RILA Busts ORC Myths Flooding the Media
Myth vs. Fact: The Truth About Organized Retail Crime

It's time to set the record straight, end the debate over whether or not this is a problem, and continue work on solving it.

MYTH: Organized retail crime is only a problem in some big cities.

FACT: RILA has partnered with the National District Attorneys Association (NDAA) to connect retailers with prosecutors nationwide to support ongoing efforts to combat retail crime at the local level. Participants in this initiative represent big cities like San Francisco, New York City, Dallas, and Atlanta, but also suburban communities like Akron, Ohio; Salem, Massachusetts; and Platte City, Missouri. Retail crime is a nationwide challenge that should not be dismissed based on politics or geography.

MYTH: The problem is not that bad, and police data suggests shoplifting has gone down

FACT: Bottom line, there is a wide gulf between the retail crime incidents that are "publicly reported" in any given jurisdiction and the actual number of incidents experienced by local retailers. Furthermore, research and data can only carry so much weight. Retailers are listening to their associates who express concern with workplace safety; they're listening to customers frustrated with bare shelves and store closures. Nuance or context is often missing from statistics. And the impact on real people can never be fully articulated by a number.

MYTH: Retailers only care about their bottom line. Retail theft is just a scapegoat for failing to address larger issues

FACT: Retailers recognize that theft and associated violence are often symptoms of larger societal issues like addiction, homelessness, and mental health. In addition to taking steps to make the shopping experience safer in stores, retailers are partnering in their communities with law enforcement, social service organizations, and more to address these issues. Retailers are committed to reducing unlawful activity in and around retail environments, reducing recidivism, and restoring vibrancy to communities.

MYTH: Retailers are exaggerating the theft problem and using it as an excuse for poor financial performance.

FACT: Retailers would not be locking up product, spending billions on theft deterrent technology, deploying more security guards, closing stores in high crime areas and partnering with state attorneys general, Homeland Security and local prosecutors to address theft if it wasn't a significant, industry-wide problem. rila.org


NY Times Questions Theft Surge
'Is Shoplifting Really Surging?'

Claims that the U.S. is in the middle of a retail theft wave are exaggerated.

The most up-to-date source is the shoplifting report published this month by the Council on Criminal Justice, which uses police data through the first half of 2023. The other sources go through only 2022.

The council tracks 24 major U.S. cities. Overall, shoplifting incidents were 16 percent higher in the first half of 2023 than the first half of 2019. When New York City is excluded, however, reported shoplifting incidents fell over the same time period. Out of the 24 cities, 17 reported decreases in shoplifting.

Other data also indicates that shoplifting is not up in most cities since 2019. Average annual shrink made up 1.57 percent of retail sales in 2022, up slightly from 2021 (1.44 percent) but down compared with 2019 (1.62 percent). The F.B.I. and the Bureau of Justice Statistics also found that theft and property crime ticked up in 2022 but remained below pre-Covid levels.

Many major downtown areas have also become emptier and more chaotic since the pandemic, which may explain why drugstores and other retailers are more often locking up items even if shoplifting isn't much more common than in the past.

The noise

Events in New York tend to receive outsize scrutiny. It is the country's biggest city, a big retail market and the headquarters for much of the national media. Another city where property crime has risen is Washington, D.C., where many journalists, as well as politicians, also live.

Retailers have an interest in spreading the shoplifting narrative because it can suggest that disappointing profits are beyond their control.

Whatever the full explanation, the current focus on shoplifting is part of a broader trend: The public often overestimates crime. Over the past two decades, most Americans have said that crime is rising, according to Gallup's surveys. In reality, crime rates have generally plummeted since the 1990s. nytimes.com


The Great Debate Over Retail Crime Data
Retailers have a crime problem. It's in the numbers.

The issue is complex and clouded by imprecise data - sometimes from the industry itself.

Any in-depth research into retail theft reveals a definite problem. Namely, that it's unclear how much of a problem it is or how much it's rising, if it's worsening at all.

That hasn't stopped the industry, along with a few retail chains, from emphasizing it in research reports, earnings calls and other forums. On Oct. 26, representatives from the National Retail Federation descended on Capitol Hill for what the group dubbed "Fight Retail Crime Day," to "advocate for legislative solutions to address organized retail crime."

Many point to high-profile reports of smash-and-grab store robberies or arrests of organized thieves as evidence of a problem. For statistics, reporters, lawmakers and other business groups rely on the NRF and the Retail Industry Leaders Association. Meanwhile, some analysts believe the retail industry could be overplaying the problem, at least to some extent.

"While theft is likely elevated, companies are also likely using the opportunity to draw attention away from margin headwinds in the form of higher promotions and weaker inventory management in recent quarters," William Blair analysts led by Dylan Carden said in an Oct. 25 client note.

This issue is clouded by uncertainties, not least because most discussion of it - in the media, in analysis and even in the industry itself - mixes up terminology and numbers.

This shows how, along with the jumble of terms and dearth of specifics, the numbers on shrink and theft are often outdated, inadequate, misinterpreted or some combination. In turn, murky or inaccurate stats are widely picked up in press coverage and elsewhere.

To begin with, for its reports on theft, the industry has relied on surveys of a relatively small number of very large retail chains. The NRF's Retail Security Survey and RILA's 2021 statistics on stolen goods rely on non-representative samples that call their conclusions into question, experts say. retaildive.com


Turning The Tide Against Theft?
It's peak shopping & shoplifting season. Cops are stepping up antitheft tactics

Lately, when you talk to people who work in the retail "loss prevention" world, they're surprisingly ubpeat.

"There's definitely been some progress made," says Tony Sheppard, vice president of retail risk solutions for ThinkLP. He's worked in the industry for decades, starting out as a store detective at Montgomery Ward. He sees new energy in law enforcement efforts to combat this type of theft.

Sheppard is also cheered by states that have started interagency task forces to track organized retail crime rings. California, especially, has ramped up its spending on such investigations, supported by the California Highway Patrol.

Many in law enforcement believe retail theft has been driven partly by a sense of impunity, fed by videos of people walking out of stores with piles of merchandise while staff look on. They also blame the pandemic, when many jurisdictions were less likely to jail suspects for property crimes.

"What they're trying to do now is, they're putting the word out," says Sgt. Casey Hiam of the police department in Bellevue, Wash. It's a shopping-rich suburb near Seattle, where officers do stakeouts near stores with chronic shoplifting problems.

Despite the andecdotal sense that retail theft has grown worse in recent years, hard numbers are elusive. One reason for this is that stores vary widely in how they respond to theft - and whether they report it at all.  npr.org


Across the Pond it's the Same Story in Stores - 'Shoplifting Epidemic'
UK: Surge in demand for Mitie security after £1bn shoplifting spree

Demand for security guards has soared among high street retailers to combat a £1 billion shoplifting epidemic.

The boss of Mitie, which provides security to leading shopping chains, said that the rise was piling "unprecedented pressures" on businesses.

Mitie, a company that also cleans parliament and BBC offices, said that it was seeing growing demand for resources to crack down on thefts in stores and new technology that can track criminals on repeat visits to compile enough evidence to press charges.

Phil Bentley, the chief executive, said: "Our retail customers are facing unprecedented pressures, driven by changing buying behaviours, rising costs and intense competition whilst at the same time being impacted by well-publicised increases in crime - with an estimated £1 billion annual loss due to in-store customer theft."

Last week the Co-op called for urgent action after reporting 300,000 incidents of shoplifting, abuse, violence and antisocial behaviour this year. thetimes.co.uk


SF moves closer to installing 400 new license plate readers as it looks to combat property crime
While existing law allows for the San Francisco Police Department to use the devices, a litany of restrictions have made it functionally difficult to broadly deploy them, according to the department.

A new policy backed by Mayor London Breed would effectively allow for a blanketing of 100 intersections with the devices, which the department hopes would deter the types of property crime that have earned the ire of so many San Franciscans and visitors.

Scott said the technology's use has expanded in other Bay Area cities. He noted that the Oakland City Council voted to install 300 automated license-plate readers in October. He said the cameras would be a "force multiplier" that could help the department solve crime, mostly involving perpetrators using vehicles.

"Many of these property crimes have much lower clearance rates because these suspects move quickly," Scott said.

The City received a $17 million state grant this year to install more of the devices - but without changes to policy, The City can't actually spend that money. sfexaminer.com


San Francisco to let citizens vote on fund for police department staffing
A tax would be added to create a fund that would allow for minimum staffing limits to be set and increased until the department reaches 2,074 officers

If voters approve the amendment, a tax will be added to create a police staffing fund. The fund would reach $16.8 million within the first year, according to the report. The fund would allow the city to set a minimum staffing number of 1,700 officers in the first year and increase every year until the city reaches a maximum of 2,074 officers, according to the report.

The department has about 300 fully funded positions currently vacant in its budget, raising concerns that the staffing shortage has more to do with a lack of applicants than a lack of funding, according to the report. police1.com


Reality or Just Perception?
Viral retail theft videos add to perception crime is up, but statistics show a different picture
Certainly, viral videos of thieves grabbing things off shelves with impunity added to the perception that retail theft was on the rise, but according to the San Diego Police Department (SDPD), theft in the city was down 14.9% last year.

Despite this decline, SDPD announced it would increase patrol at shopping centers. University of San Diego economics professor Alan Gin said that's a bit of a security theater.

"So I think what the numbers show is that possibly inventory loss is up compared to 2021," he said. "But those are the pandemic years, so they were down considerably."

He said what the retail industry is seeing could be attributed to a lack of security staffing at stores and the use of self-checkout counters rather than a rise in shoplifting. kpbs.org


Stores Worldwide Put Big Money Into Fighting Theft
Why Michael Hill spent $5 million on in-store security in NZ
Over 90% of retailers in New Zealand have experienced some form of retail crime in 2023 - from general shoplifting to storefront ram raids. Michael Hill has spent an incremental $5 million to protect its customers and team members from retail crime in New Zealand.

Company chair Rob Fyfe confirmed the spending lift, saying record level of retail crime has necessitated a significant increase in security counter-measures and increased stock losses.

This includes ongoing upgrades of CCTV and intrusion alarm systems across its stores.

Michael Hill has also installed fog cannons, dual pendant alarms, guarding and improved store fortification requirements across a number of its stores in New Zealand, and rolled out Mental Health First Aid Training to 32 of its retail leaders. ragtrader.com.au


Cup Foods owners sue Minneapolis over lost business at George Floyd Square
Concrete barriers & lawlessness cut their income & crushed their property values, lawsuit alleges.

In Case You Missed It: NY ORC Costs Businesses Billions as NYPD Exodus Continues

NPR: There's been a noticeable pushback against shoplifting this year

'2024 State of Physical Security Report'
'The partnership between IT and physical security will continue to develop.'

Genetec State of Physical Security Report reveals physical security market is rapidly embracing cloud and hybrid solutions

Cyber-concerns about cloud security are lessening; channel partners expect increased demand for cloud and hybrid solutions from end users

Genetec Inc. ("Genetec"), a leading technology provider of unified security, public safety, operations, and business intelligence solutions, today shared the results of its 2024 State of Physical Security report. Based on insights from over 5,500 physical security leaders worldwide (including end users and channel partners), the report looks at the security strategies organizations are putting in place to effectively navigate the realities of a changing industry.

Cloud adoption is picking up speed

The adoption of cloud-based solutions for physical security has been gradually increasing over the past decade, but it is now picking up speed. According to the survey, 44% of end users reported that more than 25% of their physical security setups are now either in the cloud or use a combination of cloud and on-premises solutions. This is a significant jump from the 24% reported in last year's survey.

Cyber concerns about the cloud are diminishing

This shift underscores growing confidence in the capabilities of cloud solution providers to establish robust cybersecurity measures. As a result, in the 2024 survey, respondents have relegated perceived cybersecurity risks to the sixth position among the factors deterring their organizations from adopting security systems in the cloud.

IT and physical security departments are increasingly interconnected

The increasing adoption of cloud-based physical security systems has led to a rise in cybersecurity threats, data handling, and compliance requirements. As a result, IT and physical security teams are becoming increasingly interconnected as evidenced by 55% of end users indicating that the IT department has access to physical security data. As technology adoption grows and remote access from external networks becomes more common, the partnership between IT and physical security will continue to develop.

To download a full copy of the report, please go to: https://www.genetec.com/a/physical-security-report.


Amazon One - Palm Recognition - Rolled Out Nov. 18, 2023

Amazon One palm recognition is highly secure

Unlike a credit card or password, your Amazon One palm signature can't be replicated to impersonate you. Amazon One does not use raw palm images to identify a person. Instead, it looks at both palm and underlying vein structure to create a unique numerical, vector representation-called a palm signature-for identity matching. Amazon One recognizes the difference between a real live palm and a replica. We even tested Amazon One with more than 1,000 silicone and 3D printed palms.

Your data is safeguarded in the AWS cloud

The Amazon Web Services (AWS) Cloud protects sensitive customer data by offering enhanced security capabilities not available on other devices. When you scan your palm, the images are immediately encrypted and sent to a highly secure zone in the AWS Cloud, custom-built for Amazon One.

We won't share your palm data with anyone

Amazon One will never share palm data with government agencies or advertisers, under any circumstance. Unless we're required to comply with a legally valid and binding order. Your palm data is not used by Amazon for marketing purposes, and will not be bought by or sold to other companies for advertising, marketing, or any other reason. amazon.com

Amazon's One palm biometrics readers for businesses get a lukewarm introduction

A contactless palm biometric service from Amazon reportedly is being adopted by a few organizations, one of which is an Amazon unit. See who's rolling it out - Continue Reading


Retail's Hottest Topic: Self-Checkout Lanes
What Is the Future of Self-Checkout Lanes at Target and Other Retailers?
According to a study completed by the University of Leicester, "Self-checkout systems more than double the rate of theft in stores. However, as supermarkets still insist on using them, the savings being made from staff reductions must greatly outweigh the losses incurred from additional thefts."

Many stores have attempted to limit losses at self-checkout lanes by adding more security features, like weight sensors. However, anti-theft measures like this can also lead to "more frustrating 'unexpected item in the bagging area' errors, requiring employees to intervene," CNN noted.

Target is not the only store changing up its self-checkout strategies. CNN reported that Walmart removed self-checkout kiosks from a handful of its stores, ShopRite added cashiers back into stores where it tested a self-checkout-only model after shoppers complained, and Wegmans ended a phone app that let customers scan, bag, and pay for their groceries while they completed their shopping. Additionally, Costco has started to add more employees to its self-checkout areas "after it found that non-members were sneaking in to use membership cards that didn't belong to them at self-checkout." retailwire.com

   RELATED: Is Shrink From Self-Checkout Lanes Worse Than Grocers Think?


Self-Checkout Lawsuit
Meijer sued by tech company over self-checkout software

Tampa, Fla.-based Mad Mobile says the grocer learned how to develop the tech before terminating the contract

A software developer says Meijer Inc. stole its self-checkout technology and is continuing to use it after a contract between the two was abolished, reports Crain's Detroit Business.

Mad Mobile Inc. sued the Grand Rapids, Mich.-based grocer and filed a complaint with the U.S. District Court for the Western District of Michigan. The complaint contained the following claims against Meijer: breach of contract, misappropriation under the Federal Defend Trade Secrets Act, and trade secret misappropriation under New York common law.

The tech company also wanted a preliminary injunction against Meijer, but the case was dismissed earlier this month in favor of Meijer's motion to compel arbitration to resolve the dispute. Mad Mobile has accused Meijer of being a shady partner during the development and implementation of the self-checkout technology. supermarketnews.com


First Ever Type Study - As this is the age group that fills a sizable portion of retail's part-time jobs

Released Nov. 27, 2023 - The American School Shooting Study - 253 Shootings Spanning 26 Yrs.
JAMA: Characteristics and Obtainment Methods of Firearms Used in Adolescent School Shootings
Key Points; What types of firearms are used in school shootings, and how are the firearms obtained? Has not been well explored.

Objective To examine the type, make, and power of firearms involved in school-related gun violence as well as the sources and methods through which adolescents obtained these weapons.

Design, Setting, and Participants - Main Outcomes and Measures - Results - Conclusions and Relevance - Methods - Statistical Analysis - Results - Discussion - Conclusions jamanetwork.com


Bankrupt Bed Bath & Beyond files $100M+ mega-claim against MSC

Over $50M in damages alleged; double sought due to 'willful retaliatory conduct'

The bankruptcy estate of former retail giant Bed Bath & Beyond (BBBY) continues its relentless pursuit of shipping lines for alleged damages suffered during the supply chain crisis. It has already filed $31.7 million in claims against Hong Kong shipping line OOCL and $7.7 million in claims against Taiwan's Yang Ming.

The main course, filed Tuesday, is a mammoth claim against the world's largest ocean carrier, Switzerland's Mediterranean Shipping Co. (MSC). The various damages (link to complaint here) add up to over $50 million, plus there's a request that all reparations be doubled due to "MSC's willful retaliatory conduct."

That brings the tally to over $100 million, the largest shipper damage claim against an ocean carrier since the supply chain crisis. freightwaves.com


Rite Aid is closing another 30 stores

Dollar Tree may shrink Family Dollar footprint: CEO


Two Retailers Mentioning Higher Shrink Headwinds in Quarterly Results

Foot Locker Reports "Higher Shrink" Negatively Impacted Gross Margin in Q3

Dollar Tree Q3 Gross margin fell by 0.2 percentage points to 29.7% in Q3 partly due to elevated shrink, as well as a product recall & fewer sales of discretionary items. Expects shrink headwinds to continue.


Quarterly Results

Ingles Q4 net sales +8.9%, Annual net sales +3.7%

Dollar Tree Q3 Same-Store Net Sales: Dollar Tree +5.4%; Family Dollar +2.0%; Enterprise +3.9%, consolidated net sales + 5.4%
Dollar Tree YTD Dollar Tree same-store net sales +5.6%, Family Dollar’s same-store sales +5.6%, consolidated net sales +6.5%

Alimentation Couche-Tard (Circle k) Q2 same-store merchandise revenues (0.1%) in the U.S. and (0.2%) in Europe but +1.6% in Canada.
Alimentation Couche-Tard (Circle k) Q2 same-store road transportation fuel (1.5%) U.S., (0.9%) in Europe but +3% in Canada.
Alimentation Couche-Tard (Circle k) Q2 Total merchandise & service revenues $4.1B, +1%

Foot Locker Q3 store comp's (8%), total sales (8.6%)

Lowe's Q3 comp's (7.4%), net sales (12.8%) - Sold Canadian business Q4 2022 & $1.2B in lost sales - adjusted net sales (8%)

97% of U.S. CIOs identify cybersecurity as a current major threat to their organization

This comprehensive survey encompassed responses from 502 CIOs and 510 network engineers in the U.S., U.K., France, Germany, and Australia.

EDISON, N.J. -- According to new research released by Opengear, a Digi International company and provider of secure and Smart Out of Band management solutions, a staggering 97% of U.S.-based CIOs surveyed expressed serious concerns about at least one cybersecurity threat.

This comprehensive survey encompassed responses from 502 CIOs and 510 network engineers in the U.S., U.K., France, Germany, and Australia. The primary cybersecurity concerns highlighted in the research included malware (42%), spam and phishing (34%), social engineering (31%), and insider threats (30%). Remarkably, malware also emerged as a significant threat for 42% of the surveyed network engineers.

While only 23% of U.S. CIOs reported distributed denial-of-service (DDoS) attacks as a threat, 38% of network engineers reported a higher level of concern for this specific type of attack, most likely due to their close proximity to the network. To add to these concerns, U.S. engineers said that insufficient investments are enhancing the risk of cyberattacks and/or downtime (59%). This suggests that lack of budget spent on software upgrades and network upgrades, for example, leaves organizations more vulnerable to attack and has the potential to affect business continuity, which is a high priority for 97% of CIOs in the U.S. and 88% of CIOs globally.

"The skills shortage and insufficient investment in networks are two factors that have combined to encourage cybercriminals to breach businesses," said Gary Marks, President at Opengear. "Smart Out of Band solutions enable organizations to manage their networks at all times from local and remote sites, even during an outage. Network engineers can make smarter, real-time decisions to achieve consistent network resilience and unparalleled visibility, with security and encryption features ensuring that management policies remain continually enforced."

Continued technology investment is essential to enable engineers to safeguard networks during cyberattacks. The latest research further highlights a concerning trend, indicating that 27% of U.S. network engineers are actively contemplating leaving their current roles due to inadequate funding - an alarming contrast to the global average of 21%. securityinfowatch.com


Released: AI security guidelines backed by 18 countries
The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems "build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties."

The Guidelines for secure AI system development cover four key stages of the development lifecycle of machine learning (ML) applications.

Secure design hinges on all persons involved - system owners, developers, users - being aware of the unique security risks facing AI systems and being taught to avoid them.

Secure development presupposes securing the supply chain; protecting assets (models, data, prompts, software, logs, etc.); documenting models, datasets and meta- or system-prompts; and managing technical debt.

Secure deployment entails a secure infrastructure (in every part of the system's lifecycle) and a constant protection of the mode and data from direct and indirect access. To address (inevitable) security incidents, incident response, escalation and remediation plans have to be through out and put in place.

Finally, to assure secure operation and maintenance, operators are urged to monitor their system's behaviour and inputs, switch on automated updates by default, and be transparent and responsive, especially when it comes to failures (e.g., vulnerabilities).

Who are the AI cybersecurity guidelines for?

The guidelines have been drawn up with the help of the US Cybersecurity and Infrastructure Security Agency (CISA) and similar agencies and CERTs from around the world, as well as industry experts.

"The new UK-led guidelines are the first of their kind to be agreed globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process - whether those systems have been created from scratch or built on top of tools and service provided by others," the NCSC pointed out. helpnetsecurity.com


AWS Designs Program to Cut Cyber Insurance Acquisition Time
Amazon Debuts Cyber Insurance Program for Speedy Policy Estimates

AWS customers will be able to receive quotes from cyber insurers within two days, cloud provider says

Amazon.com's Amazon Web Services cloud unit debuted Wednesday a program designed to cut the time to acquire cyber insurance from weeks to days, via partnerships with brokers and insurers.

Through AWS's Cyber Insurance Competency program, customers can allow brokers access to data from their Security Hub console. This gives potential insurers a list of controls enabled on a particular account, information on vulnerabilities and other details that allow carriers to quickly evaluate applications against AWS's standards for security best practices and their own underwriting standards, and provide policy quotes.

"In an on-prem world it's really difficult to say your router's properly configured or not, and all the other things you need to know, whereas in the cloud, tools like Security Hub give you an accurate and real-time understanding of cloud security posture," said Mark Ryland, director at Amazon Security.

The program is particularly beneficial for small and medium-size businesses, said Gregory Eskins, head of the Global Cyber Insurance Center at Marsh & McLennan's broker unit, Marsh. wsj.com


Just Published: PCI DSS v4.x Targeted Risk Analysis Guidance
Risk analysis is a foundational tool to help organizations identify and prioritize potential threats and vulnerabilities within their environment. PCI DSS v4.0 introduced the concept of targeted risk analysis (TRA) with two different types of TRAs to provide entities with the flexibility to evaluate risk and determine the security impact of specific requirement controls, as appropriate for their environment.

To support the industry's understanding and effective use of TRAs, the Council has recently published "PCI DSS v4.x: Targeted Risk Analysis Guidance".  blog.pcisecuritystandards.org


Google Patches Another Chrome Zero-Day as Browser Attacks Mount
 
5 resolutions to prepare for SEC's new cyber disclosure rules