'Comprehensive Security Program' to Fight ORC
How retailers can protect themselves against organized retail crime
The combined impacts of ORC-financial losses, supply-chain disruptions, negative customer experiences, employee safety, store closings, threats to the brand-are moving legislators, law enforcement, and retailers to work together to find solutions that will deter ORC, disrupt crime rings, and protect consumers.

Many states have stiffened penalties for ORC crimes. And nationally, Homeland Security Investigations (HSI) has launched what it's calling Operation Boiling Point, an international coalition of law-enforcement agencies, non-governmental organizations, financial institutions, and private industry aimed at exposing ORC networks and helping victims of related ORC activities such as human trafficking and forced labor.

Toward a comprehensive security program

One of the most effective ways for a business to protect itself against ORC is to create a comprehensive security program, one that combines state-of-the art security technology, AI-powered analytics, and improved employee training.

Real-time monitoring and response capabilities

CCTV cameras that cover the entire premises-parking lots, entrances, store aisles-are a must, of course, but cameras are much more effective if they are also paired with such features as real-time monitoring capabilities, automated license-plate readers, and advanced identity verification software. With these tools in hand, security personnel can identify suspected ORC thieves in real time and pass that information on to law enforcement.

AI-powered analytics

Large retailers can also utilize AI-powered data analytics to analyze store shopping patterns and other data to identify merchandise that is most often targeted, the times thefts are most likely to occur, and location. Using this data, stores can direct more resources to high-risk areas (by securing goods such as razor blades and perfume behind locked cabinets, for example), create less vulnerable store layouts, and better anticipate when and where thefts are most likely to occur.

Employee training

Employees should also be trained to spot suspicious activity, both in person and through the store's surveillance systems. That way, employees don't necessarily have to confront a suspected thief, but they can identify and report suspicious behavior to law enforcement.   legal.thomsonreuters.com


Commission Calls on CA To Collect More Theft Data & Study Prevention Measures
California agency reports theft is underreported and increases inflation
California's Little Hoover Commission, a bipartisan state oversight agency, issued its much-awaited report on retail theft, finding that theft is underreported and causes inflation.

The commission's two recommendations are the state collect more data on individuals arrested for theft, including law enforcement response, people arrested, demographics, charges, and recidivism, and conduct studies on theft prevention. Legislators had requested the LHC complete a report including these statistics as they relate to Proposition 47, a 2014 ballot measure which turned many "wobbler" drug and theft charges that could be felonies or misdemeanors into misdemeanors, but LHC couldn't find enough data to do so.

The report says the only major source of theft underreporting data, the U.S. Department of Justice Bureau of Justice statistics on household and personal belongings theft reporting rates - which does not include theft from businesses - finds reporting in the category decreased from 39% in 2010 to 31.8% in 2022.

Business leaders point to major differences between reported burglary and other crimes, with burglary alone dropping as other violent crimes have risen since Prop. 47 as evidence that theft is underreported.

"We know that there is underreporting. Since Prop 47 was passed, murder, rape and robbery increased by more than 20% in the number of crimes. Same holds true for motor vehicle theft which is up 19.8% since the passage of Proposition 47," said Matt Ross, Communications Director for Californians Against Retail & Residential Theft, to The Center Square. "The only significant drop is burglary at 30% So either California is doing an amazing job at stopping burglary when every other crime stat is on the increase, or there is underreporting."

The LHC report also noted the impact of theft on small businesses and inflation. It's unclear the degree to which retailers are raising prices to offset theft losses, but retailers are reporting growing losses from shrinkage. 

With the LHC's conclusions "submitted to the Governor and the Legislature for their consideration" and its "recommendations often taking the form of legislation," it's likely the state will soon take action on improving crime reporting and data collection, which could spawn future anti-crime legislation in coming years. thecentersquare.com

   RELATED: CA commission finds retail theft remains low, calls for more research


Social Media Post Over California Theft Crisis Sets Off Firestorm
Shoplifting is illegal in San Francisco, contrary to online claims
Theft is among several reasons retail chains are closing stores in the US city of San Francisco, but social media posts sharing an image of a sign implying stealing merchandise worth up to $950 will go unpunished are false. Shoplifting is a crime in the state of California, and the municipality did not authorize the notice circulating online.

A July 3, 2024 Facebook post appears to show a sign outside a Louis Vuitton store in San Francisco that says: "Stolen goods must remain under $950." The post caption blames such crimes on Democrat Gavin Newsom, former mayor and current California governor.

Despite media coverage of brazen thefts in San Francisco, stealing is illegal in the city and across the state. "Theft of any amount of merchandise is a crime in California," David Sklansky, co-director of the Stanford Criminal Justice Center (archived here), previously told AFP.

The figure on the sign refers to a threshold established under Proposition 47, which state voters approved in 2014.

The law made shoplifting a misdemeanor offense, defined as "entering a commercial establishment with intent to commit larceny while that establishment is open during regular business hours" (archived here).

When the amount stolen is less than $950, California's criminal code says it "is punishable by fine not exceeding one thousand dollars ($1,000), or by imprisonment in the county jail not exceeding six months, or both".

The law's aim was to focus prison spending on violent crimes. But a decade later, California politicians continue to fight over whether to amend or scrap the law. factcheck.afp.com


New UK Government Plans to Ramp Up Retail Crime Fight
Labour's proposals to tackle retail crime expected to feature in King's Speech

The new Labour government is expected to put forward legislation to combat retail crime, that includes making assaulting shop workers a specific offence.

The first King's Speech since the General Election, will be delivered by King Charles at the State Opening of Parliament on Wednesday 17 July outlining the government's priorities and will include a new criminal offence of assaulting shop workers.

It's also expected to close a loophole that means thefts of goods worth under £200 are less likely to result in prosecution.

Additionally, plans to tackle antisocial behaviour are set to be outlined while Rishi Sunak's smoking ban is expected to be followed through.

Paddy Lillis, general secretary at retail union Usdaw, said: "The Tories' dither and delay on retail crime left thousands of shop workers needlessly suffering physical and mental injury.

"We look forward to Labour delivering a much-needed protection of shop workers' law; ending the perverse £200 threshold for prosecuting shoplifters, which effectively became an open invitation to retail criminals; and funding more uniformed officers patrolling shopping areas along with town centre banning orders for repeat offenders. talkingretail.com


Will 2024 See a Drop in Mass Shootings?
U.S. set to see another deadly year for mass shootings
The U.S. is on pace to see a drop in mass shootings compared to last year, but the number of incidents so far this year has already far surpassed the mid-year totals from a decade ago, per the Gun Violence Archive (GVA).

The big picture: The country is still averaging over one mass shooting per day this year and could break over 500 mass shootings for the fifth year in a row.

Context: The decline in mass shootings comes as other forms of violent crime are falling at historic rates. The decrease could be attributable to the waning social and economic upheavals set off by the coronavirus pandemic, Drane said, while emphasizing mass shootings are still far too common.

Zoom in: As of July 2, the midpoint of the year, 277 people were killed and 1,132 people were injured in 261 recorded mass shootings, according to GVA. The data indicates the U.S. is trending well below mass shooting rates in 2021 - the deadliest year on record for such shootings incidents and gun violence in general.

So far, it's on track to see a 23% decrease in mass shootings from 2023 and a 31% and 20% decline in mass shooting deaths and injuries, respectively, according to Axios' analysis of GVA's data.

Yes, but: The data also shows the country is on pace to experience another deadly year when compared to averages over the previous 10 years up to July 2. axios.com

Chicago mayor, Illinois governor blame for Republicans for city's violent crime
 
Charlotte, NC: Gun Violence Survivors Speak Out For A Safer Community
 

Rethinking Hard Tag Removal
How RFID Technologies are Complementary to EAS Hard Tags
arly experiments with the idea have shown that eliminating hard tags could be a costly decision for retailers - and have proven that each technology in the LP toolbox has a part to play in the effort and that a customized strategy is the key to success.

Tried and Tested: The Results of Removal

Despite the promise RFID and ILLP programs hold, it seems the key to optimizing LP programs still lies in balancing real-time deterrents (like EAS hard tags, locks and alarms) for prevention, with analytics-based optimization and monitoring for an added capability of loss identification. After all, visual cues have a significant impact on individuals' behavior. Research routinely shows that simply seeing security equipment makes all the difference for would-be criminals. It's the reason that police proximity and the presence of alarms, outdoor cameras or exterior lighting all deter home burglaries. There's evidence to show that just having a security sign can reduce the chance of a break-in by 25%.

The same is true in retail locations, where exit pedestals, signage and hard tags act as visual reminders that theft is taken seriously. My company, Sensormatic Solutions, has seen firsthand how removing hard tags can contribute to increased shrink.

It is also important to note that from a labor standpoint, removing hard tags resulted in an unexpected but understandable byproduct: decreased workplace safety. Numerous retailers that tried to do away with hard tags reported the move negatively affected workers. As the number of theft events increases, so does the likelihood that associates or security will witness or become involved in an incident. LP teams shared that their associates felt less safe in the stores without tags, and many said associate requests for the redeployment of tags played a part in their decision to reverse course.

The Best Offense is a Good Defense

With the above in mind, it's becoming increasingly clear that eliminating hard tags or other visual indications of a retailer's security program isn't an optimal option. RFID and predictive analytics systems provide incredible value for historical analysis, loss identification and proactive planning, but they are ultimately intended as a complement to ahard tagging program. Visual cues (like hard tags) are the first line of defense. retailtouchpoints.com


Can Companies Handle Another Pandemic?
Just 23% of Workers Say Their Company Could Handle Another Pandemic

However 38% said there was an increased emphasis on proactive risk identification and mitigation.

Looking at how well companies handled the pandemic, a recent survey from Fusion Risk Management found workers were not pleased.

The survey found that the majority (83%) of employees say their company didn't have a dedicated pandemic preparedness plan, 53% were not prepared, and 43% feel that their company could have better supported employees during the pandemic.

Looking ahead employees don't see much improvement as 23% don't think their current company could handle another pandemic. And 26% believe their company needs to improve its communication regarding health and safety measures.

However, there are some positive results from the survey. More than half (52%) of respondents said their company has implemented new policies because of the COVID-19 pandemic.

The top ways companies have changed their approach include continued remote or hybrid work options (43%), enhanced cleaning and sanitation protocols (23%), and revised sick or time-off policies (15%).  ehstoday.com
 

The Growing List of Retailers Rejecting Checks
Should Other Retailers Join Target in Rejecting Checks?
Check usage dropped to about 7% of overall financial transactions by 2017, according to the Federal Reserve of Atlanta. The decline has been blamed on the arrival of ATMs, which sped up access to cash, as well as the introduction of credit cards, debit cards, and mobile payment systems like Venmo and Apple Pay that offered more convenience and speed over checks. Credit cards and some debit cards also offer perks for usage. Additionally, checks are known as a bottleneck in checkout lines.

Whole Foods, ALDI, Old Navy, and Lululemon are among retailers no longer accepting checks, but the wide majority appear to accept them, including Target's competitors such as Walmart, Costco, Dollar General, Walgreens, and most grocers and department stores. Checks aren't able to be used at self-checkout stations, however. retailwire.com


Walmart faces scrutiny after shopper flags odd pricing detail

The retail giant is once again in the midst of controversy over its pricing practices.

The criticism surrounding Walmart's pricing tactics is continuing to grow, as a new TikTok video accusing the retailer of being deceptive in its clearance section is gaining steam on the platform.  thestreet.com


Macy's ends talks with Arkhouse and Brigade, foiling $6.9B takeover

China's economic growth slows amid weak retail spending
 

'Protect the Data'
Retail cyber leaders face new responsibilities to ensure the security of AI systems and tools

Balancing the threats and opportunities of AI

How security leaders can effectively support their companies' innovative use of artificial intelligence while protecting against risks

While the positive opportunities of generative artificial intelligence have been discussed and dissected at great length, less attention has been paid to the potential threats posed when AI is used as a tool by bad actors.

Just as the technology is evolving, so too are the types of retail crimes it can power, according to a panel of security leaders at NRF PROTECT in California in June.

What we've seen "over the course of the last decade is an increase in automation and connectivity via technology, which is great," said Katie Craven, Visa's head of risk and identity solutions management for North America. "But fraud has also become much more automated and connected, and some of the barriers to large scale attacks like language, location ... have been overcome by AI."

Protect the data

Meanwhile, retail workers in areas such as HR and marketing are eager to use the new technology, which means retail cyber leaders face new responsibilities to ensure the security of AI systems and tools. "At Living Spaces, we really wanted to get ahead of it," Bagley said. "We thought of ChatGPT as the next Google, so we wanted to figure out the models."

After some positive initial copywriting and description results, Bagley and his team began to worry about what sensitive data from other departments such as accounting or HR might make its way to the internet. "That's when we said we need to put governance around this. At least, don't put all this customer information into ChatGPT," he said.

It all comes down to protecting the data, said Mark Weatherford, chief cybersecurity strategist at Coalfire. "You can't have AI without data. It's statistics plus plus, statistics on steroids," he said. "A new impetus on us as technologists and security professionals is to look at the data, who has access to it, when and where to they have access to it, and who can they send it to and how."

'No silver bullet':  nrf.com


ID & Prioritize Data Security Risks
Discover the growing threats to data security
In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks.

Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain the shortest possible MTTD/MTTR. He also discusses the role of AI in enhancing security measures while acknowledging the new risks it introduces.

How can businesses identify and prioritize their data security risks?

The first step to managing data security risks is to identify and understand what data you have. That means creating a comprehensive data inventory, one that includes all data stored across different systems and cloud environments, whether that data is structured or unstructured. Then you need to classify your data based on its sensitivity - confidential, restricted to internal access only, or public. Without this level of data visibility, managing data security risks is impossible, because data has no rules.

More than ever before, businesses generate and use data across a wide range of different use cases, users, and environments. Data is constantly growing, moving, and changing, making it both difficult to manage and irresponsible not to. At the same time that the data is expanding, malicious adversaries are taking advantage of this growing attack surface.

Attackers will use whatever tools and techniques are available to them to compromise this data. To make a meaningful impact on reducing data security risks, you need to ensure that your organization has the shortest MTTD/MTTR (meantime to detection/response) possible across all data. A continuous and comprehensive data inventory, coupled with robust monitoring tools and automation, helps ensure that security teams can keep up with the ever-changing threats on data easily, even as that data is created, shared, and used everywhere. helpnetsecurity.com


'Deceptive' & 'Manipulative' Practices Getting Consumers to Spend Money
76% of SaaS companies use 'dark patterns,' analysis finds

With federal regulators and states clamping down on the practice, companies might take a hard look at how they're presenting information on their websites and in their apps.

About 18 months ago, the Department of Justice and the Federal Trade Commission announced a settlement with Fortnite maker Epic to pay more than half a billion dollars in fines and restitution for its use of so-called dark patterns. Among other things, the company is alleged to have used deceptive or manipulative processes that made it too easy for kids to spend money in the game, even for things they didn't ask for, while throwing up roadblocks to get the charges removed.

Fortnite might be an egregious example of how a company exploits process flows to get outcomes it wants from consumers, but most companies in the software-as-a-service space leverage dark patterns to some extent, an analysis finds.

Almost 76% of SaaS companies deploy at least one dark pattern in their digital interfaces, and 67% deploy more than one, based on a 3-day sweep of 642 sites conducted at the end of January by organizations representing consumer protection and privacy agencies around the world.

The most common practice is a form of sneaking in which the company makes automatic subscription renewal the default setting without enabling consumers to turn that off as part of the purchasing process. "This was found in 81% of the [SaaS companies] who provide subscriptions that renew automatically," a report on the sweep says.  cybersecuritydive.com


Encrypted traffic: A double-edged sword for network defenders

Why it's time to ban ransomware payments; Russian info ops