SlideShare une entreprise Scribd logo

Core Elements of Retail LP Shortened version 15MB

Télécharger en tant que PPTX, PDF
Alan Greggo
Alan Greggo
1  sur  28
ASIS International Seminar & Exhibits September 28-October 1, 2015 Anaheim, California
Core Elements of Retail Loss Prevention Sponsored by:The Retail Loss Prevention Council September 28, 2015
Organized Retail Crime (ORC) Survey Summary – $30 Billion/Year problem! – ORC Fencing Operations – 8 of 10 retailers-victimized – Need for Federal Laws for ORC-interstate transport – Retailers’ financial investment in fighting organized retail crime tops $400,000 on average – Concerns over store merchandise credit and gift card fraud schemes remain high
Survey Summary – Top Cities for ORC: Houston, Los Angeles, New York and Miami and new – Detroit – Impact of Cargo Theft: 24% of retailers reported store-level theft – 33% of retailers noticed a reduction in ORC activity where state laws exist
ORC Actions • Law Enforcement Collaboration • Federal • State • Local • Legislative Activity/ Capitol Hill • State Legislative Activity • Retail Relationships • Industry ORD Groups
Example ORC Law • Michigan enacted in 2013 (5 year felony) – Knowingly commits organized retail crime – steals with intent to sell or redistribute – Assists another in committing – organizes, finances, manages – Affecting anti-theft device from activating – Knowingly purchasing cell phone with intent to defraud or break service contract
Tools For Battle • Aforementioned Industry Collaboration • CCTV Analytics • Facial Recognition • Anti-Shelf SweepingTechnology • License Plate Recognition • RFIDTools • Greeters • Shopping Cart Lockdown Devices Today many retailers have established and dedicatedORCTeams that are focused on stemmingORC’s foothold
Organized Retail Crime • Triangulation Fraud Schemes • Ranked 9th in 2012; now #1 in impactful and frequency fraud type by the Merchant Risk Council and Cybersource • Fraudster buys stolen credit cards, advertises phantom product and orders product with stolen credit card • Three victims: person whose card is stolen, person who orders product and merchant who drop ships the goods • Combating theTriangulation Scheme • Use screening algorithm to identify red flags • Shipping address differs from billing address • First time card used on this site? • First and last names capitalization • Possible language from high-fraud foreign country • Originate from proxy address • Device fingerprinting analysis • Transfer transaction over to human fraud analyst E-Commerce Fraud
Crisis Management and Response • Undesired and unexpected event • Disrupts the business and/or jeopardizes employee and customer safety • Likely to last for an extended period • Requires unplanned commitment of resources 'CRISIS' DEFINED
Crisis Examples • Natural disaster (fire; tornado; flood; earthquake) • Political event (riot; demonstration; civil unrest) • Product tampering • Kidnapping (abduction; hostage event) • Criminal event (mass murder; drive-by shooting; active shooter) • Terrorist event (bombing;WMD) • Network breach/sabotage
Objectives of the Crisis ManagementTeam  Effective and efficient resolution  Centralizes authority and responsibility  Minimizes organizational impact  Provides structure and discipline to the effort
Crisis ManagementTeam (CMT) • Wrong: o Reactive not proactive o Just select some 'good people' and turn them loose • Right: o Identify needed area of coverage o Select appropriate personnel
Important Characteristics of a CMT •Temporary task force • Fewest members possible (only those needed) • Diversity of members • Members present a unified 'front' • It is the only part of the business working on the crisis
Responsibilities of the CMT  Assessing the crisis o Ensuring the situation is sufficiently understood to begin resolution  Containing the crisis o Protecting the company’s employees and assets  Planning the response  Resolving the crisis Case Study- Baltimore Riots
Protecting PII (Privately Identifiable Information) • 66% Of Respondent named malware attacks as number one threat • Based on the 2014 survey viruses, worms, Trojans, and other malware were problems for 61% of respondents • About 12% of respondents had run ins with targeted attacks • The protection of confidential data against leakage is now the top priority of most companies (38%) • Damages from one data security incident were estimated at an average $720,000 • Damages from one successful targeted attack could cost a company as much as $2.54 million. • As Loss Prevention and Asset Protection leaders, we have responsibility to protect our business from these types of attacks- where we have ability and controls. Kaspersky Lab IT Security Risks Survey 2014:
Protecting PII An estimated 39% of incidents involving data breaches and systems failures come from inside an organization.
Questions We Should Ask Of Our IT Security Partners In Retail Organizations • What’s the status of the PCI audit or IT security audit? • Who has access to your company’s Technology • Do third parties access your equipment and or information? • What Control Mechanisms are in place? • Can we audit session activity? • What are the loose ends?
The Cost of a Security Incident oLoss of faith in the retailer oDamage to the brand oLoss in sales revenue oCost of PR Firms, Lawyers oCost of lost time your executive spend meeting about breach restoration efforts oScramble to satisfy States Attorneys General oCost of identity theft monitoring and restorative services to all customers effected
Are Our Employees ProperlyTrained? • Malware can be installed by insiders; your Employees • Clicking on malicious links/ attachments • Sensitive Customer Data • No password sharing • Control password changes • If point of sale software is installed on computer, ensure no web browsing or email
What does the physical Loss Prevention professional bring to the table? Security RiskAssessment Access Control Audits to all controlled area doors Camera coverage to all server room, electrical, mechanical and telecommunications rooms Minimum of 90 days video retention Visitor & lobby controls Management of physical technology security (laptop locks) especially after hours Mobile POS device lock down and usage logging Incident Reporting Management Investigations Expertise Training on handling PII
InternalTheft Controls • Retailers have reported to researchers that internal theft tops their list of drains on profitability; up to 42% of what makes up retail shrinkage dollars nationally. • Internal theft is most serious because employees have far wider access and longer access to company assets once they decide to steal.Thefts can go on for years if undetected and cause hundreds of thousands, even millions of dollars.
Preventing InternalTheft  CBT Application Process Screens Applicants Early Prevents Bad Hires Pre – Employment Screening Trust, ButVerify - Ronald Reagan
Preventing InternalTheft Background Checks • Sensitive Positions • Day Care • Pharmacy • Finance • Manager Positions andAbove • Loss PreventionAgents • Mandatory Pre-hire DrugTesting • Testing for Cause • Post Accident Injury Drug Screening
InternalTheft Controls • Employee Orientation and Employee Handbook Statements about Integrity and Ethics in the Workplace • Employee Package Checks (On the Clock) • Camera Surveillance • Store Level Loss Prevention Presence • Point of Sale Data Mining • Solid Employee Management
InternalTheft Controls Metrics • Relationship between audit scores & shrink • Measure performance not compliance • Are your programs working ? • Root Causes • Operational • Systemic Computer BasedTraining • Consistent Message • ReoccurringTraining • Waste & Loss • Integrity • Satisfies certain regulatory requirements • Ability to track progress & participation
InternalTheft Controls • Pay EmployeesWell • Performance Recognition • Employee Coaching as Needed • Ensure Management is Fair and Free of Harassment and Retaliation
Preventing InternalTheft GPS-Group Problem Solving • Facilitates Team Atmosphere • Provides “Buy In” forAssociates • Ideas to Implementation
Preventing InternalTheft Open Door Policy • Encourage an Open Door Policy Where Employees Have a Hotline, or Many Phone Numbers and Email Addresses for Reporting Violations Gather Feedback and Act on it • Employee Engagement Annual Survey

Recommandé

Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
ARMA International
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
Citrin Cooperman
 
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Case IQ
 
Combating Fraud: Six Principles for Security
Combating Fraud: Six Principles for Security Combating Fraud: Six Principles for Security
Combating Fraud: Six Principles for Security
Strategic Treasurer
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 

Recommandé

Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
Johnny Lee - #InfoGov17 - Information Governance & Data Risk Management: Flip...
ARMA International
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
MasterSnacks Cryptocurrency: Operational and Internal Considerations for Comp...
Citrin Cooperman
 
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Under the Table: Combatting Bribery and Corruption Through Analysis and Preve...
Case IQ
 
Combating Fraud: Six Principles for Security
Combating Fraud: Six Principles for Security Combating Fraud: Six Principles for Security
Combating Fraud: Six Principles for Security
Strategic Treasurer
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
How Secure is your Business? Fraud Risk Analysis and Security Management
How Secure is your Business? Fraud Risk Analysis and Security ManagementHow Secure is your Business? Fraud Risk Analysis and Security Management
How Secure is your Business? Fraud Risk Analysis and Security Management
whbrown5
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012
aj22dms
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
Security For Outsourced IT Contracts
Security For Outsourced IT ContractsSecurity For Outsourced IT Contracts
Security For Outsourced IT Contracts
Bill Lisse
 
Presentation
PresentationPresentation
Presentation
Tushar Verma
 
Identity Checkpoint
Identity CheckpointIdentity Checkpoint
Identity Checkpoint
alaskanrogue
 
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Case IQ
 
Cybersecurity Presentation 6-11-15
Cybersecurity Presentation 6-11-15Cybersecurity Presentation 6-11-15
Cybersecurity Presentation 6-11-15
Turner and Associates, Inc.
 
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Dan Reynolds, CPA, CFE, CAMS
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Financial Poise
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
Rebecca1243
 
Saahil Goel Firm Profile
Saahil Goel Firm ProfileSaahil Goel Firm Profile
Saahil Goel Firm Profile
guestfd062
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money Laundering
Kartik Mehta
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
FraudBusters
 
IITA youth corps occupational fraud awareness
IITA youth corps occupational fraud awarenessIITA youth corps occupational fraud awareness
IITA youth corps occupational fraud awareness
International Institute of Tropical Agriculture
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
Joe Nathans
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
Sami Benafia
 

Contenu connexe

Tendances

Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
Security For Outsourced IT Contracts
Security For Outsourced IT ContractsSecurity For Outsourced IT Contracts
Security For Outsourced IT Contracts
Bill Lisse
 
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Case IQ
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Financial Poise
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
Saahil Goel Firm Profile
Saahil Goel Firm ProfileSaahil Goel Firm Profile
Saahil Goel Firm Profile
guestfd062
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
FraudBusters
 

Tendances (19)

How Secure is your Business? Fraud Risk Analysis and Security Management
How Secure is your Business? Fraud Risk Analysis and Security ManagementHow Secure is your Business? Fraud Risk Analysis and Security Management
How Secure is your Business? Fraud Risk Analysis and Security Management
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Security For Outsourced IT Contracts
Security For Outsourced IT ContractsSecurity For Outsourced IT Contracts
Security For Outsourced IT Contracts
 
Presentation
PresentationPresentation
Presentation
 
Identity Checkpoint
Identity CheckpointIdentity Checkpoint
Identity Checkpoint
 
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
Misconduct or Missed Conduct? Ensuring Consistent SAR Reporting of Internal M...
 
Cybersecurity Presentation 6-11-15
Cybersecurity Presentation 6-11-15Cybersecurity Presentation 6-11-15
Cybersecurity Presentation 6-11-15
 
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
Third Party Compliance: Issues and Strategies to Mitigate Corruption Related ...
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
 
Saahil Goel Firm Profile
Saahil Goel Firm ProfileSaahil Goel Firm Profile
Saahil Goel Firm Profile
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money Laundering
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
 
IITA youth corps occupational fraud awareness
IITA youth corps occupational fraud awarenessIITA youth corps occupational fraud awareness
IITA youth corps occupational fraud awareness
 

Similaire à Core Elements of Retail LP Shortened version 15MB

Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
Sami Benafia
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
Bill Lisse
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities
Emily2014
 

Similaire à Core Elements of Retail LP Shortened version 15MB (20)

NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Partner Alliance Webinar - Sales Tax | Fixed Assets Solutions - An Overview
Partner Alliance Webinar - Sales Tax | Fixed Assets Solutions - An OverviewPartner Alliance Webinar - Sales Tax | Fixed Assets Solutions - An Overview
Partner Alliance Webinar - Sales Tax | Fixed Assets Solutions - An Overview
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Cyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data BreachesCyber Security, IP Theft, and Data Breaches
Cyber Security, IP Theft, and Data Breaches
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 

Core Elements of Retail LP Shortened version 15MB

  • 1. ASIS International Seminar & Exhibits September 28-October 1, 2015 Anaheim, California
  • 2. Core Elements of Retail Loss Prevention Sponsored by:The Retail Loss Prevention Council September 28, 2015
  • 3. Organized Retail Crime (ORC) Survey Summary – $30 Billion/Year problem! – ORC Fencing Operations – 8 of 10 retailers-victimized – Need for Federal Laws for ORC-interstate transport – Retailers’ financial investment in fighting organized retail crime tops $400,000 on average – Concerns over store merchandise credit and gift card fraud schemes remain high
  • 4. Survey Summary – Top Cities for ORC: Houston, Los Angeles, New York and Miami and new – Detroit – Impact of Cargo Theft: 24% of retailers reported store-level theft – 33% of retailers noticed a reduction in ORC activity where state laws exist
  • 5. ORC Actions • Law Enforcement Collaboration • Federal • State • Local • Legislative Activity/ Capitol Hill • State Legislative Activity • Retail Relationships • Industry ORD Groups
  • 6. Example ORC Law • Michigan enacted in 2013 (5 year felony) – Knowingly commits organized retail crime – steals with intent to sell or redistribute – Assists another in committing – organizes, finances, manages – Affecting anti-theft device from activating – Knowingly purchasing cell phone with intent to defraud or break service contract
  • 7. Tools For Battle • Aforementioned Industry Collaboration • CCTV Analytics • Facial Recognition • Anti-Shelf SweepingTechnology • License Plate Recognition • RFIDTools • Greeters • Shopping Cart Lockdown Devices Today many retailers have established and dedicatedORCTeams that are focused on stemmingORC’s foothold
  • 8. Organized Retail Crime • Triangulation Fraud Schemes • Ranked 9th in 2012; now #1 in impactful and frequency fraud type by the Merchant Risk Council and Cybersource • Fraudster buys stolen credit cards, advertises phantom product and orders product with stolen credit card • Three victims: person whose card is stolen, person who orders product and merchant who drop ships the goods • Combating theTriangulation Scheme • Use screening algorithm to identify red flags • Shipping address differs from billing address • First time card used on this site? • First and last names capitalization • Possible language from high-fraud foreign country • Originate from proxy address • Device fingerprinting analysis • Transfer transaction over to human fraud analyst E-Commerce Fraud
  • 9. Crisis Management and Response • Undesired and unexpected event • Disrupts the business and/or jeopardizes employee and customer safety • Likely to last for an extended period • Requires unplanned commitment of resources 'CRISIS' DEFINED
  • 10. Crisis Examples • Natural disaster (fire; tornado; flood; earthquake) • Political event (riot; demonstration; civil unrest) • Product tampering • Kidnapping (abduction; hostage event) • Criminal event (mass murder; drive-by shooting; active shooter) • Terrorist event (bombing;WMD) • Network breach/sabotage
  • 11. Objectives of the Crisis ManagementTeam  Effective and efficient resolution  Centralizes authority and responsibility  Minimizes organizational impact  Provides structure and discipline to the effort
  • 12. Crisis ManagementTeam (CMT) • Wrong: o Reactive not proactive o Just select some 'good people' and turn them loose • Right: o Identify needed area of coverage o Select appropriate personnel
  • 13. Important Characteristics of a CMT •Temporary task force • Fewest members possible (only those needed) • Diversity of members • Members present a unified 'front' • It is the only part of the business working on the crisis
  • 14. Responsibilities of the CMT  Assessing the crisis o Ensuring the situation is sufficiently understood to begin resolution  Containing the crisis o Protecting the company’s employees and assets  Planning the response  Resolving the crisis Case Study- Baltimore Riots
  • 15. Protecting PII (Privately Identifiable Information) • 66% Of Respondent named malware attacks as number one threat • Based on the 2014 survey viruses, worms, Trojans, and other malware were problems for 61% of respondents • About 12% of respondents had run ins with targeted attacks • The protection of confidential data against leakage is now the top priority of most companies (38%) • Damages from one data security incident were estimated at an average $720,000 • Damages from one successful targeted attack could cost a company as much as $2.54 million. • As Loss Prevention and Asset Protection leaders, we have responsibility to protect our business from these types of attacks- where we have ability and controls. Kaspersky Lab IT Security Risks Survey 2014:
  • 16. Protecting PII An estimated 39% of incidents involving data breaches and systems failures come from inside an organization.
  • 17. Questions We Should Ask Of Our IT Security Partners In Retail Organizations • What’s the status of the PCI audit or IT security audit? • Who has access to your company’s Technology • Do third parties access your equipment and or information? • What Control Mechanisms are in place? • Can we audit session activity? • What are the loose ends?
  • 18. The Cost of a Security Incident oLoss of faith in the retailer oDamage to the brand oLoss in sales revenue oCost of PR Firms, Lawyers oCost of lost time your executive spend meeting about breach restoration efforts oScramble to satisfy States Attorneys General oCost of identity theft monitoring and restorative services to all customers effected
  • 19. Are Our Employees ProperlyTrained? • Malware can be installed by insiders; your Employees • Clicking on malicious links/ attachments • Sensitive Customer Data • No password sharing • Control password changes • If point of sale software is installed on computer, ensure no web browsing or email
  • 20. What does the physical Loss Prevention professional bring to the table? Security RiskAssessment Access Control Audits to all controlled area doors Camera coverage to all server room, electrical, mechanical and telecommunications rooms Minimum of 90 days video retention Visitor & lobby controls Management of physical technology security (laptop locks) especially after hours Mobile POS device lock down and usage logging Incident Reporting Management Investigations Expertise Training on handling PII
  • 21. InternalTheft Controls • Retailers have reported to researchers that internal theft tops their list of drains on profitability; up to 42% of what makes up retail shrinkage dollars nationally. • Internal theft is most serious because employees have far wider access and longer access to company assets once they decide to steal.Thefts can go on for years if undetected and cause hundreds of thousands, even millions of dollars.
  • 22. Preventing InternalTheft  CBT Application Process Screens Applicants Early Prevents Bad Hires Pre – Employment Screening Trust, ButVerify - Ronald Reagan
  • 23. Preventing InternalTheft Background Checks • Sensitive Positions • Day Care • Pharmacy • Finance • Manager Positions andAbove • Loss PreventionAgents • Mandatory Pre-hire DrugTesting • Testing for Cause • Post Accident Injury Drug Screening
  • 24. InternalTheft Controls • Employee Orientation and Employee Handbook Statements about Integrity and Ethics in the Workplace • Employee Package Checks (On the Clock) • Camera Surveillance • Store Level Loss Prevention Presence • Point of Sale Data Mining • Solid Employee Management
  • 25. InternalTheft Controls Metrics • Relationship between audit scores & shrink • Measure performance not compliance • Are your programs working ? • Root Causes • Operational • Systemic Computer BasedTraining • Consistent Message • ReoccurringTraining • Waste & Loss • Integrity • Satisfies certain regulatory requirements • Ability to track progress & participation
  • 26. InternalTheft Controls • Pay EmployeesWell • Performance Recognition • Employee Coaching as Needed • Ensure Management is Fair and Free of Harassment and Retaliation
  • 27. Preventing InternalTheft GPS-Group Problem Solving • Facilitates Team Atmosphere • Provides “Buy In” forAssociates • Ideas to Implementation
  • 28. Preventing InternalTheft Open Door Policy • Encourage an Open Door Policy Where Employees Have a Hotline, or Many Phone Numbers and Email Addresses for Reporting Violations Gather Feedback and Act on it • Employee Engagement Annual Survey