It's 'CIS Week' on the D&D Daily! Follow along in the 'Vendor Spotlight' column below as CIS Security Solutions showcases solutions for the retail industry

ORC: The Hot Topic at NRF PROTECT 2023
Walmart CEO and NRF CEO Discuss Impact of Organized Retail Crime
WASHINGTON, June 9, 2023 - At NRF PROTECT 2023, Walmart U.S. CEO and NRF Board Chairman John Furner joined NRF President and CEO Matthew Shay for a fireside chat to discuss the importance of collaboration in combating retail security issues such as organized retail crime (ORC). The conversation took place during NRF PROTECT in Grapevine, Texas, where more than 2,000 professionals convened for the retail industry's premier event for the loss prevention, asset protection, digital fraud and cyber risk communities. Watch the full conversation here.

On the Evolution of Retail Crime:

• Furner: "The complexity in the environment has changed pretty considerably over the last three decades. But the amount of retail crime we are seeing across the country has increased pretty precipitously over the last three to four years. The sophistication of the bad actors, the threat actors, has also increased. The solution is a combination of talent, tools, technology and coalitions of industry, society and government, all working together to solve this issue."

On the Growing Concerns Surrounding ORC:

• Shay: "It has become very clear, both anecdotally but now very quantifiably, that what's happening with organized retail crime is a growing and a persistent threat and a really acute challenge. This is about the safety and health of customers and of communities, and certainly of those millions and millions of associates and team members and partners that work across the retail industry."

On the Need for a Collaborative Approach:

• Furner: "It is a threat to all companies and all members that we serve. I'd encourage everyone to, when possible, share the data so that we can work together to get ahead of some of these issues."

On Advocating for Federal Solutions:

• Shay: "Last year, we were able to get the Inform Act across the finish line. And the Combating Organized Retail Crime Act, which we're now working very aggressively to get through Congress, will give federal agencies the authority to convene and collaborate and distribute resources to law enforcement agencies across the country to the areas that need it."

NRF and the retail community strongly support the Combating Organized Retail Crime Act, legislation that would equip law enforcement agencies with the necessary tools and resources to effectively address this issue. Learn more about NRF's grassroots campaign urging Congress to support this bipartisan solution to fight retail crime. nrf.com


Retail Leaders Fear They Are 'Powerless' to Stop Theft
200 Mentions of Theft & Shrink in Latest Quarterly Earnings Calls

Retail CEOs Signal Rising Alarm as Theft Eats Away Billions in Sales

CEOs fear they're largely powerless to stop shoplifting

Retail executives are sounding the alarm on in-store shoplifting as theft burns a multibillion dollar hole in their balance sheets. While most are vowing to fight back, they're also expressing fears that they may be largely powerless to stop the problem.

As if a possible recession and declining consumer sentiment wasn't enough to worry about, retail executives are struggling with increasing amounts of stock disappearing, or shrink in industry parlance. The problem was talked about more on retailer's earnings calls this quarter than any quarter on record, according to transcript data compiled by Bloomberg. The nearly 200 mentions mark a quarter-on-quarter doubling.

"The increased attention is basically due to more large retailers calling out shrink as a real problem impacting both sales and margins," Evercore ISI analyst Greg Melich said in an interview. Shrink can also refer to things like damage and expired stock, but theft is the main component.

The losses are beginning to reach staggering levels. Target Corp. said lost or stolen inventory will hurt profitability by $500 million this year, while Ulta Beauty Inc. specifically blamed theft when it recently cut its full-year margin outlook.

And it's not just inventory costs at stake. If retail theft worsens it could start to deter shoppers from brick-and-mortar stores and shift consumption online, where margins are often lower, Melich said.

The prevalence of online marketplaces and the ease at which they allow thieves to sell stolen goods are partly to blame for the increase in retail theft, Melich said, as they have helped proliferate a de facto industry out of criminal shoplifters.

Retailers are fighting back with various tactics from locking merchandise behind plastic windows to even exploring speed-limiters on shopping carts, but many say they are largely powerless. Walmart Inc., the world's largest retailer, said although it's "actively managing" the problem, it believes only law enforcement can provide a lasting solution. bloomberg.com


How Each Level of Government Can Fight ORC
Retail Crime Hurts Small Businesses & The Government Must Act

Organized retail theft has spiked. Here's what Congress, states, and localities can do to fix it.

Organized retail theft rates have spiked significantly in the past year. This theft is perpetrated by organized criminal rings that steal large amounts of goods with the intent to resell them, particularly online.

Small businesses and consumers bear the burden:

According to a recent nationwide U.S. Chamber survey of retail small businesses (MetLife and U.S. Chamber of Commerce Small Business Index), over the past year:

• 56% say they have been victims of shoplifting
• 50% say the issue has gotten worse
• 46% have been forced to increase their prices due to shoplifting

Congress: Congress should pass the Grassley Combating Organized Retail Crime Act of 2023 that establishes a coordinated multi-agency response and creates new tools to tackle evolving trends in organized retail theft.

States: Update the definition of organized retail crime and increase criminal penalties. States can also address this by passing laws allowing for the aggregation of multiple offenses over a period of time.

Localities: Prosecutors must do their job and hold these thieves accountable. Local jurisdictions need to end blanket "do not prosecute" and other similar polices that allows thieves to avoid accountability. uschamber.com


Another City's Police Department Enlists ORC Detectives
Metro detectives take on retail crime rings in West Nashville
Metro police call them organized retail crime specialists, and they're causing problems for the West Precinct by stealing expensive, luxury goods, and selling them online.

According to Sgt. Robert Peterson with the Metro Nashville Police Department (MNPD), the Mall at Green Hills, Nashville West Shopping Center, and One Bellevue Place have been hit the hardest this year, up to 134 incidents so far.

West Precinct leaders told residents the thieves often work in groups and steal luxury handbags and other items.

"That's just what they do for their job," Peterson said. "When certain companies, if they have armed security, it makes all the world of a difference. When they get rid of their armed security, it's like open season," he added.

The West Precinct recently dedicated six detectives to the three shopping centers to work the big theft cases, and it's paid off.

Once officers make an arrest, the District Attorney General's Office gets to work, according to DA Glenn Funk.

"Shoplifting is bad enough, but organized retail theft is a major problem," Funk said. "We take those cases very seriously."

Funk told News 2 his office's Economic Crimes Unit is in charge of ensuring retail thefts are investigated and prosecuted properly. Funk's office is also working with the Mall at Green Hills to make sure the cases don't fall through the cracks. wkrn.com


San Francisco's Crackdown Begins - Cleaning Up the Tenderloin & SoMa
S.F. arrests 58 drug users in a week as Breed cracks down. Sheriff targets open-air markets, usage

New team of deputies will arrest dealers and compel users into treatment.

The San Francisco sheriff unveiled plans Thursday to deploy an emergency team in the Tenderloin and SoMa to arrest drug dealers and compel people using drugs into treatment, stepping up a controversial effort by Mayor London Breed to confront the city's fentanyl crisis.

The unit consists of 130 deputies, deployed in squads of eight and working on overtime, for six months starting at the end of June. The department would not say how many squads would be on the streets at any given time, citing a need to protect operational security.

State and local law enforcement agencies citywide have already stepped up enforcement against people dealing and using drugs. The sheriff's department said Thursday that it tracked 58 arrests by multiple agencies since May 30 under six health and safety codes related to public intoxication and drug possession in the Tenderloin and South of Market neighborhoods. All but one were also arrested for more serious crimes, the department said.

Under the new deployment, deputies will arrest people selling drugs, to eradicate open-air dealing. In some cases, they will arrest people on the streets who are struggling with addiction and breaking laws. sfchronicle.com


San Francisco's Crime Crisis Continues
Nine people have been wounded in a mass shooting near clothing store in San Francisco's Mission District
Nine people were wounded in a mass shooting in San Francisco's Mission District on Friday night in what police said appeared to be a "targeted and isolated" incident.

The San Francisco Chronicle reported that the shooting happened shortly after 9 p.m. during a party hosted by a clothing store near the intersection of 24th Street and Treat Avenue.

The San Francisco Police Department initially said that all of the victims were "expected to survive their injuries." But a statement from the Zuckerberg San Francisco General Hospital said one of the victims remained in critical condition as of Saturday afternoon.

"People should feel safe to go out in San Francisco without fear of being victims of gun violence," Scott said. "Our investigators are working diligently on this case, and we will have a visible police presence moving forward in the community where this occurred."

Dying Breed, a clothing store located near the intersection where the shooting happened, was scheduled to celebrate its sixth anniversary Friday night with a block party, according to a post on the store's Instagram account. npr.org


Why Walmart, Costco, and Sam's Club workers check your receipts

Violent crimes increase across Virginia according to 'VSP Crime Report'

Target Foot Traffic Surged 69% Despite Pride Boycott
What Boycott? Target foot traffic up after LGBTQ collection blowback began

Despite the Pride month drama, foot traffic was up at Target stores.

On May 24, Target pulled its Pride Month collection from stores in select states after facing backlash online. The next day brought word that the company's CEO was defending his decision in the face of blowback from both sides. By May 26, the company expanded its removal of the collection to more states as protestors threatened violence, and #BoycottTarget gained traction on Twitter.

During this week of intense backlash, Target saw more customers walk through its doors than the week before.

While the threats were undoubtedly terrifying, the promised boycott never seemed to happen. Despite the outpouring of anti-Target sentiment (and false information) online and from right-wing politicians and pundits, foot traffic at Target stores for the last few days of May was up.

From April 30 to May 27, 2023, Target saw a 69% increase in foot traffic compared to the same time period last year, Gravy Analytics found. The week of May 21, Target saw 8.70 million daily visitors compared to 8.54 million the week before. And Target's foot traffic was up 12% compared to competitors like Walmart and Costco, which saw 9% and 1% increases, respectively.

To be sure, Target's foot traffic boost is part of a longer-term trend, Gravy Analytics noted in a blog post. Early in 2022, foot traffic at Target declined. Now, it's on an upswing, which likely has more to do with the brand's focus on necessities like groceries and less with the customers' opinions on its Pride collection. businessinsider.com


Holograms, AR technology and RFID tags: The store of the future is taking shape
Retail innovations including clothes with RFID tags, digital mannequins and seamless checkouts are removing the friction in the shopping experience - and exceeding Gen Z's expectations.

Brands including Uniqlo, Zara and H&M are introducing in-store retail solutions that use these new technologies to facilitate product discovery, customer try-on and a seamless checkout experience.

According to May 2023 insights from a Klara study involving Gen-Z and millennials, 44% of Gen-Zers believe they will try on clothes in the same way in the future as today. Meanwhile, 40% said they expect to use virtual dressing rooms, 18% said they'll use augmented reality, and 23% will rely on artificial intelligence to advise on which clothes best fit their body and fashion style.

Many brands are already changing their retail stores to integrate these technologies. In May 2022, H&M Group brand Cos piloted smart mirrors in its Beverly Hills store. Through the use of RFID tags, the mirrors allowed customers to order items to try on without leaving the changing room.

With labels and tags becoming digitized, they're offering ways to make the retail experience faster and more seamless. RFID self-checkout has reduced checkout times by 50%. glossy.co


US Supreme Court Curtails Identity Theft Prosecutions

High Court Unanimously Says ID Theft Cases Must Hinge on Actual ID Theft

The Supreme Court on Thursday narrowed federal prosecutors' ability to bring identity theft charges in an opinion holding that misuse of another person's identification must be the crux of a criminal offense "rather than merely an ancillary feature of a billing method."

In a ruling delivered by Justice Sonia Sotomayor and signed by seven of her colleagues, the high court said upholding broad application of identity theft charges in criminal cases is a path to sweeping prosecutions. govinfosecurity.com


New York City announces minimum wage for app food delivery workers
Manhattan's 60,000 food delivery workers currently make on average about $7.09 an hour, according to a news release from the city, explaining the new pay-rate will allow them to eventually earn at least $19.96 an hour. The pay will increase to $17.96 an hour on July 12 then increase again to nearly $20 an hour in April 2025.

Largest U.S. jeweler says COVID-19 behind the drop in engagement ring sales
Signet Jewelers, which owns the Jared, Kay and Zales jewelry chains, said it has seen a sales slowdown in engagement rings because people were not able to meet who could have been their fiancés in 2020 due to lockdowns brought about by the novel coronavirus pandemic.

Coresight Research: Week 23: US Closures Up 61%

Full list of San Francisco retailers pulling out of the city

Here's where a possible sale of Bed Bath & Beyond and Buy Buy Baby stands


Quarterly Results

Rent the Runway Q1 sales up 10%

Signet Jewelers Q1 comp's up 2.5%, sales up 8.9%

Chico's Q1 comparable sales down 0.6%, total net sales down 1.1%

Roots Canada Q1 DTC comps 5.3%, wholesale sales up 6.9%, total sales down 3.7%

Kirkland's Q1 comp's down 4.4%, net sales down 6.2%

Academy Sports Q1 comp's down 7.3%, net sales down 5.7%

Designer Brands Q1 comp's down 10.4%, net sales down 10.7%
 

From Russia With Love
Microsoft investigating threat actor claims following multiple outages in 365, OneDrive

A hacktivist group known as Anonymous Sudan has claimed to be involved in DDoS attacks.

Microsoft is investigating claims by an alleged hacktivist group that it launched a series of DDoS attacks that disrupted the company's OneDrive and other Microsoft 365 services.

The company suffered a series of outages this week that impacted a range of services, including Microsoft Teams, SharePoint Online and OneDrive for Business. The OneDrive disruption was still impacting customers as of Thursday.

The group, known as Anonymous Sudan, has claimed credit for the alleged DDoS attacks and made additional threats against the company. Microsoft officials acknowledged the public claims and are working to fully restore services.

According to research published earlier this year, Anonymous Sudan has publicly identified itself as a politically motivated hacktivist. However, the actor has been connected to an alleged Russia-backed information operation.

The group tried to blackmail Microsoft, threatening to launch DDoS attacks against the company, Wahlen said. The group also tried to previously extort Scandinavian airliner SAS. Some research has linked the actor to the hacktivist group Killnet, which has supported Russia since the outbreak of war in Ukraine.

It is unclear what the specific motivation would be to attack Microsoft. The attacks have been highly disruptive to the company's core business users. Not only have Microsoft 365 services been impacted, but Outlook desktop users reported being unable to access services earlier in the week. cybersecuritydive.com


The Atlas Project: The Global Effort to Stop Cybercrime
How Global Information Sharing Can Help Stop Cybercrime
The Cybercrime Atlas is an initiative hosted by the World Economic Forum's (WEF) Partnership Against Cybercrime. While it's still in prototype stages, it's being designed to provide a platform for academic analysts, cybersecurity companies, national and international law enforcement agencies, and global businesses to share knowledge about the cybercriminal ecosystem.

At its core, the Atlas project is a database about cybercrime. Information could come from government alerts, cryptocurrency analysis companies, platform providers, court records, and publicly available materials - anything the analysts can identify that might be relevant to understanding the entirety of the criminal ecosystem.

Analysts could then use this database to generate multiple different views or maps of various parts of the cybercriminal ecosystem. For example, one analyst might be interested in ransom payments and could use Atlas to help understand how illicit funds are moving.

Another might be interested in identifying the platforms that appear to host a large number of criminal actors. Another "map" or view might focus on the relationships between different criminal groups. By creating an international information repository based on public data and voluntarily shared information, cybersecurity practitioners can create a tool that will enable them to fight cybercrime more effectively.

As of mid-2023, the Cybercrime Atlas is still in the prototype stage. As a leader of an information sharing organization, I have no illusions about the challenges associated with making a project like the Cybercrime Atlas successful. Yet, its foundation is strong and its promise as a tool to help defenders, law enforcement, and other analysts navigate the criminal landscape is large. Given what's at stake, we have an obligation to use every tool at our disposal to combat the pernicious threat posed by cybercrime. hbr.org


60 Years on, Banks Say it's Time to Leave Passwords and Embrace Biometrics
Simply relying on one-time passwords and texts is no real defense against fraudsters. The urgency is real.

In just one example, SIM swap-related attacks account for a staggering $68 billion worth of fraud, noted the panelists. Fraudsters gain access to sensitive information is through SMS one-time passwords, which are directly subject to fraud.

As Koski said, "If you look at the history of how we've authenticated people, passwords began in the '60s. We're now, you know, 60 years into that journey. And we all know these are phishable credentials. We know that the criminals know how to target customers to ask for user IDs and passwords."

"The goal is to remove those phishable credentials," Koski said.

Koski and Sampath contended that biometric authentication is quickly gaining popularity as a more secure alternative to traditional password-based authentication. Not only does it provide a faster and more convenient way for customers to access their accounts, but it also significantly reduces the risk of fraud. Koski emphasized the importance of educating customers on the need for multifactor authentication and the limitations of SMS or email one-time passwords - moving them, gradually, to biometrics in phases.

As she said, "We're getting there, and the more we can help customers understand putting power in their hands to make decisions, but to use what's on their native devices as part of their biometrics is really important."  pymnts.com


Illinois a victim of CL0P ransomware attacks, state agency says

While Illinois' Department of Innovation and Technology said on Friday that the full extent of the incident was still being determined, it's believed that a large number of people could be impacted.

The state of Illinois was victimized in a recent ransomware attack that occurred when a group of cyber criminals "exploited a vulnerability in a widely used third-party file transfer system," state officials said.

The Illinois Department of Innovation and Technology said Friday that the Cybersecurity and Infrastructure Security Agency and FBI have attributed the attack, which occurred on May 31, to the CL0P Ransomware Gang, also known as TA505. The attackers, according to the federal agencies, exploited a "previously unknown structured query language injection vulnerability" in the MOVEit Transfer system. The system's web applications were infected with a specific malware, which was then used to steal data from the program's databases, according to the CISA and FBI. nbcchicago.com


Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another

AI chatbots want your geolocation data. Privacy experts say beware.