Retail security: Critical strategies
Starting a job in retail security? Just double-checking your defenses? Here's a roundup of security strategies for protecting retail inventory, profits and employees.
By Derek Slater
In retail, carefully applied security measures clearly benefit the bottom line. But retail security and loss prevention also covers a lot of ground.
The list of security threats includes direct theft—from random shoplifters through organized retail crime and dishonest clerks—as well as accidental loss and product diversion. And digital issues are no minor concern either, given high-profile attacks like card skimming and data theft through wireless networks.
Don't be paranoid, just be prepared! Here's a roundup of in-depth security coverage from CSO for large and small retailers alike. You'll find advice from retail leaders on security from point of sale back through the supply chain and everywhere in between.
Point of sale security measuresCard skimming, under-ringing, sleight-of-hand—there's lots to watch for at the cash register.
Security at the point of sale
Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up to date.
Takeaways: Self-checkout systems remain a weak spot Video analytics are useful but need improvement Consider RFID tags that monitor movement of high-value goods Encrypt data all the way from card scanner through backend systems.
Case study: Secure remote access for POS vendor
MICROS Systems' CISO on allowing remote point-of-sale support without opening customers up to potential breach
Case study: Converging physical and cyber security at Stop & Shop
Criminals' use of phony checkout devices illustrates the need for coordinated retail defensive measures.
Takeaways: Crooks broke into retail locations and replaced checkout PIN pads with ones that would capture card data for later theft.
PCI DSS complianceRetailers (and everyone else) who use credit cards have to play by new rules. This section offers practical coverage of the PCI Data Security Standard and how it applies to your business.
How to reduce PCI scope
Expert guidance on saving time and money by carefully scoping PCI validation efforts.
PCI and compensating controls
Compensating controls are a standard part of any security posture. But what makes an effective compensating control?
PCI compliance and end-to-end encryption
Encryption seems like the simple answer to data security problems. So why is end-to-end encryption not ubiquitous? Implementation challenges abound. Here's how to handle encryption's 'key issues'.
PCI and application security requirements
Two PCI QSAs offer compliance strategies for PCI's application security requirements.
Wireless securityThe role of wireless networks continues to grow in retail operations. Don't let these networks be a weak spot where criminals can intercept important data.
Is it legal to use Firesheep at Starbucks? Retailers who offer their customers wireless connectivity face some risk from programs like the Firefox plugin Firesheep, which identifies users on an open wireless network who are visiting an insecure website.
Wireless security basics
Whether your wireless is for customers or for back-office use, you should know the basics of keeping unwanted activity off your network.
How to investigate employee theftSecurity and investigative tactics for making sure retail employees aren't skimming from the till or making sweetheart deals for their friends.
Retail theft investigations: Tactics and strategies
Field techniques and tests for detecting internal retail theft, including double buys, combination buys, and refund buys. Excerpted from Private Security and the Investigative Process by Charles Nemroth.
Nemroth also provides a sample report form to help ensure retail investigations are thorough and well-documented.
Takeaways: Demonstrating consistent attention to security and to investigation of theft helps discourage insider crimes. Conduct occasional field tests involving complicated purchases, and closely document sales prices and cashier behavior. Security tests should also note and improve customer service procedures.
Shoplifting, boosting, retail theftKnowing how thieves operate is half the battle in preventing these types of retail crime.
Organized Retail Crime? Forget the hype and focus on basics!
Investigations leader Brandon Gregg says stores should keep their focus on the floor to beat booster rings.
Report: Global retail theft decreases in 2010
The 2010 Global Retail Theft Barometer finds theft was down from 2009 rates. But more than a quarter of U.S. retailers were still impacted by crime.
Technologies that offer convenience to shoppers also assist criminals (including employees) with retail theft.
Takeaways: Common scams include counterfeit coupons, self-checkout fraud, sweetheart deals, building a 'bank', refund fraud
Recession woes: What people steal
With the economy tanking, security pros see a spike in old-time thievery. And what do people steal in recessionary times? Cash, clothes, cigarettes, copper—pretty much everything.
Organized retail crime (ORC or ORT)Organized crime and retail theft: Facts and myths
Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.
Takeaways: Key defensive strategies include diverse hiring in the security department intergroup collaboration like LERPnet surveillance technology partnerships between stores and local law enforcement
Loading dock and supply chain security10 steps to loading dock security
Companies struggle to secure the loading dock, that sensitive spot where inventory comes in and goes out. Follow these best practices and sleep better tonight.
Supply chain threats: 5 game-changing forces
Supply chain security is being remade by black swan events, economic blahs, and more. What can a CSO do to keep goods and information flowing?[Note: full article requires Insider registration.]
Case study: Business-focused retail security
Sweet success: Dunkin' Brands security focuses on making dough
Aligning corporate security with corporate priorities makes everyone's fortunes rise. A look behind the counter at Dunkin' Donuts' parent company. [Note: full article requires Insider registration.]
Takeaways: Integrating point-of-sale and video speeds investigation and collects reliable evidence derive security goals from business goals including mission statement focus metrics on how security activities increase company and business partner profits
See next page for selected older (but still great!) retail security articles.