If you work in a camera store or a distribution warehouse, you might be wondering when your store will be the next victim of the rash of burglaries sweeping North America like a plague. Whether driving through a door (California), breaking display windows (Virginia), breaking second story windows (British Columbia), cutting holes through the ceiling (Ohio) or through adjacent stores (Alberta), the bad guys are organized, focused and likely coming your way.
Representing DIR at CNP (Card Not Present Expo), the trade show for those in website security, I was able to have private conversations with numerous experts.
Skip Myers, director of Loss Prevention/Risk Strategy for Micro Center, comes to the problem of theft from his background as an Atlanta-area police detective. He talked about ORC—organized retail crime. These sophisticated criminal networks exchange information on who’s easy to steal from.
Myers recommends the Four Ds.
1. Detect criminal activity with security cameras, lights as well as alarms, etc.
2. Deter it by keeping expensive items locked up, preferably out of sight. The crooks’ customers know what they want.
3. Delay the theft by putting the most valuable merchandise farthest from the door, tether expensive lenses and also lock high-value items into a safe at night.
4. Deny the attempt by keeping your staff on the alert to what customers are doing, have security at the door so a receipt has to be shown to leave, lock your storerooms, etc.
As a former detective, Myers asks, “If you were a criminal, how would you view your store?” Look at ways you can change traffic flow, display height as well as camera coverage to make your store less receptive to thieves while you’re open. Moreover, perform a 360-external security check, including a 360 view above (drones?) and below (neighboring basements?).
Brett “Gollumfun” Johnson has a shady past, including being an expert hacker/informant for the Secret Service. With the government’s computers at his fingertips, fraud became his other “job.” After being on the 10 Most Wanted list, he served jail time, did probation and turned his life around. He’s very open about his wrongdoing and also his desire to help business people avoid folks like his former self. The PRO buying group has invited him to their September convention to counsel and advise PRO retailers on how to stop losses from theft.
For example, there are dangers in believing the EMV chip on our credit cards is “hackproof.” Hackers very quickly figured out options to defeat it. Here’s how one works. If you insert the card into the credit card reader but don’t seat the chip exactly under the chip reader, you’re usually asked to swipe instead. That gives the clerk comfort to use the old way of feeding information into the terminal—a magnetic strip that the bad guys have altered. As a result, the “customer” with a doctored card can easily scam thousands of dollars of merchandise.
Of course, not everyone who inserts a card incorrectly is a crook. But you can ensure your eventual payment by matching the customer’s name to: a picture ID, the name on the card, the name on the printed receipt as well as the name showing on your terminal.
All four should match. If your system is EMV-compliant and you’ve taken these extra steps, you’ll likely be able to defend against charge-backs. If not, you’re probably liable for the loss. Can’t happen to you? Ask Target, Toys “R” Us, Home Depot, Chipotle and a host of other stores/associations more sophisticated than any individual retailer.
I also enjoyed my conversation with Stirling McBride, director of Fraud Investigation for Microsoft. McBride is not an official spokesperson for Microsoft. He’s a great human being who has extensive experience in attempting to protect against cybercrime. He shared commonsense observations that can help you understand some of the online risks.
Commonsense Ways to Keep the Bad Guys at Bay
• If you have an e-commerce presence, it’s not if you’ll get defrauded, it’s how bad will it be.
• “As a merchant, you must respect the Payment Card Industry Data Security Standard (PCI DSS). Outsource your credit card processing as well as data storage to professionals with advanced security apparatus. Consider secure cloud storage.”
• “Use trade groups and events to discuss common security risks with your peers. The bad guys share information among themselves: which companies are easy targets and how to overcome the latest security updates. Merchants also need to have similar communication channels.”
• “As we see with each new computer virus attack, many small businesses don’t do routine updates; that leaves them vulnerable,” he said. “Business owners know the right thing to do, but they claim they don’t have the time. When the crises hit, they find the time to spend hours/days rebuilding their systems. They suffer massive overtime costs for system restoration, loss of sales and immense frustrations.” A decade ago you wouldn’t go home and leave the store’s door wide open. By not updating all your software you’re leaving your company wide open to every neophyte hacker.
• “Storing customer data attracts hackers. Most consumers use similar passwords on multiple sites, which increases their value to identity thieves. If you require user passwords, hackers will find that fertile ground. Consider why your customers need passwords for your site. Don’t store data that could attract fraudsters.”
Summing up, keep your loss prevention strategies updated at work and home. Understand that criminals are working hard to separate you from your assets. It’s up to you to do something about it—today!
Editor’s Note: Bill would love to hear from you with questions, comments or ideas for future columns. Contact him at firstname.lastname@example.org or 609-688-1169.