Kroger Asset Protection Delivers 9 Consecutive Quarters of Shrink Improvement

Since rebuilding the Asset Protection effort and team, The Kroger Co. has certainly made an impact since Mike Lamb, Vice President Asset Protection, joined the organization in April 2017. Kroger posted a 2.5% increase in identical sales and a 2.7% increase in total sales in their Q3 2019 sales report released yesterday - driven by a ninth consecutive quarter in shrink improvement.

With a relatively new field team and an established corporate support group staffed with subject matter experts, they've worked tirelessly on developing the 'One Best Way' throughout their 2,759 grocery stores. Operating in over 20 banners nationwide, this has been a significant accomplishment given their decentralized independent history. And to have the senior team call out shrink improvement in each of the last nine quarters certainly speaks to the team's efforts and accomplishments. It's a rarity to have it mentioned in one quarter alone. But to have it mentioned in nine consecutive quarterly conference calls is an accomplishment this writer hasn't seen before.

Congratulations to the entire Asset Protection team and to the operators supporting the effort. -Gus Downing
 

JCPenney & Salvation Army Partnership
 
2019 Angel Tree Donation Drive

For over 20 years, JCPenney employees continue to be one of the largest donors for the Dallas/Fort-Worth Salvation Army Angel Tree program. During the holiday season, this program helps provide for local children and families in need.

This year the JCPenney Asset Protection department raised enough money to adopt 15 Angels and as you can tell by the picture above, the team had a lot of fun shopping at the newly remodeled Penney's store in Hurst, Texas!

Thank you to Fanchon Barnes, Corporate Learning and Communications Manager, Asset Protection, JCPenney, for this article submission.
 

New study shows credit card industry has ignored security innovations
A new study conducted for the Secure Payments Partnership coalition shows that the U.S. credit card industry has failed to establish adequate security standards and that a neutral third party should be put in charge, the National Retail Federation said today.

SPP today released "Payment Insecurity: How Visa and Mastercard Use Standard-Setting to Restrict Competition and Thwart Payment Innovation[CS1]," an in-depth study of EMVCo, an organization owned by the world's six largest payment card companies that sets technical specifications for credit, debit and other payment cards. Conducted by the Retail Payments Global Consulting Group industry research firm, the report highlights a systemic pattern of decision-making by EMVCo that has put in place standards with diminished security that have led to increased fraud risk. Doing so has helped those card companies dominate the payments market, according to the report.

The 55-page paper concludes that the leadership of EMVCo has prioritized card companies' market share over security, driven up costs for businesses and consumers and left the United States with a fraud-prone payment system that lags behind security standards in international markets. EMVCo claims to produce only technical "specifications" needed to ensure interoperability, but those specifications become de facto standards with implications far beyond technical compatibility. Because EMVCo is run by the major card companies, it is not an appropriate organization to develop standards with such widespread impact on the U.S. payments system, the paper says. nrf.com

It's riskier to work in retail than on America's factory floors
The holiday shopping season and the extended hours that come with it are taking a toll on America's retail workers. Employees at shopping malls and other outlets in 2018 were more likely to get sick or injured than in the previous year, making it the only U.S. industry with a meaningful uptick.

The increase means retail-store workers are now worse off than those working in the manufacturing sector. According to the Bureau of Labor Statistics, 3.5 of every 100 retail workers suffered an illness or injury last year, up from 3.3 in 2017 and compared with 3.4 in manufacturing.

The uptick in nonfatal injuries, such as sprains, tears, general soreness and overexertion, comes amid forecasts for a record holiday shopping season. It could also mean higher costs for companies if employees require time off or are successful in an injury claim.

Some of the riskiest stores to work in include those selling home furnishings, used merchandise and building materials, as well as tire dealers and supercenters. Injuries and illnesses at each of those also increased in 2018 from the previous year. The most precarious are pet supply stores, where about seven in 100 employees experience nonfatal injuries, according to the data.

The top reported issues by retail workers are sprains and strains, although those declined from 2017, while there were increases in general soreness and pain, contusions, lacerations and fractures.

Overall, other industries continue to top the list. Those in farming have the highest incidence of illness and injury (about five per 100 people), followed by transportation and warehousing, which includes logistics and delivery centers for online retailers. latimes.com

Take Precautions When Planning Company Holiday Parties
The end of the year is fast approaching and, with it, company holiday parties. But what should be a time for celebration can turn into instances of inappropriate behavior - and the accompanying brand-killing publicity and liability - unless employers take preventive action.

Here are some tips for employers to keep in mind before hosting a holiday event:

● Ensure employees are aware of the organization's code of conduct and policies.
● Address social-event behavior in your code of conduct.
● Make the event voluntary.
● Avoid creating a nightclub atmosphere.
● Involve your diversity and inclusion (D&I) team in the party planning.
● Consider reducing the size of the party from a companywide function to smaller gatherings of between 10 and 40 people.



Chipotle has nurses check if workers who call in sick are just hungover
"We have nurses on call, so that if you say, 'Hey, I've been sick,' you get the call into the nurse," CEO Brian Niccol said at a Barclays conference on Wednesday. "The nurse validates that it's not a hangover - you're really sick - and then we pay for the day off to get healthy again."

The restaurant chain trumpeted the policy as part of its improved food-safety practices. It suffered a norovirus outbreak among customers in Virginia in 2017, and an internal investigation found it was caused by store managers failing to follow safety procedures and an employee working while they were unwell.

"We have a very different food-safety culture than we did two years ago, OK?" Niccol said. "Nobody gets to the back of the restaurant without going through a wellness check." businessinsider.com

Retail Holiday Hiring Reflects Focus On eCommerce, Speed
With a greater emphasis on speed and online shopping, holiday hiring needs have changed amid shifting consumer preferences. Large retailers are set to hire approximately 790,000 seasonal workers this year in what would mark the second year of significant growth following years of stagnation, per data from the Challenger, Gray and Christmas outsourcing firm, CNBC reported.

The process began months ago and is ongoing in the current constricted labor market. Even so, the shift to online shopping means fewer positions. Nonsupervisory retail jobs decreased by approximately 23,000 in the past year, per the Bureau of Labor Statistics. Retail jobs increased by 1.4 percent during the same timeframe.

Retail Consultant Jan Kniffen said, according to the outlet, "We're hiring less customer-facing people and a lot more people who are doing something else to help the customer, taking care of 'order online and pick up in-store,' [or] curbside pickup. That requires a lot more people; they are doing the job the customer used to do." pymnts.com

E-Commerce Complicates Retail Store-Closure Plans
Before shuttering stores with less-than-ideal sales numbers, retailers should carefully consider the role those locations play in their broader e-commerce strategies, advises Jon Graub, a Principal at A&G Real Estate Partners, in an article in the November/December issue of the Journal of Corporate Renewal (JCR).

"If the store is a popular destination for online returns by customers in the trade area, how would closing it affect the chain's e-commerce strategy?" writes the retailing veteran. "When customers buy items online that are then fulfilled at that store for home delivery or in-store pickup, does the retailer count those transactions as store sales or e-commerce sales? The real estate team needs to know those numbers." prnewswire.com

More paths to the C-suite than ever
The traditional C-suite - executives with "chief" in their title - is expanding, according to an analysis by LinkedIn's Economic Graph team. Among the fastest-hiring C-suite jobs in the past five years are chief growth officers, chief people officers, chief diversity officers and chief innovation officers. Much of the expansion beyond traditional chief operating officers and chief financial officers reflects the rise of specialties such as data, privacy and diversity, where CEOs increasingly want their direct reports to focus. linkedin.com

In Case You Missed It:
Massive Commercial Counterfeit/Copyright E-Commerce Bust
30,506 illegal websites shut down ahead of Cyber Monday in ICE HSI-led operation

More than 1 million copyright-infringing domain names of commercial websites engaged in the illegal sale and distribution of counterfeit goods and copyrighted works are now in custody of the federal government, thanks to the combined efforts of law enforcement agencies across the world. Federal agencies, as part of the National Intellectual Property Rights Center (IPR Center), seized the websites during the year leading up to Cyber Monday, Dec. 2, 2019 - as part of Operation In Our Sites, which launched in 2014.

The IPR Center, which stands at the forefront of the U.S. government's response to IP theft, worked directly with key international law enforcement authorities and industry organizations representing the electronics sector, luxury brand-name designers, film and entertainment and several entities specializing in apparel and accessories through the major enforcement effort. ice.gov

Dollar General to open 1,000 stores in 2020

Kroger to unload its stake in Lucky's Market

Ollie's Bargain Outlet CEO and co-founder Mark Butler dies unexpectedly at 61 years old

Papa John's founder sues agency Laundry Service after fallout over a racial slur


Quarterly Results

Canada's Dollarama Q3 comp's up 5.3%, sales up 9.6%
Dollar General Q3 comp's up 4.6%, net sales up 8.9%
Ulta Beauty Q3 comp's up 3.2%, net sales up 7.9%
Genesco Q3 comp's up 3%, net sales flat
Five Below Q3 comp's up 2.9%, net sales up 20.7%
Kroger Q3 comp's up 2.5%, total sales up 2.7%, digital sales up 21%
Signet Jewelers Q3 comp's up 2.1%, total sales down 0.3%
Michael's Q3 comp's down 2.2%, net sales down 3.9%
Tiffany & Co. Q3 America's comp's down 4%, total net sales down 4%
RTW Retailwinds (formerly New York & Co.) Q3 comp's down 4%, net sales down 5%
Express Q3 comp's down 5%, net sales down 5%
Kirkland's Q3 comp's down 6.4%, net sales down 6.2%
J.Jill Q3 comp's down 7%, total net sales down 4.6%
 

Biggest Holiday Risk Factors to the Security of Your Digital Assets
By Muktar Kelati, Director of Intelligence Operations, RH-ISAC

As we enter the holiday season, malicious actors ramp up their attacks, seeking to take advantage of the increase in traffic to both digital and brick-and-mortar retailers and hospitality organizations. Attackers tend to be opportunistic: targeted, specific attacks are far less common. As water seeks its own level, cyberattackers are seeking the path of least resistance to information they can monetize. Here are some common issues you should focus on to keep your company's digital assets secure:

1. Poor employee security hygiene
Poor password discipline - including low password requirements, infrequent requirements to change passwords, employees sharing passwords or terminals, etc. is just one area that employee negligence or lack of awareness can open your organization up to attack. Data may not be backed up regularly enough, or employees may leave sensitive data available in the form of tablets or other connected devices not properly secured. They may discuss sensitive information in earshot of customers or clients. These actions are often not taken out of malice: but simply because the employees don't realize the danger. Take the time to train your workforce on good security hygiene and put policies in place to keep them up-to-date.

2. Poor patch and vulnerability management
Patch management is a key part of asset protection. Take the time, no matter how big or small your business is, to create an inventory of your e-assets. For each piece of hardware, track the software and version number running on it. Update as soon as new versions are released. If your company is too large and there are too many devices for your existing staff to realistically do this, consider external support for your vulnerability and patch management. The price of not doing so can be far, far higher.

3. Misconfigured or poorly-secured online resources
Accidentally misconfiguring a webserver or unintentionally exposing an AWS S3 bucket to the public can leave critical data wide open, in such an obvious manner than your cybersecurity team may not even think to check. For any external-facing resource, make sure you or your security team takes the time to review all policies and procedures and settings, and make your secure assets are truly secure.

4. Point-of-sale (POS) vulnerabilities
Review the POS communications, connections, and settings on a regular basis, and make sure you're patching your POS system every time a new update is released. Ensure that the only applications and systems connected to the POS are those that need access. Ensure that smartcards or chip readers are activated and set up correctly. Make sure the POS system has a strong password policy. If you're looking at upgrading or replacing your POS system, look at those that include end-to-end encryption (E3), as well as data loss prevention (DLP). rhisac.org

Cybersecurity Defenders: Channel Your Adversary's Mindset
Know Your Attacker's Tools and Techniques

A clear theme Wednesday throughout the first day of the Black Hat Europe conference was the importance of approaching the design and defense of networks and systems by thinking like the enemy.

"The most dangerous thing is defenders who never get real information from actual attackers ... the real people doing the real attacks," said Jeff Moss, the founder of Black Hat, as he kicked off the conference in London.

In other words, don't just focus on what works in theory, but focus on how it works - and can be broken - in practice. Saying "I have to know how to be bad if I want to do good," might sound like the weak defense of a teenager who's been caught misbehaving. But throughout the first day of the conference, security experts said that the rules of the cybersecurity game increasingly dictate that no system gets designed and deployed unless there are continuing efforts to refine that design to better defend against anyone who might try to exploit it. careersinfosecurity.com

How Nordstrom uses robots and shelves inspired by ants to deliver lipstick faster
If you're in retail these days, you're likely trying to solve these two problems: how to cut costs, and how to get products to your customers as quickly as possible. Nordstrom thinks it has found a solution that will help it do both. And it starts at a warehouse in Newark, California.

The Seattle-headquartered company has tapped two new partners, robotics supply chain company Attabotics and parcel-sorting provider Tompkins Robotics, to test a more modern facility in the San Jose area. If successful, the retailer could expand its use to Nordstrom's eight other U.S. distribution centers. cnbc.com

U.S. Tech CEO Departures Rise to Record High
Billionaire Googlers Larry Page and Sergey Brin aren't the only technology chiefs heading for the exits. A record 181 technology industry chief executive officers left their posts this year through October, surpassing the prior full-year peak of 163 departures in 2006, according to a report Thursday from staffing firm Challenger, Gray & Christmas Inc. The latest tally, which includes both involuntary and voluntary exits, is up 46% from the same 10-month period last year and 19% higher than the 152 CEO departures in 2018. bloomberg.com