THE WORLD OF retail theft is as old as the five-finger discount, but today's thieves are more organized and more sophisticated. To find out about the current challenges facing the loss prevention field, CSO Senior Editor Daintry Duffy spoke with two experts: David F. McGowan, vice president for worldwide security services at Tiffany & Company, and King Rogers, a consultant and former vice president for assets protection at Target.
It turns out that guarding the contents of the little blue box is not all that different from guarding a big box discount retailer. Rogers and McGowan offer surprising insights regarding the growing influence of the Internet in retail theft and fraud, the often difficult task of convincing management to invest in loss prevention efforts, and why Winona Ryder's sticky-fingered work caught on a store security camera may have a greater impact than anything she has done on the big screen.
CSO: By one estimate, organized retail theft (ORT) costs retailers $US34 billion a year in the United States. Why is ORT on the rise, and how has it affected the loss prevention industry?
King Rogers: We're definitely seeing more and more organized theft, as opposed to opportunists and amateurs. Part of the reason for this could be the ease of getting rid of the merchandise. In the past you would find stolen products showing up in flea markets across the country. But today with Internet auctions like eBay, there's a whole new outlet for stolen products.
David F. McGowan: From the jewellery industry perspective, what we're seeing in the traditional retail stores is a greater degree of risk-taking with people coming in during the day and doing grab-and-run thefts: Rolex watches, solitaire diamond rings, anything with stones that can be separated from the metal and peddled in a secondary market. The thieves are more aggressive and are taking more risks.
Rogers: David, what about the phenomenon of smash-and-grabs that was so common 10 years ago?
McGowan: Smash-and-grabs continue to occur, but I don't think the frequency is as great. A lot of retailers have taken steps to improve their glass standards [on windows and merchandise display tables] to make it more difficult. However, we have seen, particularly in the past three to five years, a higher degree of what we call three-minute gang attacks. These traditionally happen overnight, and the thieves are generally in and out in three minutes — because that's the average police response time in major metropolitan areas at night. It may take them a minute to penetrate the perimeter of a jewellery location, so then they have 90 seconds to grab everything they possibly can.
They've also figured ways to surreptitiously attack the showcases during the day. For example, there is a lot of glass and glue in the corners of some of the showcases. They have figured a way to neutralize the glue through a freezing technique so they can separate the glass, reach in and take what they need. There's usually a group that goes into a store and as one of them attacks the glass, another is distracting the sales professionals.
The Internet gives these criminals a virtually anonymous secondary market for stolen or counterfeit goods. How do you combat that?
McGowan: In 2003, we identified that the counterfeiting of Tiffany products was becoming a greater issue. We don't perceive our issue to be as problematic as some of the other luxury brand owners: Louis Vuitton, Chanel, Gucci...but we did notice a significant spike in the presence of counterfeit Tiffany products and packaging in various markets like Canal Street in New York City and on eBay. Customers started coming in asking if we could validate a product they bought on eBay as legitimate. We started assigning some internal resources from both legal and security to go on eBay.
We would buy some product, bring it in-house and work with our quality assurance group to determine whether it was real or fake. Once we determined that there was a good amount of counterfeit products being sold, we were able to identify search criteria on eBay that would net us the counterfeiting sellers and auctions. We started using the VeRO (Verified Rights Owner) program offered by eBay that allows a luxury brand owner or an intellectual property owner — as Tiffany is of the Tiffany name and Tiffany colour — to appeal to eBay through VeRO to remove that seller and their auctions because they're breaking federal trademark infringement law. When we first started with our criteria, we were at around 3,500 auctions per day that we identified as potentially counterfeit. I think on our best day, we got it down to about 400 auction sites a day that were selling potentially non-Tiffany merchandise. So we considered that a victory.
Which perpetrators do the greatest harm: the serial solo shoplifter, ORT thieves or internal employees?
Rogers: I have a very strong opinion on that. Richard Hollinger, a professor at the University of Florida, conducts and publishes the results of a national retail security survey every year. For the past five years, the results have indicated that internal theft is rising as a cause of losses for retailers, whereas external theft is going down. Well, my challenge to my peers in the loss prevention industry is: Why are you allowing that to happen? There are two populations involved here. One is a population over which you have direct influence — your employees. If you select them appropriately, train them appropriately, monitor their activities and treat them appropriately [you should have few problems]. The external group is the public whom you invite to come into your stores, and you don't have much control over them. So if that data is correct, what the heck have we been doing about it?
McGowan: We like to think that we've done a good job making sure we have the right employees and the right controls in place so that we can limit internal theft. However, when it does happen, it's pretty bad, primarily because of our product. You could take a handful of loose diamond stones and retire if you knew what to do with them.
Rogers: Of course there is a significant price point difference between a Tiffany operation and a major discount chain operation. Tiffany is a different kind of company and can be more selective in the choice of the job candidate than some of the lower-end retailers. Management is more in tune with the employee selection and training.
But even with the difference between selling a 99 cent Coke and a $20,000 necklace, there must be some loss prevention fundamentals that remain the same.
McGowan: Absolutely. For example, most retailers have a degree of physical security that needs to be maintained, inventory control, the screening of employees, ensuring the integrity of the operation itself through auditing or surveillance....
Rogers: And if you take those common fundamentals and apply five basic tactics to any of them, they're the same throughout the industry. First is prevention: Take appropriate steps to prevent any types of loss. The second tactic is detection. When an incident occurs, the sooner you detect it, the greater chance you have of making a recovery. The third tactic is investigation. After you detect that something has been stolen or that a fraud has been prevented, you have to investigate swiftly and legally. Often [swiftness and legality] are in conflict with each other. The fourth tactic is resolution. In the case of an internal theft at a Target store, the resolution occurs when we have the offending employee in the loss prevention office and we are interviewing him. We want to find out just how much of a loss that employee has caused. At the end of the interview, one thing happens for sure — that employee is no longer an employee. In all likelihood we are also going to prosecute that individual, so we have to enter that individual into the law enforcement machine.
The fifth and final tactic is recovery. During the course of that interview, let's say that employee admits to $300 of theft in a Target store. I want to ask that individual to sign a promissory note to pay us back. I'll go one step further: If they have a credit card, a non-Target issued credit card, I will ask them if they would like to put that promissory note on their card, and I'll process the transaction right there. Because I've got a responsibility to make Target whole again.
If prevention is the first fundamental, then the employees, buyers and truck drivers who work with the merchandise on a daily basis are the first line of defence. What kinds of training programs are effective in educating those populations?
Rogers: The training programs that we delivered to our asset protection people and our store operations and distribution centre people were all created internally, based on need and desired results. There are a lot of good training products out there, but we always tended to customize ours.
McGowan: Yeah, I think you need to customize to your organization, and you may even need to customize geographically depending on the scope of your operations. Some things that work in the United States don't work in Japan or other areas. One of the things we're giving consideration to — and funding and infrastructure are always a challenge — is that we want to get to higher training retention. We can use video, sound and entertainment to improve the quality of training. This will allow employees to do more just-in-time training where they can take themselves through various programs or refresh.
Rogers: That can be done on the employees' own time, but more importantly you can track the progress of your employees. If you put training of store security officers into an electronic interactive media, you can actually produce their training records in court if called upon to do so.
McGowan: That's an excellent point. As a luxury brand retailer, we watched with great curiosity and interest the whole Winona Ryder case that took place out in Beverly Hills with Saks Fifth Avenue. It was very high profile, and I know that records were subpoenaed to determine the quality of the education that the security personnel had received. To move training into a medium where there's a trackable and traceable record over time is very important to any security organization.
Rogers: Having documented high-quality training not only served to help convict Winona Ryder but also served to protect the retailer in the process. If you fail to provide that kind of protection, that's a very expensive lesson for a retailer to learn, not only in raw dollars but in terms of brand erosion. Let's say that the Winona Ryder case did not turn out the way it did and that Saks had done a bad job of training its people — Saks would have lost a lot of credibility with the general public and with its customers.
So technology advances have led to better training and better documentation. What are other promising technologies for the loss prevention industry?
Rogers: Video can be extremely useful if it is used properly and managed properly and integrated with other technologies. One good example is monitoring a transaction at the point of sale. Take a supermarket environment where the cashier is scanning a lot of different products: There are things that cashiers can do if they are dishonest during checkout to benefit the customer like passing merchandise or giving out discounts. Whatever trick they are trying, the best way to catch that is with video because it also gives you an evidentiary record.
McGowan: As the industry migrates from traditional VHS tape over to digital storage, the ability of these systems to integrate with different management systems gives you tremendous opportunities. We have a JD Edwards management system that tracks some of our inventory in the manufactory processes. This management system actually interacts with the Loronix video system we're using in our manufacturing location. So as it tracks inventory financially, you can keep a video record as well, and one ties into the other. If you truly want to know what's happening with an asset, you can actually see it.
There must be aspects of a store's physical design that can deter retail theft as well.
Rogers: Picture a Target store. The domestics department, where the pillows and blankets are sold, has very high shelves. You walk down one of those aisles and you are in the valley of the shadow of death, where you fear no security officer will observe you stealing. Frankly those are the highest concealment locations in a Target store. If we were to lower those risers, we couldn't [display] as much product, but you'd certainly be able to increase your loss prevention capabilities. So you always have a trade-off. We're in the business to sell merchandise, so we just have to get more creative in the valley of the shadow of death.
McGowan: Our stores used to be set up by salons. You'd come into a store and you'd go one way into the high-end jewellery, estate jewellery and diamonds, or you'd go into another salon, which would be the silver jewellery, entry-level gold items and tabletop items. If you were in one salon, you couldn't easily see into another. We've really changed that to a more open environment so that you can now look clear across to the other side of the store. That was primarily driven to be more inviting to our customers, but by default it helped us out from a surveillance point of view. Our cameras and security officers stationed on the floor now have a full view of the entire store.
Security success is often measured by the absence of certain activities. What metrics or techniques do you find useful for measuring the loss prevention group's performance?
McGowan: First of all, if nothing happens, that's our greatest achievement, particularly from any of the external threats that we face on a daily basis — robberies, burglaries, switches and thefts, which usually entail large-scale losses. Something we're looking into aggressively this year — because security at Tiffany transcends retail and goes into manufacturing and distribution — is to come up with metrics that will give us a greater sense of goal achievements or comparison achievements versus previous years. We're looking at a number of different approaches: using an annual loss expectancy type of formula, or we're also looking at more well-known processes like the Six Sigma approach to quality assurance and sales.
Ironically, corporate management can create roadblocks to a successful loss prevention program. Is there a reluctance to admit the problem, similar to companies that get hacked but don't want to talk about it?
Rogers: I think in retail [the problem] stems from a historical perspective that loss prevention was really sales prevention. Today, loss prevention practitioners understand the economics of their responsibility far better than any of their predecessors did, and we operate almost completely on a return of investment basis.
McGowan: I agree with that wholeheartedly. I think there has been a big change in our industry with loss prevention practitioners becoming much more business-minded and more partnership-minded with management. We have become very attuned with the needs of the business. The early roadblocks were just those — that whole "sales prevention" mentality. The risks in the jewellery industry can be very dangerous. This industry is under the threat of armed robbery on a daily basis, and Tiffany has not been without its own armed robbery incidents in the past. Those can be damaging from an inventory perspective, but there are also far more wide-reaching human issues in terms of [the safety of] our employees. We really don't want that happening in our locations to our employees. So with that in mind, security and loss prevention here is looked upon in a different light, and there are fewer roadblocks.
How can other companies get through those roadblocks and put loss prevention and security awareness at the right level?
Rogers: I think that security and loss prevention really have to make a concerted effort to work very closely together and with their counterparts in information security.
McGowan: I have been spending a lot more time with our IT group over the past three years. I also decided to enlist the help of a third-party IT security group to spend three days with me one-on-one just to see how much I didn't know, and it was truly an enlightening experience. [Laughs.] The amount of issues, the amount of information protocols that are out there in the IT security world is truly astounding. But the one thing I walked away from that experience with is [the need to] get away from a lot of the industry lingo — be it IT or security or whatever — and you get down those five basics King mentioned earlier.