In retail, carefully applied security measures clearly benefit the bottom line. But retail security and loss prevention also covers a lot of ground.
The list of security threats includes direct theft—from random shoplifters through organized retail crime and dishonest clerks—as well as accidental loss and product diversion. And digital issues are no minor concern either, given high-profile attacks like card skimming and data theft through wireless networks.
Don't be paranoid, just be prepared! Here's a roundup of in-depth security coverage from CSO for large and small retailers alike. You'll find advice from retail leaders on security from point of sale back through the supply chain and everywhere in between.
Point of sale security measures
Card skimming, under-ringing, sleight-of-hand—there's lots to watch for at the cash register.
Takeaways:
- Self-checkout systems remain a weak spot
- Video analytics are useful but need improvement
- Consider RFID tags that monitor movement of high-value goods
- Encrypt data all the way from card scanner through backend systems
Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up to date.
Case study: Secure remote access for POS vendor
MICROS Systems' CISO on allowing remote point-of-sale support without opening customers up to potential breach
Case study: Converging physical and cyber security at Stop & Shop
Takeaways:
- Crooks broke into retail locations and replaced checkout PIN pads with ones that would capture card data for later theft.
Criminals' use of phony checkout devices illustrates the need for coordinated retail defensive measures.
PCI DSS compliance
Retailers (and everyone else) who use credit cards have to play by new rules. This section offers practical coverage of the PCI Data Security Standard and how it applies to your business. How to reduce PCI scope
Expert guidance on saving time and money by carefully scoping PCI validation efforts.
Compensating controls are a standard part of any security posture. But what makes an effective compensating control?
PCI compliance and end-to-end encryption
Encryption seems like the simple answer to data security problems. So why is end-to-end encryption not ubiquitous? Implementation challenges abound. Here's how to handle encryption's 'key issues'.
PCI and application security requirements
Two PCI QSAs offer compliance strategies for PCI's application security requirements.
Wireless security
The role of wireless networks continues to grow in retail operations. Don't let these networks be a weak spot where criminals can intercept important data.
Is it legal to use Firesheep at Starbucks?
Retailers who offer their customers wireless connectivity face some risk from programs like the Firefox plugin Firesheep, which identifies users on an open wireless network who are visiting an insecure website.
Whether your wireless is for customers or for back-office use, you should know the basics of keeping unwanted activity off your network.
How to investigate employee theft
Security and investigative tactics for making sure retail employees aren't skimming from the till or making sweetheart deals for their friends.
Retail theft investigations: Tactics and strategies
Field techniques and tests for detecting internal retail theft, including double buys, combination buys, and refund buys. Excerpted from Private Security and the Investigative Process by Charles Nemroth. Nemroth also provides a sample report form to help ensure retail investigations are thorough and well-documented.
Takeaways:
- Demonstrating consistent attention to security and to investigation of theft helps discourage insider crimes.
- Conduct occasional field tests involving complicated purchases, and closely document sales prices and cashier behavior.
- Security tests should also note and improve customer service procedures.
Shoplifting, boosting, retail theft
Knowing how thieves operate is half the battle in preventing these types of retail crime.
Organized Retail Crime? Forget the hype and focus on basics!
Investigations leader Brandon Gregg says stores should keep their focus on the floor to beat booster rings.
Report: Global retail theft decreases in 2010
The 2010 Global Retail Theft Barometer finds theft was down from 2009 rates. But more than a quarter of U.S. retailers were still impacted by crime.
5 top tactics in retail theft today
Technologies that offer convenience to shoppers also assist criminals (including employees) with retail theft.
Takeaways:
- Common scams include counterfeit coupons, self-checkout fraud, sweetheart deals, building a 'bank', refund fraud
Recession woes: What people steal
With the economy tanking, security pros see a spike in old-time thievery. And what do people steal in recessionary times? Cash, clothes, cigarettes, copper—pretty much everything.
Organized retail crime (ORC or ORT)
Organized crime and retail theft: Facts and myths
Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.
Key defensive strategies include:
- Diverse hiring in the security department
- Intergroup collaboration like LERPnet
- Surveillance technology
- Partnerships between stores and local law enforcement
Loading dock and supply chain security
10 steps to loading dock security
Companies struggle to secure the loading dock, that sensitive spot where inventory comes in and goes out. Follow these best practices and sleep better tonight.
Supply chain threats: 5 game-changing forces [Note: full article requires Insider registration.]
Supply chain security is being remade by black swan events, economic blahs, and more. What can a CSO do to keep goods and information flowing?
Case study: Business-focused retail security
Sweet success: Dunkin' Brands security focuses on making dough
Aligning corporate security with corporate priorities makes everyone's fortunes rise. A look behind the counter at Dunkin' Donuts' parent company. [Note: full article requires Insider registration.]
Takeaways:
- Integrating point-of-sale and video speeds investigation and collects reliable evidence
- Derive security goals from business goals including mission statement
- Focus metrics on how security activities increase company and business partner profits
Selected older retail security articles. Most of the best practices and security issues discussed remain applicable today.
Cash handling and restaurant loss prevention
The scoop on restaurant loss prevention and cash management
Friendly's Restaurants' Ernie Patnode approaches cash management with a lot of common sense, a little technology and, yes, politeness (2006)
Fencing stolen goods
Auction blocks: Criminals unload counterfeit and stolen goods on eBay
Warning signs of stolen goods on eBay
Criminals use online auctions as a place to unload stolen, diverted and counterfeit products. (2005)
Also:
Loss prevention
What do the Mob, eBay and Winona Ryder have in common?
Loss prevention experts like Tiffany CSO David McGowan say closer integration among security disciplines will go a long way toward managing the retail industry's myriad risks (2004)
Preventing card-not-present fraud
In the struggle to prevent fraudsters from turning stolen credit cards into cash online, retailers are the country's last, best defense (2006)
Product diversion
Unwelcome (product) diversions
Product diversion costs manufacturers millions, but often isn't technically illegal. CSOs say combating diversion involves equal parts investigation and corporate politicking (2005).