NRF PROTECT Fraud Session Spotlight and Q&A
How retailers are staying ahead of the increase in fraud

Information, collaboration and technology are key

Next week at NRF PROTECT, a panel of retailers and experts will share their perspective on what's going on, why cases are rising and what can be done to stem the rising tide. The session, curated by NRF partner Card Not Present, is titled "Why has fraud gone haywire since the holidays - and what can we do about it?"

In advance of the conference, DJ Murphy, editor-in-chief of Security Portfolio, shared his expertise on the topic.

Retailers are reporting that incidents of fraud are rampant. Why is this year different from past years? What's at the root of the upsurge?

There are several reasons fraud has skyrocketed to new heights and stayed there. First, as digital transactions go, so goes fraud. Fraudsters can simply get away with more when there are more legitimate transactions in which to hide. More volume means fraud prevention teams, already strapped for resources, have to evaluate more transactions with, usually, the same number of team members. And resources are always hard to come by.

Are there types of fraud that are increasing at a greater rate? Is there any rhyme or reason why one or two types of fraud are proving to be more viral?

Traditional clean fraud (i.e., a fraudster enters stolen credit card into the checkout page of a retailer's site) and all the variations on it will always be with us, but there are several other fraud attacks that have taken center stage recently. Account takeover - when a fraudster secures login credentials and takes over someone else's online account - is perhaps the biggest current problem for an entire range of digital businesses. nrf.com

Click here to learn more & register for NRF PROTECT 2022

40% of Law Enforcement Agencies Reported No Crime Data in 2021
What Can FBI Data Say About Crime in 2021? It's Too Unreliable to Tell

The transition to a new data system creates huge gaps in national crime stats sure to be exploited by politicians in this election year.

Nearly 40% of law enforcement agencies around the country did not submit any data in 2021 to a newly revised FBI crime statistics collection program, leaving a massive gap in information sure to be exploited by politicians in midterm election campaigns already dominated by public fear over a rise in violent crime.

The gap includes the nation's two largest cities by population, New York City and Los Angeles, as well as most agencies in five of the six most populous states: California, New York, Illinois, Pennsylvania, and Florida.

In 2021, the FBI retired its nearly century-old national crime data collection program, the Summary Reporting System used by the Uniform Crime Reporting (UCR) program. The agency switched to a new system, the National Incident-Based Reporting System (NIBRS), which gathers more specific information on each incident. Even though the FBI announced the transition years ago and the federal government spent hundreds of millions of dollars to help local police make the switch, about 7,000 of the nation's 18,000 law enforcement agencies did not successfully send crime data to the voluntary program last year.

By contrast, in 2020, around 2,700 agencies did not report crime data to the FBI. (In some cases, an agency will submit data, but the FBI rejects it.)

The data gap will make it harder to analyze crime trends and fact-check claims politicians make about crime, and we'll likely have to live with greater uncertainty for at least a couple of years, criminologists say. Jacob Kaplan, criminologist at Princeton University, said because many big cities and populous states stopped reporting, it's especially difficult to draw conclusions from the 2021 data.

"I don't think you could get national numbers, at least not useful national numbers, from this data," Kaplan said. "It's going to be really hard for policymakers to look at what crime looks like in their own community and compare it to similar communities."

Last week, the FBI released crime statistics for the first quarter of 2022, compiled from 56% of law enforcement agencies across the country. Data from more than 8,000 agencies was missing, signaling that the national crime statistics may continue to miss a significant number of agencies in the near future. themarshallproject.org

2.1M Unreported Crimes Across the U.S.
Philly police underreported crime data to FBI for city's bloodiest year on record

The Philadelphia Police Department underreported crime statistics to the FBI for 2021, a historically bloody year for the city, new data show.

Roughly 2.1 million crimes across the country will go unreported to the FBI, according to data examined by The Marshall Project and Axios. Philadelphia is among the roughly 60% of U.S. law enforcement agencies that failed to report a full year of data or no data at all to the federal agency.

All in, Philadelphia reported only nine months worth of data to the FBI's National Incident-Based Reporting System. Local police officials cite the city implementing a new crime reporting system for the gap in data.

The Philadelphia Police Department received nearly $4 million in 2016 to upgrade its reporting system, which was officially launched on April 1, 2021, Axios reported. The FBI also switched to a new recording method last year, the National Incident-Based Reporting System, amid a push to better record crime figures and individual incidents.

Philadelphia Police Sgt. Eric Gripp told the outlet that there was a "significant project delay" to upgrade the city's previous system, which was compounded by the pandemic.

Philadelphia set an all-time record for homicides in 2021, recording 562 deaths. The crime has spilled into this year, with the city hitting 200 homicides just after Memorial Day weekend.

The skyrocketing crime in the city sparked an impeachment effort of the city's progressive district attorney, Larry Krasner, which was launched this week by three Republican state representatives.  foxnews.com

Another City Overwhelmed by Retail Violence
Oakland Little Saigon business owners fed up over daily crime, demand change
Robberies at gunpoint, arsons, break-ins and assaults. These are just some of the struggles business owners in Oakland's Little Saigon face regularly. They're so fed up, they've banded together to make their voices stronger together and as a way to survive.

Lele Quach owns a family-run Cam Huong restaurant in the 700 block of International Boulevard, right in the heart of Little Saigon. Through tears, she explains the stresses and terror of doing business these days.

"Crime is increasing exponentially on the daily. Every day, it's increasing, it's getting more violent more brutal," she continues. In every direction you turn in this neighborhood with more than 100 small, mostly refugee-owned shops, you'll see boarded up storefronts and earlier closing times.

Lynn Truong says she used to close her grocery store Sun Hop Fat at 8 p.m., but now she closes at 4 or sometimes 5:30. Oanh Trinh owns Lucky 7 Cigarettes, which has been robbed seven times. Graffiti-covered plywood still covers the front windows. But that wasn't the worst of her woes. Thinh Le even sleeps on the floor of his Kim Viet Jewelry store every night after being broken into 10 times in one year.

Nearly two dozen business owners have come together on a Monday morning to tell their stories and share surveillance videos of arsons, sideshows and attacks. It's an effort so the city will start paying attention. abc7news.com

Business Robberies Surge in Dallas
Murder rate rises in Dallas, amplifying feelings of helplessness and calls for change

Police have recorded 110 slayings through Monday, up about 18% compared with this point in 2021.

Robberies, which decreased significantly last year, are now up, driven by a rise in those committed at businesses. Year to date, there have been 231 business robberies, up nearly 17% from last year's 199.

Overall, violence in Dallas is down this year about 2.4% - or 126 fewer victims - from last year's numbers. That's due in large part to fewer sex offenses, which are typically underreported crimes.

Aggravated assaults have remained steady. Police reported 3,484 aggravated assaults so far this year, 11 fewer than in 2021. dallasnews.com

What Happens to Shoplifting Calls? Civilian Unit? Online Only?
How does this new policy impact the stores?

Dallas police propose new strategies to improve response times on emergency calls

The department wants to boost the number of police reports they take online and over the phone.

Police response times have spiked in recent years, which the department has attributed to more calls for service and a shortage of officers. From 2011 to 2021, Dallas police 911 administrator Robert Uribe said there's been a 53% increase in the number of highest-priority calls - priority ones - even as the number of sworn officers has fallen 11%.

He said police could require residents come to substations to file reports or report online or over the phone for low-priority calls that aren't in progress, such as minor accidents, thefts, criminal mischief and burglaries of coin-operated machines or vehicles. Patrol officers have spent an average of 134,091 hours on those calls each fiscal year from 2018 to 2021, he said.

Uribe also proposed creating a civilian unit to respond to those calls and other low priorities, such as reports of abandoned properties, loud music, panhandling, sleeping in public, burglaries of residences and businesses that aren't in progress.

Police plan to move forward with the strategies. The chief said the department will conduct outreach to educate the public and will be training staff on the changes over the next few months. dallasnews.com

New Gun Measures Gather Bipartisan Momentum
McConnell boost adds to momentum of Senate gun legislation
A bipartisan framework to keep guns out of the hands of dangerous individuals and boost funding for mental health treatment has strong momentum after Senate Minority Leader Mitch McConnell (R-Ky.) endorsed it Tuesday. McConnell says he is planning to vote for legislation based on the framework, which would make him the 11th Republican in the Senate to back it.

Ten other Senate Republicans, led by Sen. John Cornyn (Texas), the chief Republican negotiator, have already signed onto the framework, which would provide billions of dollars in mental health grants to states, restrict convicted domestic abusers and individuals subject to domestic violence restraining orders from buying guns and strengthen background checks for gun buyers between the ages of 18 and 21.

McConnell said a poll of gun owners presented by Cornyn at the Republican lunch on Tuesday showed "support for the provisions of the framework is off the charts" and "overwhelming." thehill.com

Buffalo Supermarket Shooter Payton Gendron Charged With Federal Hate Crimes
Teen also faces firearm charge that carries possible death penalty

Virginia law enforcement among best in nation for reporting crime stats

Utah's crime data reporting to the FBI is exceptionally complete

Retailers Share Shipping Cost Concerns with Biden
'The rip-off is over': Biden urges shipping reform during Port of Los Angeles visit

The president warned carriers that new regulations, aimed at cracking down on skyrocketing shipping costs, are coming

House lawmakers on Monday passed the Senate version of the Ocean Shipping Reform Act of 2022 through a 369-42 vote, sending the measure to President Joe Biden's desk. Biden is expected to sign the bill into law.

The president leveled a warning on Friday at the nine top ocean carriers as he urged for swift passage of legislation to crack down on skyrocketing shipping costs.

The bill is part of the administration's plan to address rampant consumer price inflation that has reached a new 40-year high. The proposal empowers the Federal Maritime Commission to self-initiate investigations into carriers' business practices and provide a pathway for shippers to seek financial relief when hit with unreasonable fines.

Federal agencies responsible for oversight of rail and ocean shipping have sought to hold freight carriers accountable in recent weeks through a combination of hearings, newly proposed rules, and fines.

The profits for the carriers, which operate as three major consortiums, are costs for their customers. Wade Miquelon, JoAnn Stores president and CEO, told the president by phone in the video that price hikes had added nearly $100 million in costs for the retailer.

Hal Lawton, president and CEO of Tractor Supply Company, told the president in another call that heightened container prices alone had left his costs skyrocketing. retaildive.com

Police & Facial Recognition Tech
Groups launch research program to study police facial recognition in Ontario
A joint research program in the province of Ontario between a university, a policing technology accelerator, and a civil liberties organization will explore the implications of facial recognition by law enforcement and seek answers to difficult questions surrounding the biometric modality.

The V13 Policetech Accelerator is a collaboration between the Cobourg Police Service and the Northumberland Community Futures Development Corporation to create and implement innovative policing technologies and best practices in Ontario. The team will look to develop and validate new approaches for policing and facial recognition in a pilot-scale environment set in a small town.

"There is significant concern about facial recognition technology in policing, particularly with regard to bias in the technology and lack of oversight. We all desire our communities to be safer, but we also want deployments of technology by police to be fair and to preserve privacy except where truly justified," says Slane. biometricupdate.com

Inflation Hits Highest Mark in Four Decades in May
U.S. Retail Sales Declined 0.3% in May

Consumers pulled back at auto dealerships, online shopping, and spent more at gasoline stations

So far this year, consumer spending has broadly held up, according to government data through April. Consumer spending accounts for about 70% of U.S. economic output. A strong labor market and rising wages are helping to support spending on services, for which there is pent-up demand from the pandemic.

Consumers are continuing to shift spending to services from goods as many Americans resume more in-person activities such as travel and dining out.

Companies are struggling with higher inflation, which they say is increasingly hard to pass on to consumers. Some large retailers such as Walmart Inc. and Target Corp. in recent weeks reported steep profit declines as rising supply-chain, wage and inflation-related costs ate into earnings. wsj.com

McKinsey & Company on Fear's Role - It's With Us Everyday
Fear factor: Overcoming human barriers to innovation

85 percent of executives we recently polled agree that fear holds back innovation efforts often or always in their organizations

Three fears. Innovation is critical to growth. But fear can stop experimentation in its tracks, leading to less creativity and less ambitious ideas. To learn how organizations successfully create a culture of innovation, McKinsey surveyed and interviewed executives who lead innovative projects around the world. The top three fears holding back corporate innovation were fear of criticism, fear of uncertainty, and fear of negative impact on one's career, McKinsey research found. Yet nine out of ten companies are doing nothing to relieve these fears. mckinsey.com

Starbucks threatens that unionizing could jeopardize gender-affirming health care

SpartanNash acquires 3 Shop-N-Save West Michigan grocery stores

'Shrinkflation': Companies hide rising costs by shrinking the size of everyday products
 

Senior LP & AP Jobs Market

Director Global Security Operations Center job posted for FedEx in Memphis, TN
Leads and supervises all Global Security Operations Center (GSOC) operations to ensure state-of-the-art delivery of the following activities/capabilities on a global basis: security system monitoring and response, intelligence gathering and analysis, risk assessments, communications, reporting, emergency response & security officer dispatching, all in a center that operates 24/7. careers.fedex.com

Director, Global Security Operations job posted for WeWork in Columbus, OH
As a Director, Global Security Operations you will lead the strategic development and direction of key security support functions at WeWork. This role will proactively establish targeted programs/processes to address emerging security and business risks. This leader will effectively manage a team of security professionals poised to identify vulnerabilities, understand the threat landscape, and provide innovative solutions to mitigate risk to people, assets, operations, and brand. careers.wework.com
 

Robot Cybercriminals & Deepfakes
Is that your boss on the phone, or a robot criminal?
Bank robbers faked the voice of a company's director in order to steal $35 million in a 2020 fraud case in the United Arab Emirates. An employee believed they were speaking with the executive on the phone, directing them to transfer funds. But the employee was speaking with a deepfake imitating the director.

Artificial voices are a booming industry. The language school Berlitz uses synthetic voices to create teaching programs that would be expensive and time-consuming to record from humans reading scripts. An AI company that works with Berlitz on the programs, Hour One - with the ironic slogan, "Humanize your content" - urges customers to create voices - or an entire artificial humanoid character - on its website.

But what about the capacity for fraud? The UAE case was not the only example of executive voices being faked to mislead employees. The CEO of a company in the United Kingdom fell for the same sting in 2019, The Wall Street Journal reported, costing his company a quarter-million dollars.

Deepfake videos have been used to mislead voters and consumers on YouTube for years. Last month scammers created a video of Tesla founder and Twitter troll Elon Musk supposedly endorsing a cryptocurrency. Doctored videos (known as "cheapfakes") of House Speaker Nancy Pelosi stuttering and slurring her words have been posted several times.

But deepfake audio fraud is different, cybersecurity experts say. This is not a YouTube stunt designed to go viral. It is a targeted and crafty fraud representing an evolution of phishing, the scam in which malicious links are dropped into office emails and used to defraud companies. The FBI reported last month that compromised business emails stole $43 billion from companies over the past five years, making it the costliest cyber crime.

One favorite trick of criminals is "spoofing" emails, making them look like they are coming from a top executive who is directing the transfer of funds. Employees have gotten better at spotting fake emails, by looking at the sender's email address, or strange language. But employees don't think to listen for faked instructions from executives. We trust our ears too much, experts say. sfexaminer.com

Data Breach Response Strategy
The do's and don'ts of communicating a data breach
Data breaches are occurring more frequently than ever before, even when organizations have the best security precautions in place. According to the Identity Theft Resource Center's 2021 Data Breach Report, data breaches rose 68% from the previous year, reaching the highest number ever reported. That said, while a cyberattack may be out of an organization's control, one thing it can and should control is how it communicates a breach.

Lean into the Incident Response Plan

The incident response plan should provide accurate and timely information that accounts for all these customer questions and keeps their best interests in mind. This plan must be communicated and adopted beyond security and IT teams by a crisis management team that extends across all departments. Every person in the communications chain must report their findings to the executive level for all angles and aspects of the breach to be considered.

Maintain Open and Consistent Communication

In terms of how information is communicated, an organization must give its affected customers a clear understanding of which data was lost and when the incident occurred. End users require as much information as possible to understand how this breach could impact their lives and businesses. Some of the top questions to ask your team when communicating a data breach include: what happened and what do we know, what is the scope of the incident, how did we impact this, and how exactly can we help the customer? In asking these questions, an organization can ensure they are fully prepared to communicate to the customer and openly address their concerns in a consistent manner.

Be Transparent

A data breach can happen to any organization, at any time - so an organization should also never assume or share with their customers that it won't happen again... because it might. Instead, it should assure the affected customer that the incident is being properly contained and managed. To best support customers, an organization should let its customers know that it is prioritizing security and taking the necessary steps to mitigate future potential breaches as well. securitymagazine.com
 
Cyberattack Subscription Service
Illinois Man Sentenced to 2 Years in Federal Prison for Operating Subscription-Based Computer Attack Platforms
An Illinois man was sentenced today to 24 months in federal prison for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.

"Gatrel ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of hundreds of customers," prosecutors wrote in a sentencing memorandum. "He also provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks. These attacks victimized wide swaths of American society and compromised computers around the world."

Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide. Many AmpNode customers were themselves operating for-profit DDoS services.

Gatrel's DownThem customers could select from a variety of different paid "subscription plans." The subscription plans varied in cost and offered escalating attack capability, allowing customers to select different attack durations and relative attack power, as well as the ability to launch several simultaneous, or "concurrent" attacks. justice.gov

Vulnerability management mistakes CISOs still make
These common missteps and misconceptions may be keeping your vulnerability management from being the best it can be.

Some world leaders take the hint and start building bulwarks against deepfake danger

La Habra, CA: .CHP seizes over $200,000 worth of stolen Lululemon apparel
California Highway Patrol investigators intercepted a stolen shipment of Lululemon leggings with a retail value of more than $200,000. CHP officials assigned to the Border Division's Organized Retail Crime Taskforce located 16 boxes of stolen Lululemon leggings located inside a La Habra apartment, officials announced in a news release. There were 1,861 stolen items seized by investigators with a retail value of over $203,000 "According to Lululemon representatives, this is the largest recovery of stolen items in the company's history," CHP said in a Monday news release. The merchandise was stolen from retail locations across the country, including stores in Ohio, Illinois and Wisconsin. Officials began investigating after being alerted to three large boxes of Lululemon merchandise being shipped from Ohio to the apartment in La Habra. CHP said the investigation remains ongoing, and "apartment residents claimed no knowledge of what the boxes contained."  nbcsandiego.com

Lower Paxton Township, PA: Men Wanted For Multi-State Scam Involving Thousands In Jewelry, Cash Starting At PA Kohl's
Two men seem to be taking Kohl's cash literally rather than a department store coupon, as they to appear be a part of a multi-state scam involving thousands of dollars of jewelry and cash at Kohl's, police say. The unidentified two men pictured purchased $2,180 of jewelry from the department store in Harrisburg on June, 3, according to a release by Lower Paxton Township police. "When paying the males performed a quick change scam by confusing the cashier and were able to leave the store with an additional $1,000 in cash," the police state in the release. Since the time of the "quick change scam" the store's Loss Prevention District Manager was notified that the jewelry was returned at a Kohls in Kentucky, according to the release. dailyvoice.com

Salt Lake City, UT: Thief caught on camera drilling into gas tank &catching on fire
As gasoline prices soar, some thieves have resorted to stealing gas in a very dangerous way. One Salt Lake City business has been victimized multiple times. The business manager is fed up, and now the thief has scars for his trouble. A truck parked outside Summit Fire and Protection had already had its catalytic converter stolen and the gasoline siphoned out when another thief showed up Saturday, in broad daylight, and tried to steal the gas. But he paid a price for the costly crime he committed. "Some people try to take the easy way out of everything," said branch manager Travis Mills, showing surveillance video of the theft in progress. Not long after 10 a.m. Saturday, Mills was notified about a gas theft from one of the trucks that also caught fire. "The guy tried to siphon gas out of it and he wasn't getting the siphon to work," Mills said. "So he decided to drill the gas tank, and that's when he caught on fire." On the surveillance video, you can see the thief underneath the work truck on the side of the gas tank. A white pickup truck is parked next to the work truck. At one point, the thief pops up quickly with his shirt on fire and runs away from the truck. The thief had to stop, drop and roll across the parking lot before his accomplice picked him up and they escaped. ksl.com

Update: Northbrook, IL: Suspect charged in theft from Louis Vuitton
A Chicago man has been charged in one of the two smash-and-grab thefts last fall from the Louis Vuitton store in Northbrook Court, officials said Wednesday. Tony Simmons, 19, is facing one felony count of robbery, according to a news release from the Northbrook Police Department. Simmons and seven other people forced their way into the store the evening of Oct. 5 and stole purses and luggage worth more than $77,000, the release said. Several of the bags had GPS trackers inside, and officers found one of the trackers discarded along I-94. Investigators determined that a palm print on the tracker was a match to Simmons, and that other evidence also placed him at the scene during the crime, police said. Simmons is currently being held at the Cook County jail, according to the Cook County sheriff's website, and his next court date is scheduled for June 22. dailyherald.com

Cottonwood Heights, UT: Police ask for help identifying man wanted in alleged AT&T store theft case