Retail security: Critical strategies

Starting a job in retail security? Just double-checking your defenses? Here's a roundup of security strategies for protecting retail inventory, profits and employees.

In retail, carefully applied security measures clearly benefit the bottom line. But retail security and loss prevention also covers a lot of ground.

The list of security threats includes direct theft—from random shoplifters through organized retail crime and dishonest clerks—as well as accidental loss and product diversion. And digital issues are no minor concern either, given high-profile attacks like card skimming and data theft through wireless networks.

Don't be paranoid, just be prepared! Here's a roundup of in-depth security coverage from CSO for large and small retailers alike. You'll find advice from retail leaders on security from point of sale back through the supply chain and everywhere in between.

Point of sale security measures

Card skimming, under-ringing, sleight-of-hand—there's lots to watch for at the cash register.

Security at the point of sale


  • Self-checkout systems remain a weak spot
  • Video analytics are useful but need improvement
  • Consider RFID tags that monitor movement of high-value goods
  • Encrypt data all the way from card scanner through backend systems

Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up to date.

Case study: Secure remote access for POS vendor

MICROS Systems' CISO on allowing remote point-of-sale support without opening customers up to potential breach

Case study: Converging physical and cyber security at Stop & Shop


  • Crooks broke into retail locations and replaced checkout PIN pads with ones that would capture card data for later theft.

Criminals' use of phony checkout devices illustrates the need for coordinated retail defensive measures.

PCI DSS compliance

Retailers (and everyone else) who use credit cards have to play by new rules. This section offers practical coverage of the PCI Data Security Standard and how it applies to your business. How to reduce PCI scope

Expert guidance on saving time and money by carefully scoping PCI validation efforts.

PCI and compensating controls

Compensating controls are a standard part of any security posture. But what makes an effective compensating control?

PCI compliance and end-to-end encryption

Encryption seems like the simple answer to data security problems. So why is end-to-end encryption not ubiquitous? Implementation challenges abound. Here's how to handle encryption's 'key issues'.

PCI and application security requirements

Two PCI QSAs offer compliance strategies for PCI's application security requirements.

Wireless security

The role of wireless networks continues to grow in retail operations. Don't let these networks be a weak spot where criminals can intercept important data.

Is it legal to use Firesheep at Starbucks?

Retailers who offer their customers wireless connectivity face some risk from programs like the Firefox plugin Firesheep, which identifies users on an open wireless network who are visiting an insecure website.

Wireless security basics

Whether your wireless is for customers or for back-office use, you should know the basics of keeping unwanted activity off your network.

How to investigate employee theft

Security and investigative tactics for making sure retail employees aren't skimming from the till or making sweetheart deals for their friends.

Retail theft investigations: Tactics and strategies

Field techniques and tests for detecting internal retail theft, including double buys, combination buys, and refund buys. Excerpted from Private Security and the Investigative Process by Charles Nemroth. Nemroth also provides a sample report form to help ensure retail investigations are thorough and well-documented.


  • Demonstrating consistent attention to security and to investigation of theft helps discourage insider crimes.
  • Conduct occasional field tests involving complicated purchases, and closely document sales prices and cashier behavior.
  • Security tests should also note and improve customer service procedures.

Shoplifting, boosting, retail theft

Knowing how thieves operate is half the battle in preventing these types of retail crime.

Organized Retail Crime? Forget the hype and focus on basics!

Investigations leader Brandon Gregg says stores should keep their focus on the floor to beat booster rings.

Report: Global retail theft decreases in 2010

The 2010 Global Retail Theft Barometer finds theft was down from 2009 rates. But more than a quarter of U.S. retailers were still impacted by crime.

5 top tactics in retail theft today

Technologies that offer convenience to shoppers also assist criminals (including employees) with retail theft.


  • Common scams include counterfeit coupons, self-checkout fraud, sweetheart deals, building a 'bank', refund fraud

Recession woes: What people steal

With the economy tanking, security pros see a spike in old-time thievery. And what do people steal in recessionary times? Cash, clothes, cigarettes, copper—pretty much everything.

Organized retail crime (ORC or ORT)

Organized crime and retail theft: Facts and myths

Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.

Key defensive strategies include:

  • Diverse hiring in the security department
  • Intergroup collaboration like LERPnet
  • Surveillance technology
  • Partnerships between stores and local law enforcement

Loading dock and supply chain security

10 steps to loading dock security

Companies struggle to secure the loading dock, that sensitive spot where inventory comes in and goes out. Follow these best practices and sleep better tonight.

Supply chain threats: 5 game-changing forces [Note: full article requires Insider registration.]

Supply chain security is being remade by black swan events, economic blahs, and more. What can a CSO do to keep goods and information flowing?

Case study: Business-focused retail security

Sweet success: Dunkin' Brands security focuses on making dough

Aligning corporate security with corporate priorities makes everyone's fortunes rise. A look behind the counter at Dunkin' Donuts' parent company. [Note: full article requires Insider registration.]


  • Integrating point-of-sale and video speeds investigation and collects reliable evidence
  • Derive security goals from business goals including mission statement
  • Focus metrics on how security activities increase company and business partner profits

Selected older retail security articles. Most of the best practices and security issues discussed remain applicable today.

Cash handling and restaurant loss prevention

The scoop on restaurant loss prevention and cash management

Friendly's Restaurants' Ernie Patnode approaches cash management with a lot of common sense, a little technology and, yes, politeness (2006)

Fencing stolen goods

Auction blocks: Criminals unload counterfeit and stolen goods on eBay

Warning signs of stolen goods on eBay

Criminals use online auctions as a place to unload stolen, diverted and counterfeit products. (2005)


Loss prevention

What do the Mob, eBay and Winona Ryder have in common?

Loss prevention experts like Tiffany CSO David McGowan say closer integration among security disciplines will go a long way toward managing the retail industry's myriad risks (2004)

Preventing card-not-present fraud

Choke point

In the struggle to prevent fraudsters from turning stolen credit cards into cash online, retailers are the country's last, best defense (2006)

Product diversion

Unwelcome (product) diversions

How product diversion works.

Product diversion costs manufacturers millions, but often isn't technically illegal. CSOs say combating diversion involves equal parts investigation and corporate politicking (2005).

Copyright © 2010 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)