NRF

The rise in public-private partnerships to fight organized retail crime continues. The Tulsa Police Department has created a new Organized Retail Crime Unit, which is collaborating with local retailers to combat professional shoplifters, according to a news report from KTUL. Detective Lori Visser, a member of the newly formed ORC unit, said the group has already identified between 40 and 60 organized shoplifting groups operating in and around the city. She also said ORC has cost the local taxpayers more than $1 million in lost tax revenue.

With the increasing number of these ORC groups, I think it's time we had a clearinghouse of information about all these groups and points of contact at each.

By David Speights, Ph.D., and Chris Hanks, Ph.D., The Retail Equation

The economic climate is still uncertain for retailers. Although sales are improving, the National Retail Federation reports that fraudulent and abusive returns are on the rise, costing retail companies millions in profits. Additionally, shrink and organized retail crime continue to be multi-billion dollar retail problems.

As hazardous as this climate appears, it also presents an ideal opportunity for loss prevention professionals. By monitoring transactions over time and bringing statistics to bear, loss prevention analytics is reshaping operations and policies to protect bottom lines. This process often begins with “data mining”―a catch-all term for the methods analysts use to make sense of vast quantities of information. By sifting through millions of data points, analytics professionals are able to tease out relationships that would otherwise be undetectable. The result is that today’s retailers have a number of loss prevention tools that were unavailable only a few years ago. Below is an outline of some of the techniques used to maximize a retailer’s margin.

Challenging Basic Assumptions
Most retailers’ current accounting programs do not accurately reflect their real return rates; they often overlook exchange transactions and therefore understate the value and quantity of merchandise returning to the store. The return rates for 10 different retailers were recently tallied to analyze how they viewed the impact of merchandise returns. All were underestimating their return rate―one by as much as 150 percent. In fact, the 10 retailers studied saw an average return rate discrepancy of more than 80 percent.

Why is this important? Items and dollars that get returned within exchange transactions are unexpectedly hidden, masking retailers’ opportunities to rescue sales, prevent fraud, reduce shrink and more.

Predictive Modeling
As a retailer, imagine that each customer who returns a product hands you a slip of paper. On the paper is written a number between 0 and 100 percent and a note that says, “This number represents the probability that my return is fraudulent.” Although not this simple, this is the end result of predictive modeling. By tracking and analyzing customers’ purchases, exchanges, and return behaviors over time, loss prevention statisticians are able to develop real-time mathematical models that accurately estimate the chances of a return being legitimate or fraudulent. Recognizing high-risk customers is important, as it often leads to broader networks of return fraud.

Beyond Exception Reporting
Bringing computing power and statistics to the process of exception reporting is a key means of reducing fraud. Today, almost all retailers’ loss prevention departments use some form of exception reporting to identify suspicious transactions, individuals or employees. This process usually involves a complex set of rules to flag certain situations that “seem” problematic.

Taking this scenario one step further, the complex rules for flagging transactions can be reduced to a set of risk variables, each of which can be correlated to known outcomes. By determining the relationship between risk variables and known outcomes (such as correlating a certain employee’s behavior with his/her ultimate termination for fraud), retailers can learn which risk attributes are most important and what weight to assign each. Feeding these variables into predictive models then yields composite risk scores for evaluating transactions, employees, stores or other units of interest. This transition from complex rules to predictive models for identifying fraudulent transactions is analogous to a transition that occurred in the 1990s in the credit card industry: improved ROI and greater loss prevention efficacy let that market do more with less.

Fraud Ring Analysis
Social analysts find that people tend to group together based on similarities, and that this is particularly true among criminals. A key method of identifying (and ultimately cracking) organized retail crime rings is by first identifying high-risk customers, and then mapping out clusters of similar customers and analyzing their transaction behavior. Using sophisticated linking algorithms such as “fuzzy matching,” loss prevention analysts can connect known fraudsters to other questionable customers, often uncovering clusters of identities that constitute either crime networks or aliases of the same criminal.

Product Associations
Knowing how products are associated with one another allows them to be clustered into groups and ranked for risk. Combining this information with the typical shrink data goes far beyond the groupings one might find in a standard product hierarchy. For example, consider the capability to us a common product-pairing, like a digital camera and photo paper, to create an indirectly associated product-pair, like a digital camera and a photo album. Knowing this association and crossing the information with shrink data engenders risk profiling for many products and product clusters.

ROI Analysis
Before implementing any loss prevention strategy or solution, retailers should understand both the costs and associated benefits. Controlled tests, followed by statistical analyses, aid this understanding. Using “experimental” and “control” groups of stores―and tracking key metrics such as shrink, sales, return rates, or other important outcomes in before-during-after analyses―loss prevention professionals can accurately calculate a given strategy’s ROI. Controlled trials also let analysts manipulate elements that make up an overall strategy: By correlating changes in strategy with changes in ROI, statisticians can optimize loss prevention policies.

Clearly, statistics play a growing role in retailers’ approach to loss prevention issues and solutions. This is important in any economic climate; but in a mixed economy where profit margins are uncertain, it is imperative for retailers to have an unambiguous picture of their business that is rooted in solid statistical analysis.

David Speights, Ph.D., is the chief statistician and Christopher Hanks, Ph.D., is the senior statistician of The Retail Equation, the industry leader in retail transaction optimization solutions. The company’s applications use statistical modeling and analytics to predict consumer behavior and turn each individual shopper visit into a more profitable experience. Its software-as-a-service applications operate in more than 15,000 stores in North America, supporting a diverse retail base of specialty, department, sporting goods, auto parts and more. For more information, visit www.theretailequation.com.

The majority of organized retail crime stories I've written about recently involve groups of thieves who travel around, hitting store after store after store. The I-95 corridor, for example, is a prime route for these gangs to travel because it's easy for them to hit multiple states and allude the jurisdiction of any one police department. The picture I've drawn in my head is of this group of hardened criminals, packed in a white van, plotting their next stop. But, turns out, that may not be the case at all.

I just read this Chicago Sun-Times article about a group of 70 youths who “stormed” a McDonald’s restaurant. It's actually unknown what this group was trying to do, other than cause the restaurant to voluntarily shutdown for three hours, but apparently this isn't the first time the Chicago police have dealt with flash mobs in the area:

“Both CPD and [Loyola] campus safety believe this activity is related to the same group of individuals who have attempted to create havoc in the area before,” wrote Robert Fine, the director of campus security for Loyola and a veteran Chicago cop, according to the article. “In February, we alerted you to a similar incident in which these ‘Flash Mob Offenders’ allegedly committed thefts within local retail stores around the Water Tower Campus community. The offenders exit the Chicago Red Line stop, they go to various shops or restaurants, usually clothing stores, and then storm the stores, taking as many items as they can carry. The incidents seem to occur most often on weekends, between 5 p.m. and 11 p.m.”

I'm wondering if this flash mob approach is becoming more common in retail theft than "traditional" organized retail crime. The theory, I'm guessing, is that if you show up with a huge group of people and grab as much as you can, the store can't possibly stop or even think about arresting everyone. Scary stuff if you're in loss prevention.

And, just in case you're really out of the loop, flash mobs have become a bit of a sensation in recent years, the most well known being gatherings of people in malls or other public spaces who sporadically perform some sort of act (usually a choreographed dance) and then disperse. It's quite entertaining, really. Usually these events are organized via social media like Twitter and Facebook. For your reference, here's my favorite from the Liverpool Train Station (and I think it's actually an ad, so it may not be a "real" flash mob, but it's entertaining):

By Joe Davis, director of loss prevention for T-Mobile USA.

Having served in retail for 19 years, I’m not big on endorsing vendors or third-party products. The cardinal rule of showing complete objectivity when it comes to outside companies has been deeply engrained in me. Yet, I’m about to share with you rave reviews of the Wharton/ASIS Program for Security Executives: Making the Business Case for Security, which I recently attended. I am making this exception because in doing so, I believe there is enormous benefit to be gained by my peers. This course delivered such a new perspective and practical insights that I believe living by them can advance security in organizations to a whole new level. For my part, I feel as though I went from zero to Ivy League MBA in 10 days. So what exactly, you might ask, did I learn that was so valuable?

Not New Information, But A New Perspective
The program that I attended is the Wharton/ASIS Program for Security Executives: Making the Business Case for Security, or as I like to refer to it, Wharton’s Executive Bootcamp for Chief Security Officers. Like any executive business program, it is designed to lay a foundation for individuals in business who may not have a comprehensive understanding of all the different functional areas. As you would expect, the program is broken down into several different areas: strategic thinking, leadership, essentials of finance, fundamentals of marketing and a few more. My expectation was to walk in and learn an extensive amount of new information about the functional areas to which I am not typically exposed to in my career. Walking out, I realized that the greatest achievement was taking things that I already knew and refining my understanding of the application of these things into my business in a day-to-day process.

While the program is called, Wharton/ASIS Program for Security Executives: Making the Business Case for Security, there is absolutely no material on security presented. A clever approach by Wharton. Why would they need to teach security experts about security? What they want to do is teach security experts how to most successfully achieve their goals in the whole business environment. I did not necessarily learn new information; what I learned was how to look at my job from a new perspective. Think about the difference in climbing into a helicopter and taking an aerial tour of the Grand Canyon as opposed to experiencing it as a hiker at the bottom of the canyon. Let me tell you, the perspective is starkly different.

Here are some examples of insights I took away from the program that you can bring to your organization as well.

The Need To Define Strategy Differently
Think of how many different books and articles are written on strategy: what it is, how to define it, how to create it. At Wharton, they teach that the definition of strategy is simple: “A plan to win.” Too often, business executives focus on strategy as a process: A means to an end rather than the end itself. But strategy is ultimately about achieving outcomes. In security, that means reducing losses, expanding the revenue model, increasing sales, or any other number of enterprise business objectives. If you don’t infuse your team with the ultimate goal, strategy quickly digresses into the realm of implementing tactics, with focus lost on winning. We don’t want participation trophies, we want championship trophies.

Too often we are overcome with the process that may hold us captive. At Wharton they encourage the development and implementation of a sound business strategy, but, more importantly they stress the critical nature of defining what winning looks like to you and your business. In my business today winning is hitting key financial metrics as well as the overall protection of the assets of my company. Taking strategy out of the visionary realm and placing it into the tactile world of specific outcomes will drive ownership and accountability within your business.

Logic is not always the best tool
Security professionals have a tendency to respect logic above all else. After all, it’s essential to success in our own jobs. We have to follow a path of facts to their logical conclusion to identify and solve problems. And while logic is a critical tool in security, it is not always the best tool when working with other functional areas in the organization.
Sit down. This isn’t going to be easy. But sometimes you have to let go of logic and focus on relationships. While it might sound eerily like something off of the Oprah Winfrey show, it’s the truth. When it comes to getting buy-in from different groups or winning over skeptics to your way of thinking, logic is not necessarily the most effective tool. It is true for communities, families, businesses and any human network: people do things for people they know and like. Asking for a favor as a friend is likely to yield better, quicker results than trying to enforce action through formal channels. What does this mean for security professionals? Well, it means getting out and getting exposure to colleagues across the organization and interfacing with them on a regular basis. Often, security professionals limit their exposure to executive leadership and other functional areas unless it’s required by a specific project or event. This is often done in the name of efficiency. So when security needs or wants something, they are reduced to delivering dry arguments for action, which produce little enthusiasm and gain a paltry following. An investment in colleagues and relationships is an investment in your strategy.

Let’s say you want to change the way you are protecting a distribution center and want to increase guard coverage. Many times, a security professional will pull together a plan and give a list of reasons why additional guards are needed. But without relationships, the executives see you as a walking blank check. Knowing you personally, and the value you are adding, and what you are trying to accomplish for the organization, makes accepting your proposal much easier, a more personal affair.

How to Ask for Money
Our instructor for this session, John R. Percival, PhD is a professor of finance at Wharton. Dr. Percival provided some excellent case studies on building shareholder value within your business. His real life examples and engaging delivery had me more interested in Finance than I thought was actually possible. Asking for budget dollars in the security realm is a tedious annual process that is many times bane of a CSO’s existence. I learned that it’s easier to ask for funding if you can do it in a manner that drives value into your organization by delivering the message in the language of the finance team. Shift your focus from asking about financing for your project to telling how your project will positively impact financials. This is about communicating in the language of your audience. Instead of asking for money and justifying why it should be spent, position your projects in light of the value they will drive to the bottom line: the reduction in loss, the savings in personnel, the increase in time spent focusing on the customer.

Security is often pigeon-holed as a cost center, when in reality it can and should be marketed as a competitive advantage. Think about how security positively impact the business. For example, by mitigating risk, the company can deploy more stores in the market. By reducing shrink, the business can invest in growth initiatives. By streamlining operations to reduce loss, security improves efficiency and helps save labor costs. It’s easy for security professionals to focus on what’s inside their area instead of focusing on their true impact to the outside organization.

Prepare for Meetings
“Really?” you’re asking. “Prepare for meetings?” It seems obvious, but amidst the frantic pace of business today, think of how inefficient most meetings are. How many times have you been to a meeting at a set time and the only preparation time you have is the time it takes from you to walk from the last meeting into the next? The executive course really delves into the value of being prepared for meetings. The prepared person is more effective at gaining their expected outcome than the person with no agenda. It’s a small, seemingly unimportant concept, but the result of poor preparedness is simply that all your time spent in meetings gets thrown down the drain. When you think about how many meetings you have each week, that’s a significant loss.

In Conclusion: Escape out of the security silo
In short, the big lesson I learned was how to avoid getting caught up in the security silo and how to start viewing my work as a program that aligns with the company’s strategy. I know that what I am doing in security is helping the organization achieve its goals, but often I reduce my programs to tactical plans that I fail to communicate to others in the organization on a regular basis.

Security is its own animal. It’s not like sales or marketing and will not be treated like those things. In some ways, it’s the least understood function in the organization. Therefore, our job of explaining how security supports the overall strategy of the organization is much harder than it is for others. We have to look for points of integration as opposed to points of differentiation. The good news is that as security professionals, we have many strengths that we can leverage to better communicate our messages and objectives. We know people. We understand interviewing and picking up on body language and other clues. We can easily tell how people are responding to our interaction. Use this skill to guide you when presenting proposals and communicating with others.

The program’s academic director, Mario Moussa, told us, “Reality is a liquid, not a solid.” It’s the truth. In the security world, we pine for a firm foundation from which to work. We must learn to be willing to step into the liquid and immerse ourselves in the fluid reality in which business exists. We have to gain flexibility outside of the self assurance that we have developed in our specialty over the years and recognize that there is a different way to doing things. Failure to do so limits our success and that of our companies.

Joe Davis is a director of loss prevention for T-Mobile USA. He manages a team of corporate and field level investigators focused on enhancing profitability within the enterprise. Joe’s team is responsible for all internal and external operational improvement and investigative programs in the business. Since joining T-Mobile in 2008 Joe has designed and implemented numerous cutting edge programs from risk mitigation in the retail stores, to reducing operational expenses by $30MM.

By Al Jacobs, former physical security manager at Babies R Us and Linens n Things

This article is dedicated to the unlucky regional retail loss prevention manager who was suddenly given the full responsibility to install cameras in a new store. For this article, let’s call this manager Zack [all the characters listed here are fictitious]. We all can learn from Zack’s story.

As a sign of the times, most of Zack’s corporate loss prevention support staff was laid off. Each regional loss prevention manager was tasked with installing their own cameras.

What did Zack do first? Not much. Zack should have taken the time to create a comprehensive and formal project plan. There is an old Marine Corps mantra that says “prior planning alleviates confusion…” You will see how this still holds true.

Zack’s corporate seniors gave him full responsibility to hire a vendor to install a new camera system in one of his soon-to-open stores. Zack faced rapidly approaching deadlines. His store's grand opening date gave him three weeks to complete this project. One way he found to “transfer” the risk of missing this deadline was to quickly hire a camera installation vendor and punt the project to him. If anything went wrong, he had a scapegoat. If not, he was a hero.

Zack promptly emailed out a few simple specifications and an indecipherable hand drawn camera plan to four security integrators. Zack knew he should have provided his bidders a highly detailed and scaled computer-crafted camera plan along with specific equipment configuration. Zack rationalized that he could not afford to take the time to do that. He also did not have the foresight to hold a “bidder conference” so that all the vendors he contacted could interactively confirm his job’s requirements. As a result, Zack’s vendors replied with wildly disparate proposals.

Zack’s project clock ticked loudly and he was forced to quickly pick one vendor. He selected the firm with the fastest response, least detailed proposal, cheapest price and a few select but deceptively comprehensive “notes.” Zack did not realize it at the time, but the “notes” were the golden eggs that would eventually permit Zack’s chosen vendor to charge him “extra” fees later on.

With the contract inked, Zack and his approved vendor, Fred from I.M. Cameras, LLC, reviewed the project. Fred detailed his perceived scope of work. He also asked for Zack’s help in coordinating his interaction with Zack’s new store general contractor. In short order, it turned out that Zack ignored Fred’s pleas and the GC remained an aloof wild card.

Zack’s GC had other priorities. He felt no pressure to integrate his plans and schedule with Fred’s. As a result, Fred was not able to meet preliminary installation milestones. It got worse. Electrical outlets, lighting, exit doors, signage and fixtures were moved due to changed fire codes and merchandising plans. Nobody told Fred.
Fred hated being ignored by Zack’s GC. In absolute desperation, Fred called Zack’s boss, an old friend he met at a charity golf outing last year. Predictably, Zack got an irate call from his boss directing him to get Fred on the GC’s schedule or else. Zack called his GC and gave him the riot act.

Finally, the camera installation was on track. However, the delays wasted thousands of labor dollars. These charges ended up in a change order. Fred’s profits increased.

With Fred’s persistence, the job was done before the store’s grand opening. A final inspection walk through was arranged. At the walk through, Zack realized that the camera layout was not perfect. Some cameras needed to be moved. Zack realized Fred did what he could with a plan that Zack never got around to updating despite GC changes. Fred was good but not clairvoyant.

Zack accepted responsibility for the “misalignment” and created a punch list with Fred. Fred turned around and created another expensive change order to finally get Zack’s cameras system squared away. Zack’s budget was blown but the system was all squared away; at least that was what Zack thought at the time.

A parting thought, Fred, like any experienced installer, told Zack to change his camera system’s default password. Zack, in his haste to get the camera system turned over to the new store staff, forgot to change it. The default password, the one that had unrestricted authority to change any settings, was spelled out in the system’s equipment manual and online at the manufacturer’s website for the world to see. This included, at least one of Zack’s future employees.

Weeks later Zack hired a new hard charging loss prevention investigator named Willie to watch the new store. That was a big mistake.

On Willie’s first day, he had a highly caustic run in with the store’s General Manager. That prompted Willie to quit at the end of his shift. As a parting gesture, for his aggravation, he easily found the camera system’s administrative password, surreptitiously changed it and deleted all the other users.

It was Friday evening, a day later, and life sent Zack a catastrophic wake up call. His office phone rang and he found out the new store was just “hit.” It was held up. There was a crazed man with a gun who barged in, brutally pistol whipped two managers and stole all sorts of cash and merchandise. The police and an ambulances were called. Guess what happened next? 

Zack’s told his boss and then tried to remotely log-in to the store’s camera system to see what just happened. He could not connect. He called the store and asked a store supervisor to try it on-site. He had no luck. Panic set in. Zack called Fred and the manufacturer’s technical support help line. Fred was on a cruise taking advantage of his change order windfall. He did not answer his phone. The camera system’s support help line was closed for the weekend. The police would have to work without video. Zack’s boss was fuming.

The story was fabricated or was it? When it comes to camera surveillance systems, spending time up front to create a comprehensive RFP, fairly bidding out the job, verifying the deliverables and then properly following up on all the loose details afterward may seem like overkill. Invariably they prove to be necessary.

To hammer this point home, remember another old Marine Corps expression: “Sometimes it is entirely appropriate to kill a fly with a sledge-hammer!”

About the author:
Al Jacobs is a certified project management professional. He held positions as a physical security manager at Babies R Us and Linens n Things. He also worked for Stanley Convergent Security Solutions and Universal Surveillance Systems. Early in his career he was a Marine Corps communications-electronics officer.

The end of the year is a good time to step back and review what made the news this year. I wrote a series of articles for last week’s Newswire that focused on some of the biggest issues of the year. You can check out the Top 10 stories here. I also broke it down into sectors and wrote a small synopsis and listed the Top 5 stories for each sector. Check out what was hot in educational security, retail security/loss prevention, aviation security, and municipal security/port security/public transportation.

So to go along with that theme, I decided to post the Top 10 blogs from this year. Below is a list that I think you’ll find quite interesting:

1. Good to great: How to get three times the productivity from your security personnel

2. ASIS International undergoes layoffs, cites economy

3. Looking for a career after law enforcement? Perhaps you should consider this occupation

4. List of most dangerous colleges and universities causes quite a stir

5. Police chief moonlights as casino security director. Is this a conflict of interest?

6. Stadium decides Tasers ‘aren’t appropriate’ after fan incident

7. Former Chicago aviation chief says 15,000 badges missing

8. Has the TSA gone too far with frisks?

9. The tragic state of loss prevention

10. Hotel security system fails, alarm co. sued, but how much blame should security dept. have?