement representatives

• Have a methodical, detailed process

• Learn from other retailers that have tried to expand into your considered market

• Be culturally aware. Understand how differently law enforcement works as well as how to localize your organization's mission and goals

• Be hands on with your talent specially so they understand the brand's expectations

NRF PROTECT concluded the day with the induction of the new class of "Ring of Excellence" winners. Congratulations to the latest winners:

	Gary Johnson, a leader in loss prevention for more than 40 years. Johnson retired as Director of Asset Protection & Safety for Guitar Center Inc., overseeing 600 stores nationwide, and has held leadership positions with The Vitamin Shoppe, A&P Supermarkets, Barnes & Noble and Osco Drug Stores. He served two terms as Chair of the NRF Loss Prevention Advisory Council and was a founding member of the Loss Prevention Research Council.
	Mike Lamb, LPC, an industry expert with more than four decades of experience in asset protection, loss prevention and safety. Lamb retired from his role as Vice President of Asset Protection & Safety with the Kroger Company in February 2024 and previously served in leadership roles with Walmart U.S. and The Home Depot. Lamb remains active in the LP/AP industry, serving as a member of the Executive Committee for the LP Foundation, senior advisor for Innovate LPRC and board member of Good2Go, as well as other key affiliations.
	Walter Palmer, an industry expert in loss prevention and a leader throughout his career as a practitioner, consultant and industry partner. Palmer continues to provide strategic guidance and insights to many of the world's leading retail brands. He is one of the co-founders of LP Magazine, has served the industry across many boards and associations, and has been involved with NRF's loss prevention conference for more than 30 years.
	John Velke, a practitioner who began his retail loss prevention career in 1977 at Lord & Taylor. Velke's career includes roles with Fred Meyer, Parisian, Proffitt's and McRae's stores, before retiring in 2022 from Total Wine & More. For more than 40 years he has advocated for the AP/LP industry, serving on the Illinois Attorney General's task force on computer crime, as a governor-appointed board member to Oregon's Police Academy, and a member of the NRF Loss Prevention Council.

Next up: June 6 Session Round up! Stay tuned tomorrow to get the in-depth highlights of a few sessions with key takeaways!

Theft Gets All The Attention, But What's Really Fueling Shrink?
Shoplifting (or external theft) accounts for just over a third of inventory loss.

Opinion: Shoplifting might be masking big retailers' real flaws

Shoplifting is bad right now. But is it really as bad as some would have us believe?

Although some theft goes undetected, police-reported shoplifting is a good way of determining whether the problem is getting worse. In 2022, Winnipeg reported 4,186 shoplifting incidents involving items less than $5,000, a 36 per cent increase over 2021.

However, given that in-store shopping was way down in 2021 because of pandemic restrictions, those numbers are misleading. In fact, when you look at pre-pandemic numbers, you can see the total number of shoplifting incidents in 2022 was well below what was reported in 2018 (5,104), 2019 (7,817) and 2020 (6,624).

What about organized retail crime, the main trend that retail lobby groups claim is driving a spike in shoplifting? When pressed, the industry has had a difficult time quantifying the total amount of losses due to criminal organizations.

And this brings us to what is probably the real story behind the story: shrink. So, what drives shrink? In both Canada and the U.S., industry sources claim shoplifting (or external theft) accounts for just over a third of inventory loss. However, more than half is attributable to "process control failures" (items not scanned properly, bar code misreads) and internal employee theft.

More importantly, the annual increases in the shrink rate have remained relatively stable in both the U.S. and Canada, and are at or just below pre-pandemic levels. If there was an epidemic of shoplifting and organized retail crime as the industry claims, that annual number would be much higher.

So, why would the retail industry want to exaggerate the impact of shoplifting?

Academics and analysts that study the sector suggest that shoplifting in general, and the spectre of organized retail crime in particular, is an effective diversion from consumer concerns about unjustified price hikes and record profits. Big retail grocery chains in particular have been demonized for suspected price gouging.  winnipegfreepress.com


'End-to-End' Fight Against Theft
Dollar General fights back against thieves with plan to remove theft-prone merchandise, self-checkout lanes

Dollar General has converted self-checkout lanes in 12K stores

Dollar General is employing new measures to crack down on rampant retail theft that it says has been the most problematic problem for the business. The company said it plans to remove items that are frequently stolen and eliminate self-checkout options from thousands of additional stores.

It's part of the company's ongoing effort to eliminate shrink, which "continues to be the most significant headwind," CEO Todd Vasos told analysts during an earnings call. Shrink is an industry term referring to lost or stolen merchandise.

"We are deploying an end-to-end approach to shrink reduction across the organization, including efforts in our supply chain, merchandising, and within our stores," Vasos said.

As part of its plan, the chief executive said the company converted approximately 3,000 additional stores away from self-checkout in May, totaling 12,000 total locations that have been converted since the beginning of the fiscal year.

Even with the latest changes, the company doesn't expect to see a material impact right away. The company's supply chain teams are also working to make sure deliveries arrive on time, and its merchants are reducing the amount of inventory it has in stock, Vasos said.

As part of its efforts within stores, Dollar General plans to get rid of "high shrink" items, ones that are most likely to be stolen.  foxnews.com


Is the Crime Drop Simply the Result of Lack of Data Reporting?
Declining crime may be due to drop in agencies reporting data
In the first quarter of 2024, violent crimes across Maricopa County, Arizona appear to be trending down. After a bump in the data in 2021 showing 5,414 violent crimes in the first three months of that year, law enforcement agencies collectively reported 4,891 in the same time frame this year.

While the trend appears consistent and positive, the drop may be due to a decline in the number of agencies reporting their data to the Department of Public Safety.

The Maricopa County Sheriff's Office is the largest example of one such agency. In the first quarter of 2022, the sheriff's office reported 307 violent crimes, just behind the Glendale and Mesa police departments and well behind Phoenix. No data is reported by MCSO in 2023 or 2024.

MCSO was not the only agency to stop reporting their crime data. Scottsdale and Tolleson police departments also have yet to report to the Department of Public Safety their 2024 data. Collectively, these law enforcement agencies average about 500 violent crimes in the first three months of the year. When that average is added to the crime stats the downtrend in data disappears and violent crime would be estimated closer to the 5,400 peak from 2021.  abc15.com


Backlash Against Chicago Official's Crime Alert Plan
"The public needs to be aware of 'skyrocketing' carjackings and armed robberies."

Chicago Democrat takes heat for warning against over-reporting crimes

Local Alderman Leni Manaa-Hoppenworth said she will no longer issue crime alerts via email or social media

A Chicago Democrat is facing criticism after saying she will no longer share crime alerts because it creates a negative "perception" of marginalized communities.

Local Alderman Leni Manaa-Hoppenworth announced Wednesday that she would no longer relay crime alerts via her social media or constituent email list because of her belief that the "over-reporting of crime leads to an inaccurate public perception about crime rates."

During an appearance on "America's Newsroom," Violence Interrupters Executive Director Tio Hardiman said Manaa-Hoppenworth's comments are not necessarily accurate and that Chicago is a "rough place." He suggested that some people may not want crime information to get out to the public at large, but that the public needs to be aware of "skyrocketing" carjackings and armed robberies.

"People need to know to watch their surroundings because you can have somebody robbing people," Hardiman said. "There might be a rash of armed robberies taking place in a certain area, so people need to know. So, I pretty much disagree with that notion not to alert people because it's going on in Chicago."  foxnews.com


Connecticut stores see downsides of self-checkout trend
 
Status quo prevails in D.C. primary dominated by crime concerns
 

Top Cyber Threats Facing Retail
Retail & Hospitality ISAC Report reveals top cyber threats facing retail and hospitality

Threat actors are increasingly adopting advanced technologies like artificial intelligence to intensify and strengthen their attacks.

Cybercriminals continue to target the retail, hospitality, and travel sectors with increasingly sophisticated attacks, according to a new report from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC). Committed to helping its members stay one step ahead, the organization released its annual industry trend report, shedding light on the most pressing cybersecurity challenges facing these industries.

The report, which analyzes RH-ISAC member data alongside findings from the 2024 Verizon Data Breach Investigation Report, reveals that credential theft, ransomware, and phishing continue to be the highest threats plaguing these industries, with threat actors increasingly adopting advanced technologies like artificial intelligence to intensify and strengthen their attacks.

"Our latest industry report underscores the ever-evolving challenges facing retail and hospitality organizations when it comes to cybersecurity," said Suzie Squier, president of RH-ISAC. "By sharing intelligence and collaborating as a community, our members are better positioned to defend against these persistent threats."

The report highlights several key trends:

• 91% of industries saw ransomware as one of the top three most prevalent threats
• 50% of social engineering attempts involved pretexting to pressure victims into divulging sensitive information
• 83% of breaches originated from external factors, with 95% financially motivated
• Vulnerability exploitation, especially in third-party suppliers, increased drastically compared to the previous year

The full report, including detailed metrics for specific retail and hospitality subsectors, is available here. Learn more about RH-ISAC memberships at rhisac.org. securityinfowatch.com


Stealing Data from the New Windows Recall Feature
Allowing threat actors to automate scraping everything you've ever looked at within seconds

TotalRecall shows how easily data collected by Windows Recall can be stolen
Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows' newly announced Recall feature to steal sensitive information.

On May 20, Microsoft announced a new line of Windows 11-powered PCs called Copilot+. Among its previewed features was Recall, which was immediately viewed with suspicion by security professionals and privacy-minded users.

Copilot+ Recall takes snapshots of the computer's screen ever few seconds (some things can be excluded), encrypts and stores the snapshots locally, uses optical character recognition (OCR) to extract relevant information that users may search for later, and and stores this data locally in an SQLite database, in plain text.

In theory, only the user may access it when logged into the computer. In practice, though, info-stealing malware and hackers can access it, and so can other users on the same device.

Security researcher Kevin Beaumont tested the feature and proved that the exfiltration of Recall databases can be automated.

"Recall enables threat actors to automate scraping everything you've ever looked at within seconds," he said. helpnetsecurity.com


AI's Impact on Zero Trust Strategies
How AI-powered attacks are accelerating the shift to zero trust strategies
In this Help Net Security interview, Jenn Markey, Advisor to The Entrust Cybersecurity Institute, discusses the increasing adoption of enterprise-wide zero trust strategies in response to evolving cyber threats.

Markey discusses the impact of emerging threats like AI-generated deepfakes and synthetic identity fraud, as well as the challenges Western organizations face in implementing zero-trust frameworks.

Two-thirds of organizations featured in the 2024 State of Zero Trust & Encryption study cited cyber-risk concerns as the main drivers for implementing a zero-trust strategy. How do threats like AI-generated deepfakes and synthetic identity fraud influence this trend?

While our threat landscape continues to intensify in general, AI-generated deepfakes and synthetic identity fraud are adding fuel to the fire. AI-powered attacks simultaneously increase the scale of personalized attacks and reduce the skill level required. Less sophisticated or easy fraud used to account for ~80% of attacks. However, in the last 6 months alone easy fraud has declined to just over 60% of the total with that trend expected to continue.

There is a striking disparity in zero trust adoption rates, with U.S. organizations lagging. This raises the question, why do you think Western entities struggle more with implementing zero-trust frameworks?

I think the intensifying threat landscape, with nation-state attackers particularly focused on Western targets, has forced many cyber teams in these countries to be hyper-reactive, often at the expense of longer-term and more strategic pursuits like zero trust implementation. helpnetsecurity.com


20 free cybersecurity tools you might have missed

Cybersecurity jobs available right now: June 5, 2024