HomeNEWSWhat retail crime looks like in the digital age

What retail crime looks like in the digital age

A recent BBC report stated that crime cost the UK retail industry £603m in the 2013-14 financial year, 18 percent higher than the previous 12 months. The new research from the British Retail Consortium (BRC) said shoplifting, cyber-crime and fraud is now at its highest since the current recording system began in 2004. The report found that there were 698,184 offences with customer theft accounting for 81 percent of all incidents.

Shoplifting is costing Australian retailers $2.8 billion a year, with employee theft accounting for almost half of the losses, according to a new report released by Checkpoint Systems. Meanwhile, the Smart Cube’s Global Retail Theft Barometer 2013-2014, published by Checkpoint Systems, shows more than US$128 billion globally was lost to shrinkage, including employee theft, shoplifting, supplier fraud, and administrative errors, in 2013. In Australia alone, internal theft accounted for 42.5 per cent of the losses, costing $1177 million to the retail industry, while customer shoplifting accounted for 30 per cent or $831 million.

So how do all these losses compare with shoplifting, cyber-crime and fraud in New Zealand? The NZ Herald reported in 2013 that “thieves steal up to $2 million worth of goods every day from [the] country’s stores”. This claim was based on Retail NZ (formerly the NZ Retailers Association)  estimates that stated that between 2009 and 2012, 18,341 people were convicted of shoplifting.

Greg Harford, general manager public affairs at Retail NZ says, “We estimate the costs of retail crime to be in the order of a cost of $1.08 billion a year to the economy and is a significant issue for retailers. In effect, this costs every New Zealand household around $605 per year.”

A 2011 PWC (PriceWaterhouseCooper) report on economic crime in New Zealand shows that economic crime continues to be a persistent fact of business life in New Zealand. The report places

New Zealand fourth out of the 78 countries that took part in the survey in terms of level of fraud reported. This is significantly above the global average and also higher than our neighbours in Australia.

The PWC report shows New Zealand’s retail sector had the most fraud of any sector, with 80 percent of retailers suffering from some kind of crime. Today, with the rapid move to online shopping, online retail fraud including cyber fraud, identity theft and credit card fraud is becoming a major issue for retailers. It is a problem area which changes rapidly, making it difficult for retailers to keep pace.

Paul Ash is the National Cyber Policy Office director in the Department of Prime Minister and Cabinet. He says investing time and money into cyber security solutions may seem daunting and expensive, but avoiding them can be even more costly. Information technology in the retail industry is crucial. It simplifies administration and enhances the service for shoppers.

Connect Smart is an initiative by the government’s National Cyber Policy Office that promotes ways for individuals and businesses to protect themselves online. For retailers, Connect Smart has worked with sponsors Vodafone to produce a SME toolkit that determines whether your business is vulnerable and what to do about it. The toolkit features a Cyber Security Warrant of Fitness – a simple checklist of the basic measures businesses need to have in place to protect their business, staff and customers online.

It also provides some tools and templates that can be adapted to suit individual business circumstances. The basic four steps to better online security are listed as assessing the cyber security of the business; the development of a cyber-security policy; the establishment of an incident management plan; and a regularly reviewed and updated network security system.

Cybercrime is now ranked as the third most prevalent economic crime in New Zealand.

The PWC report states: “While New Zealand’s laws may be more advanced than those in other countries, it is often difficult to prosecute cyber criminals with any impact. Technological advancements are fast-paced which greatly influences cybercrime – to the extent that legislation and corporate policies need to be continually assessed and monitored to ensure they keep track.” The problem is, 60 percent of New Zealand organisations do not have the in-house capability to investigate cybercrime, or they are not aware of it.

As retailers expand their digital customer touch points, the danger of data criminals accessing sensitive customer information increases. Data breaches from retailers that affect credit card holders continue to be a concern.

To combat breaches, retailers worldwide are taking a variety of steps including putting the payment applications on a separate network. Point-to-point (P2P) encryption is also currently used by a number of retailers.

EMV, the global standard for inter-operation of integrated circuit cards has been used in chip-and-PIN form to record low in-store fraud rates, although fraudsters have made the shift to online theft, which is not protected by EMV technology.

“If you accept fraudulent payments online, it is harder for the retailer to recover the money,’ says Harford. “I’ve heard of situations where retailers have accepted online payments in good faith that have been reversed by the bank, leaving the retailer out of pocket.”

The new version of the Payment Cards Industry Data Security Standards (PCI DSS) came into force for online retailers on 1 January 2015. The standards require retailers or their payment service provider to perform penetration testing, add audit reporting and testing processes, and increase procedural documentation. Many retailers still remain unaware of the changes.

Cyber criminals constantly adapt their attacks and retailers need to stay on top of the latest developments, adopting better infrastructure security such as robust point-of-sale terminals and software, improving the way payments are transmitted, storing purchase details securely and processing the information with great care. Data now needs to be encrypted both in-store and in the cloud.

“One of the issues in the physical card world is the concern around fraud, and the stealing of someone’s 16 digit card number,” says Caroline Ada, Visa’s country manager for New Zealand and South Pacific. She says the new technologies will remove some concerns around consumer fraud. “The key is biometrics, only you can make a transaction using your fingerprint to authenticate.”

According to a recent PWC survey, only 20 percent of businesses rated themselves as having an “excellent” digital IQ. Voice recognition, retina scans, fingerprints, or DNA are the future of shopper identification and retailer security.

Retail fraud victims indicated that their main perpetrator came from ‘outside the organisation’ but many organisations are often reluctant to report fraud due to concerns over potential damage to their brand.

“There is a significant element of criminal activity that is active in the retail environment in New Zealand,” says Harford. “Organised criminal gangs are operating on a quite significant basis.”

Retailers have a number of programmes in place and a co-operative relationship with police, who are keen to share information. One such programme is Eyedentify, a web-based platform that allows retailers and police to work together effectively to prevent crime by generating and sharing real-time intelligence. The platform takes the hassle out of reporting crime, capturing evidence, and connecting the dots on repeat offenders and organised crime groups.

“Eyedentify is creating a network to connect people with information to prevent crime,” says CEO Phil Thomson. “Theft accounts for nearly a third of all crime reported to the police and only one in 100 offences are estimated to be actually reported across Australasia.”

Eyedentify uses the 80/20 rule when looking at retail crime – 20 percent of the offenders are responsible for 80 percent of the problem. Current information through the Eyedentify platform shows the top 10 percent of offenders are stealing 55 percent of the total value.

The core product is Eyedentify’s platform that makes it easy to report, manage, and share site-based incidents. Eyedentify transforms this basic information into real-time intelligence.

If an incident occurs in-store, a retailer can quickly upload that information to Eyedentify, through which it is shared with other trusted parties in the area (including other retailers and police). An official report can be sent electronically to the police, removing the need for additional phone calls and duplication of information, and the information is able to be used to create insights into criminal behaviour patterns.

“For large retailers, it gives a real-time view of crime incidents across its store network while removing complicated processes and paperwork,” says Thomson. “What previously took staff over an hour – reporting an incident – can now be completed electronically in less than 10 minutes, including an official report to the police, along with alerts being sent out to its other stores and local police in the area to prevent further crime.”

Eyedentify conducted successful trials last year with a number of major retailers in the Counties Manukau police district. A significant number of repeat offenders and organised crime groups were discovered to be targeting retailers across Auckland but thanks to Eyedentify, a number of preventative actions were taken by both retailers and police to reduce retail crime in the community.

Off the back of this success, Eyedentify has now been rolled out across the country with great success in Waikato and Canterbury in particular.

Meanwhile in Rotorua, shop-owners, in a bid to prevent their stock being stolen, have started to use images taken from CCTV cameras to name and shame perpetrators on Facebook. This recent social media trend was highlighted recently in a report from Britain where a chain store singled out suspected shoplifters in defiance of human rights laws. Across the ditch in Australia, more and more retailers are publicly naming and shaming shoplifters. However this seems to be an activity that is isolated in New Zealand and Harford says he is “not aware of social media being widely used for this purpose.”

Identifying people as shoplifters is potentially illegal. Retailers tempted to use this approach should be made aware that they could be sued for defamation over a social media post that identifies and shames an alleged shoplifter.

Fighting retail crime with New Zealand privacy laws can be a nightmare with staff having no right to search bags, even if they have a sign by the entrance or inside the store that says they can do this. Staff training around this area is key. According to an article from retail.kiwi, “New Zealand retailers have little legal protection when taking responsive action to incidents of theft. These limitations are known to organised offenders who exploit this lack of rights.”

Store design, customer service and technology can go a long way to preventing shoplifting but those retailers that choose not to prosecute shoplifters run the danger of word getting around and becoming a target for thieves.

Stores in many countries are now using RFID tags to cut down on shoplifting at the same time as using them to streamline payment processing by allowing customers to bypass the checkout counter, automatically deducting their debit card as they leave the store.

“RFID technology has potentially a number of benefits for store security,” reports Harford. “But at this stage, we are not aware of any significant uptake by New Zealand retailers.”

Retaining control of stock is critical to countering theft, but the process can be the bane of a retailer’s existence with countless hours of preparation, long hours counting and then incessant re-checking and qualification. Vitag’s new RFKeeper RFID system can assist with this – converting a typical New Zealand apparel store typically takes than a day, and from then on, stocktaking takes around 30 minutes each time with accuracy levels of over 99.5 percent. No IT integration is required and it’s compatible with all existing AM and RF EAS security systems.

Technology is evolving and there have been significant advances in cameras and security systems that have been helpful to retailers. Hemispheric or fisheye cameras with 360-degree vision provide higher resolution and better picture quality to give retailers access to powerful analytics to prevent losses. Mounted to the ceiling of the store, the camera views and records a 360-degree area. A single IP camera captures 360° and 180° panoramic overviews of the store in 5 MP resolution eliminating blind spots and the need to deploy multiple cameras to capture the same area from every possible angle. These are essential in helping to identify and prosecute criminals.

This story was originally published in NZ Retail magazine issue 737, April/May 2015.

Rate This Article: