According to the 2020 National Retail Security Survey, shrink remains a significant problem for the retail industry. The report, released in mid-July and sponsored by Apriss Retail, showed industry losses from theft, fraud and related activities at $61.7 billion last year, an increase of almost 22 percent over 2018’s total of $50.6 billion.
In a recent webinar, Katie Jordan, NRF’s research manager for consumer and industry insights, discussed the study and its findings with Earl Watson, vice president of physical security with Lyft, and Shaun Gilfoy, director of regional security for the Americas with Levi Strauss & Co. Jordan began by noting that ecommerce fraud, ORC and cybercrime seemed to be increasing areas of concern in the industry. “We’ve seen them getting smarter,” Watson said. “It’s like they have a research and development team of thieves that figure out what we’re doing.”
Check out the 2020 NRSS here.
The hidden asset
Much of the conversation that followed was overshadowed by two current realities. One is the ongoing coronavirus crisis, which has caused an enormous upsurge in ecommerce. The other is that, with the boom in ecommerce — and the need to provide a hassle-free, personalized customer experience — retailers have become the custodians of a vast trove of customer data, including credit card numbers, security codes and addresses.
That data is an asset, and just like baby food or perfume or cell phones, it can be sold on the black market. “The thieves are still trying to make a living,” Gilfoy said. “If they weren’t already on the computer, they’re going to the computer. And they’re finding more lucrative ways of generating revenue illegally than some of the traditional methods.”
Two worlds meet
The traditional role of LP in retail is guarding physical assets and making sure actual, visible people — employees, shoplifters, ORC gangs — don’t steal them. That role is still essential, but along with it, LP professionals are by necessity becoming more and more involved with cybercrime of various kinds. “How do we prepare our teams to respond to this new and emerging risk,” Watson said. “How do I make sure my executives know we’re supporting this area?”
The answer, both panelists agreed, is internal cooperation: LP, IT and business leadership need to communicate clearly and learn from each other. “The security executive of the future will really have to understand the business they’re in,” Watson said, “how that business works, what their profitability is like, what their key levers are to drive performance, because we operate in the world, not a vacuum.”
Finally, don’t be afraid to ask your colleagues. “The loss prevention and security world is a tight community,” Gilfoy said, “and there are a lot of people out there — including Earl and me — who are absolutely willing to help.”
For more loss prevention insights, don’t miss NRF PROTECT ALL ACCESS, a free online event for loss prevention, asset protection and cyber risk professionals, September 22-25. Register here.