First Vendor Caught:
U.S. Security Manufacturer Selling Chinese Tech Claiming it's Theirs - $88M Fraud

-Aventura Technologies Senior Management Charged with Fraud, Money Laundering & Illegal Importation of Equipment Manufactured in China

-Security Hardware, Software & Peripheral Products Manufacturer on Long Island

A criminal complaint was unsealed in a Brooklyn federal court charging Aventura Technologies, a New York-based surveillance and security equipment company, and seven current and former employees, with selling Chinese-made equipment with known cyber security vulnerability to government and private customers, while claiming the equipment was made in the U.S. Aventura has generated more than $88 million in sales revenue since November 2010, and the charged scheme has been going on since 2006, according to a Nov. 7 press release from the U.S. Department of Justice.

Four of the individual defendants are also charged with defrauding the U.S. government by allegedly falsely claiming that Frances Cabasso was the owner and operator of the company in order to obtain access to government contracts reserved for women-owned businesses when Aventura was allegedly controlled by her husband, Jack Cabasso. The Cabassos are also charged with laundering the monetary proceeds of these fraudulent schemes.

Six of the defendants were arrested on Nov. 7. Law enforcement agents executed search warrants at Aventura's headquarters in Commack, N.Y., and at the home of Jack and Frances Cabasso. The government has also seized the Cabassos' 70-foot luxury yacht, and has frozen approximately $3 million in 12 financial accounts that contain proceeds from the defendants' alleged unlawful conduct. securitymagazine.com
 

The Counterfeit Fight Continues

Ralph Lauren offers consumers a DIY counterfeit-checking tool
Ralph Lauren Corp. on Tuesday launched Digital Product Identities, which enables consumers to use their mobile phones to verify the authenticity of Ralph Lauren merchandise.

By scanning the Digital Product ID on the product label, consumers can confirm whether their purchase is authentic, as well as learn about product details and receive styling tips and recommendations. For Ralph Lauren, the technology offers real-time visibility to track products from the point of manufacture and improve inventory management.

The technology, developed in a partnership with EVRYTHNG, a connected IoT platform, and Avery Dennison, is being phased into all Polo Ralph Lauren products. "The application of this technology means every Polo product will be 'born-digital' which represents a new milestone in data intelligence innovation in our sector," said David Lauren, Polo chief innovation officer, in a statement.

The launch came the same day a CNBC investigation alleged that The RealReal luxury resale site has been selling counterfeit goods and failing to properly train those responsible for authentication

Start-ups such as Blockverify, Cypheme and Red Points have been gaining attention for using artificial intelligence and/or blockchain and cloud-based services to fight counterfeiting. retailwire.com

CNBC Rips The Prima Donna of 'Authenticated Luxury Consignment' - The RealReal - Counterfeits Slipping Through

RealReal's shares plunge as poor training and tough quotas cast doubt on 'no fakes' pledge

The RealReal is an online luxury consignment store that differentiates itself by saying everything is 100% real. The CEO has said there are "no fakes on our site" and "every single item [is] authenticated."

CNBC spoke with nearly three dozen former employees and obtained internal company documents that show not everything is authenticated by an expert and employees work under strict quotas that lead to fakes being sold on the site.

CNBC read nearly 1,400 online reviews of the company and found that fakes, damaged items and mistakes are top complaints. The RealReal, which refused an interview, defended its authentication process and said it has no tolerance for counterfeits.

The RealReal, launched in 2011, went public this year on June 28. That day, CEO and founder Julie Wainwright said on CNBC's "Squawk on the Street" that "every single item has already been inspected, authenticated before it gets on the site." And in 2016, she told CNBC, "There's no fakes on our site."

This promise is key to the brand's identity: the idea that the company takes an extra step to ensure items are authentic. cnbc.com

The RealReal Defends Itself After CNBC Report on Counterfeits
"CNBC's report does not accurately represent the depth of our team's expertise and the thoroughness of our authentication process. The RealReal has a rigorous authentication process, it is core to what we do and central to our brand. We make every effort to accurately authenticate the items we receive. If there is a question about the authenticity of an item purchased from The RealReal, we will always work with our customers to make things right. We stand behind both our process and authenticity guarantee, and will continue to provide a safe and reliable platform for buying and consigning luxury items."

In an email to customers Wednesday, The RealReal founder and CEO Julie Wainwright appeared to back away from previous statements that there are no fakes sold through its site. "This is a complex problem, and fighting global counterfeiters is hard work. We strive for perfection, but may not be perfect every single time," she wrote.

The missive follows an investigative report from CNBC. retaildive.com
 

The POS Transformation

The point-of-sale transformation continues
While there are many examples of POS advancement, a few specific specimens seem to be generating the most excitement in the marketplace. These include:

Checkin-based transactions
Traditional checkouts - even self-service iterations - could soon become antiquated thanks to the emergence of autonomous brick-and-mortar payment technology. These solutions leverage sophisticated sensors, cameras and machine-learning software to support genuinely frictionless purchasing experiences. The autonomous checkout system that underpins Amazon's Go stores is perhaps the most visible example here in the U.S.

Contactless credit cards
Credit and debit cards with contactless payment capabilities are commonplace in economies across the globe. An estimated 50% of consumers in the European Union use these payment methods, according to research from A.T. Kearney. Adoption is even higher in Asia. In South Korea, for instance, 96% of shoppers use contactless credit and debit cards. However, these items are essentially nonexistent in the U.S., where just 3% of consumers use them. But experts anticipate this will change - and soon.

Advanced POS hardware
As the retail industry evolves, so too does that POS hardware that makes brick-and-mortar purchasing possible. Hardware developers had largely been focused on making back-end improvements. But with new shopper-POS interaction norms materializing, sellers and their technological partners are now moving forward with more visible changes.

All-in-one POS assets are also rising to the fore, as more and more sellers embrace the pay anywhere in-store concept and seek to equip employees with everything they need to checkout customers, from card swipers and pin-and-chip components to onboard receipt printers and cash drawers. retailcustomerexperience.com

Understanding the Value in Autonomous Checkout
Convenience store retailers continue to grapple with how best to respond to the disruption of frictionless checkout. I recently spoke with Crone Consulting's CEO Richard Crone and Managing Partner Heidi Liebenguth for a podcast on autonomous checkout.

Crone pointed out that Amazon Go is working at a 99.99% confidence level. "If something does fail, from our estimations, somebody is reviewing the video on the backend to see what actually happened and resolving the issue pretty quickly," he said.

"If you donate (your) SKU level data, dwell time and checkout data to (autonomous checkout) startups, you're going to help build a unicorn value in someone else's business while you're giving up the very essence, the most prized asset of your merchandising concept," he said. "And that's your SKU-level customer data while they're in the store."

Customer Identification
Liebenguth pointed out that the real value of the machine vision and machine learning used in autonomous checkout isn't the autonomous checkout itself, but gaining the data behind who the customer is through the check-in process.

"Check-in allows the retailer to personalize the customer journey through the store, not waiting until checkout ...

It's important to recognize that Amazon Go is working from a clean slate and not retrofitting frictionless checkout into an existing retail environment.

Amazon has essentially eliminated many of the exceptions found in traditional retail that would pose challenges.

Another approach is scan and go, but some retailers are seeing shoplifting with this approach.

"Another is order ahead, and this could be a replacement for self-checkout altogether," Liebenguth said.

Data Capture
The advantage and value of autonomous checkout is in making the customer experience more valuable and increasing visits and basket size.

Listen to the full podcast here.  cstoredecisions.com

Combatting Shrink with Scan & Go
Many self-checkout theft tactics can be replicated with scan-and-go technologies

While self-checkout and automated solutions offer many benefits, there's a perception they can also lead to greater theft. One survey of 13 major retailers operating in the United States and Europe found levels of stock loss were 1 percent in stores with self-checkout, compared with 0.67 percent of those with staffed checkouts.

Although some loss can be attributed to mistakes on the part of the consumer, self-checkout can expand opportunities for theft. Many common self-checkout theft tactics, such as bagging items without scanning them or scanning lower-cost items while bagging more-expensive ones, can be replicated with scan-and-go technologies.

After expanding it to more than 100 stores, Walmart ended its Scan & Go pilot after only a few months in May; a former head of checkout innovation told Business Insider theft was a major problem. At the time the program ended, Walmart said the program had low adoption in addition to some of its own friction points "such as receipt checks, weighted produce and un-bagged merchandise resulting from using the program."

Despite the concerns, the potential for shrink can be overcome with the right optimization of staff and technology, says Jerry Sheldon, a retail analyst with IHL. Spot checks by associates combined with new camera technology and AI can also help retailers identify behaviors related to nefarious activities.

But in contrast to basic self-checkout, many of these new technologies can even reduce theft and error, says Michael Suswal, COO and co-founder of Standard Cognition. For example, Standard Cognition's AI-powered autonomous checkout platform can detect when someone is not logged into the system and it appears they are about to leave the store with items they have not scanned. The system can then alert associates about the issue.

When armed with the right information, associates can remedy the problem or prevent the theft with non-confrontational questions, such as asking the person if they need help downloading the app or if they were able to find everything they were looking for.

Grabango, a Silicon Valley startup, can even charge potential shoplifters for all items on their person, even if hidden from view at checkout or while leaving the store. As the system does the work, store personnel don't even need to confront suspected shoplifters. stores.org

C-Stores Represent the Canary in the Cage Type Testing Ground
Appears to be Leading in the POS Transformation Process
Small enough to install, monitor and change almost instantly and has the numbers of stores and transaction types necessary to truly test a large consumer base quickly. Just an opinion.
 

What Not to Say in Written Communications

Phrases early-career professionals should avoid in work e-mail

A recent article in Forbes highlights the importance of communication in the workplace. A report from the World Economic Forum on the top skills required for jobs in 2020 lists communication as one of the top 10. And employers have identified communication skills as the No. 1 trait they desire among recent graduates.

E-Mail Tips

Keep in mind that when someone reads your message, interpreting tone, intent and meaning is difficult. There are certain phrases that should not be included in any message, including the ones listed below.

"What specifically do you want?" - "I can't," "they can't," "it can't," "unfortunately we can't," "I don't," "we don't," "they don't" or "I am unable." - "I've been in meetings."

"I am unavailable." - "This is too late." - "Do you have ... ?" "Can you ... ?" or "You should." - "Let me know if there's a further issue." - "Dear [misspelled name] ... " - "Are the results in?" "As I mentioned" or "like I said."

Use written communication to accomplish these four goals: 1. Build and maintain relationships. 2. Build your professional image. 3. Demonstrate consideration for others. 4. Share context. shrm.org

"It's Not As Much What You Say
But What They Remember You Said Six Months From Now"
Gus Downing

6th Annual ISCPO Global Supply Chain Security Conference: Open For Registration
The International Supply Chain Protection Organization (ISCPO) is pleased to announce its 6th annual conference is open for registration at ISCPO.org. The conference will be held March 3-5, 2020 in Dallas, TX where ISCPO members and loss prevention professionals will hear from industry veterans and get the latest trends in supply chain security, industry theft, global trends, and investigation.

ISCPO's annual conference brings together loss prevention, security, and protection professionals working within the global supply chain for two days of networking, education, and collaboration. iscpo.org

ROFDA to Join Forces with NGA

KKR Makes Formal Approach to Walgreens Boots on Record Buyout

Spin-off of Old Navy in doubt amid sudden departure of Gap CEO

Global Smart Supply Chain Summit 2019:
Technology Is Driving Improvement in the Efficiency of Supply Chains

UPS expects 26% jump in returns this peak season
 

Sponsored by Deloitte

Removing a CISO After a Breach Is a Tough Call, Experts Say
Ousting an executive can sometimes do more harm than good, such as losing valuable knowledge for the company.

A cybersecurity incident can put a stain on the corporate security chief, but senior leaders must be sure that removing the executive doesn't further harm the company, experts say.

The calculation involves evaluating whether the problem could have been prevented as well as assessing the chief information security officer's protection strategies. Data breaches will happen at some point for companies that have valuable data. He said the question is whether the breach was preventable or unpredictable.

Removing an executive after a scandal isn't unusual and it can help mitigate financial fallout. "Investors do like to see firms taking action, doing something to try to rectify or alleviate the situation," she said.

At a breached firm, the board and senior leaders should be sure the CISO was at fault before moving to oust or demote the executive, she said. "It's not if a breach will happen, but when, and it may not be anything the CISO did wrong."

High-profile breaches tend to trigger executive changes. Equifax Inc. announced the retirement of its chief information officer and chief security officer soon after disclosing a breach in 2017.

Firing a CISO after a high-profile security lapse can signal that the organization takes data security seriously. But that can be a mistake, she added: "When the CISO walks out the door, a tremendous amount of knowledge leaves with them."

A more effective strategy, she said, is for the CEO to take accountability for the lapse, allowing the CISO to focus on developing a tighter security program.

A survey of CISOs conducted by security firm Optiv Security Inc. in September found that 58% said experiencing a data breach actually made them more attractive to other employers. Around three-quarters of those surveyed said they expected CISO roles to be a path to chief executive jobs in the future. wsj.com

Insider Threats Hits Two in 1 week
Security's Biggest Challenge

Trend Micro Employee Sold Consumer Data to Scammers
A Trend Micro employee stole and then sold contact information for 68,000 of the company's consumer subscribers, which led to a raft of unsolicited tech support scam calls, the company says.

The employee has been fired and law enforcement has been contacted, the company reports in a statement on its website. The employee accessed the data "with a clear criminal intent," Trend Micro says.

The incident is an embarrassment for Trend Micro. It also highlights a problem that is regarded as one of the most difficult computer security challenges: a well-placed insider who decides to steal information from a company, or the "insider threat." "Credit should be given to Trend Micro for being so open about this issue," Honan says. govinfosecurity.com

Feds Allege Saudi Spies Infiltrated Twitter
The U.S. Department of Justice has charged three men with perpetrating a campaign to infiltrate Twitter and spy on critics of the Saudi government, and acting as illegal agents of a foreign government.

On Wednesday, prosecutors unsealed a criminal complaint against two ex-employees of Twitter: Ali Alzabarah, 35, of Saudi Arabia, and Ahmad Abouammo, 41, of Seattle. The complaint also names Ahmed Almutairi, aka Ahmed Aljbreen, a 30-year old Saudi national. Alzabarah has been accused of sharing 6,000 Twitter users' private details with Saudi officials in 2015 and was arrested Wednesday in Seattle. While the other two are back in Saudi Arabia. Abouammo Worked as Media Partnership Manager in Seattle. Alzabarah Worked as Site Reliability Engineer (IT) in San Bruno, Calif. govinfosecurity.com

Twitter & Trend Micro Fall Victim to Malicious Insiders
Two separate incidents reported last week have once again highlighted how insiders with legitimate access to systems and data can be far more dangerous to enterprise security than external attackers.

"The premise of 'you can't deny what is granted' applies in that if an insider has legitimate access, then it is difficult to determine if a behavior is allowable," Poschman says. True intent can be hard to determine until after damage is done because legitimate user behavior can often be erratic, he adds.

Several tools are available to address insider threats, including user behavior analytics and risk-based authentication products. Data-centric measures such as tokenization and format-preserving encryption can also help by limiting access to sensitive data for all users regardless of the permissions they have, Poschman says.

Terry Ray, senior vice president at Imperva, says trying to proactively restrict all employees to just the data they need can be complex and even next to impossible for enterprise security organizations. Even a zero-trust approach - where every access request to a network or app is vetted for trustworthiness - has limitations when it comes to malicious insiders, he says. "The only aspect of zero trust that might have benefited Trend Micro would be least privileged access - the idea that each individual should only have access to what they need for their role," he says.

To be effective, insider controls have to be based on a continuous monitoring of all user access to protected data. To spot unusual behavior, organizations need to be constantly analyzing who accesses data, what they access, how they access it, from where, and whether they should they have access to it.

"Monitoring user activity on corporate data is not only fully accepted, it's assumed by employees," Ray says. darkreading.com