There are only two sides when it comes to shoplifting: the perpetrators who conduct the heist and the retailer whose goods are stolen.
Shoplifters are continually inventing new ways to strike, and using new channels to plan and communicate. Some retailers are more successful than others in staying ahead of theft and combatting the problem, however shoplifters continue to score big around the world.
Three studies released last year reveal just how extensive the shoplifting problem is. The first – the 2018 Sensormatic Global Shrink Index from Tyco Retail Solutions, polled 1,100 retail decision makers across four regions, 14 countries and 13 retail segments.
Research conducted by PlanetRetail RNG found that the retailers surveyed who “operate over 229,000 stores, generated an estimated US$1.56 trillion during 2017-2018 and account for 80 percent of total global retail sales,” lost nearly US$100 billion to what is known as shrink.
“Shrink,” the study noted, “otherwise known as a reduction in inventory due to shoplifting, employee theft or other errors, significantly impacts a retailer’s bottom line.”
In September, information security company SecurityScorecard released its 2018 Retail Cybersecurity Report, which contained other worrisome findings.
The document, which compares the average SecurityScorecard grade of the retail industry to other vertical markets found the following:
- Over 90 percent of the retail domains analyzed indicated non-compliance with PCI DSS standards. (PCI DSS stands for “The Payment Card Industry Data Security Standard,” and it was created to increase controls to reduce credit card fraud.)
- Out of all industries monitored, the retail sector scored second to last – a significant drop from 2017.
- Retail ranks last in security measures against social engineering vulnerabilities, a drop from seventh place in the previous year’s report.
- Periodic scans for issues and vulnerabilities are not as effective against attacks as real-time monitoring.
“This year, the retail’s security posture fell lower than in year’s past, both in application security and social engineering,” said Fouad Khali, head of compliance at SecurityScorecard when the findings were first released.
“To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. This demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines.”
The third and final report was the 14th annual Organized Retail Crime (ORC) study, released in November by the National Retail Federation (NRF), which found a staggering 92 percent of companies surveyed have been a victim of ORC.
“Retailers continue to deal with increasing challenges and complications surrounding organized retail crime,” said NRF vice president of loss prevention Bob Moraca. “These criminals find new ways to expand their networks and manipulate the retail supply chain every day.
The retail industry is always upgrading their tech, building better connections with community law enforcement and tightening return policies in an attempt to minimize loss. It is a constant struggle.
The study concludes that “ORC targets items that can be easily stolen, and quickly resold, and top items range from low-cost products like laundry detergent, razors, deodorant, infant formula and blue jeans, to high-end goods like designer clothing and handbags, expensive liquor and cell phones.”
Individuals involved in shoplifting rings are also extremely tech savvy and are not shy about communicating with their brethren online.
A case in point and a site that anyone involved in anti-shoplifting efforts would be well advised to be aware of is Raddle.me, which bills itself as a community for “outsiders, malcontents and wayward dreamers.”
Raddle.me, a data source in the Echosec platform, is a lesser known source of alternative data. It is home to extensive shoplifting forums and other chatter that retailers would benefit from having quick access to.
Made up of users who bailed from Reddit over the banning of a particular forum (subreddit), “the founder of Raddle wanted to create a more democratic platform that allowed individuals to speak freely."
“Though we don’t restrict our site to any specific ideology, Raddle is managed according to libertarian anarchist concepts in order to provide the best experience to its users. We embrace the principles of mutual aid, direct democracy, freedom of association, direct action, user privacy / security, anti-authoritarianism / moderator-transparency, and free and open source software.”
Egalitarian for sure, but dig deeper and a site that is hosted on a VPS in Amsterdam with admins “based in West Asia, Scandinavia and somewhere in Africa,” should be bookmarked by all retail security teams for asset protection and loss prevention purposes.
Through data discovery tools like Echosec, information can be gathered to better understand shoplifter behaviour and minimize shrinkage and other issues retailers face in an effort to protect their goods.
To learn more about using Echosec and Beacon for your organization, request a consultation with a member of our team.