Jun 14, 2019

Retail theft and cybersecurity concerns rise

Theft, fraud and losses from other retail “shrink” totaled $50.6 billion in 2018, up from $46.8 billion the year before as industry security executives said there is a growing overlap between loss prevention and cybersecurity efforts, according to the annual National Retail Security Survey released by the National Retail Federation (NRF) and the University of Florida.

“We are seeing dramatic changes in the risks faced by retailers, and loss prevention practices and priorities are evolving to meet those challenges,” said Bob Moraca, vice president for NRF loss prevention. “As criminals find new ways to steal, loss prevention teams are finding new ways to stop them. Increasingly, this is a battle focused on technology.”

According to the report, shrink averaged 1.38 percent of sales during 2018, up slightly from 1.33 percent in 2017, but has held steady around 1.4 percent over the past few years. With the percentage largely unchanged, the increase in the dollar amount is due primarily to growth in retail sales.

The largest losses per incident came from robberies, followed by employee theft , and shoplifting/organized retail crime (ORC). Robberies are comparatively rare, however, while shoplifting/ORC and employee theft together typically account for about two-thirds of shrink each year, with most of the remainder coming from vendor or paperwork errors.

While 43 percent of those surveyed said the largest increase in fraud is occurring in stores, 30 percent said it is happening online and 22 percent said it is coming in multichannel sales, such as those where the purchase is made online but the merchandise is picked up in store.

Of challenges that have grown in priority for loss prevention (LP) teams over the past five years, cyber-related incidents are the top issue, according to 68 percent of those surveyed, while 65 percent also pointed to e-commerce crimes and another 51 percent cited return fraud, including incidents involving purchases made online but picked up in stores. ORC was cited by 65 percent, and internal theft by 60 percent.

A total of 89 percent said there is increasing overlap between retail loss prevention teams and cybersecurity teams, but only 30 percent of LP executives said they were regularly involved in cybersecurity issues. Most of the time, LP is brought in after the fact on cyber issues, with 60 percent saying they are called in for incident response with only 26 percent involved in threat analysis.

LP executives are preparing for increased involvement in cyber issues, with 62 percent seeking analytical skills in new hires and 40 percent seeking cybersecurity skills.

“These are changing times in retail and that means changes in loss prevention,” said Richard Hollinger, University of Florida criminology professorr. “As always, the challenge is for the honest to stay ahead of the dishonest.”

The survey of 63 loss prevention and asset protection executives from a variety of retail sectors was conducted February 27 through March 29.