top of page

11/18/16               Subscribe Free                                        LP, AP & IT Security's #1 News Source                       

2016 GLPS - Group LP Selfies
Your Team - Your Pride - Our Industry
One Team at a Time

North Central & South Central LP Team for T-Mobile

"America's Un-carrier"

Back row: Brian Pollack - Regional Loss Prevention Manager, Larry Smith - Regional Loss Prevention Manager, Michelle Concepcion - Sr, Investigator, David Broom - Senior Manager Field Loss Prevention, Ed Schroeder - Regional Loss Prevention Manager, Reck Staggs - Regional Loss Prevention Manager, Jayne McGrath - Regional Loss Prevention Manager, Michael Rimkus - Vice President, Risk Management/Internal Audit

Front Row: Brian Csorba - Senior Manager Field Loss Prevention, Bill Malson - Regional Loss Prevention Manager, Tracy Abrahamowicz - Regional Loss Prevention Manager, Reco Caston - Regional Loss Prevention Manager, Tamara Locke - Manager Investigations, Tim Fisher - Director Loss Prevention, Kim Sharp - Regional Loss Prevention Manager, Justin Lawlis - Manager Reporting and Analytics, Adam Marvin - Manager Reporting and Analytics

Ben Dugan is an Investigations Manager for the ORC Division at Walgreens, covering the Southern U.S. and Puerto Rico, but his diverse background spans the globe and makes him what he is today: a role model for the industry.

With over 25 years of retail loss prevention experience ranging from Big Box, Catalog, Pharmacy and Specialty retailers, he has successfully investigated and aided in the prosecution of several multi-million dollar ORC cases and one of the first ORC Civil RICO cases.

After serving in the U.S. Army Military Police Corps (attached to the Criminal Investigations Division) for three years, Ben started his retail career at Consumers Distributing, reporting to then Director of LP Gene Smith (now President of the Loss Prevention Foundation). 

Ben said, "Gene has no idea the impact he had on my career - Gene saw potential and even assisted in getting my next position as a Regional Loss Prevention Manager with Ames Dept. Stores." 

In the years since, Ben has taken various roles that give him a diverse background in both retail and law enforcement settings. 

In 1995, he left retail to work as a professional bounty hunter for 5 years, investigating cases around the world. Ben says this work gave him valuable skills, particularly with respect to investigating on a timeline and developing key relationships with law enforcement.

He became the Director of Security for a Global Logistics firm in 2000, where he worked to protect inventory from overseas manufacturers to store delivery. He conducted cargo theft, ORC and safety investigations in 13 logistics facilities nationwide.

All of these roles led to his current position at Walgreens, where he works with Jerry Biggs (Director of ORC Division), Ed Lanzetti (Asset Protection Director), and Dave Colen (Director, Corporate Investigations & Standards). 

According to Ben, Walgreens enjoys a strong working relationship with the CVS Loss Prevention team, including James Lynch (Director of LP Corp. Investigations & Security), Tony Sheppard (National Manager ORC Unit), and Terrence Mullen (Southeast Investigations Director). Ben says that he and Mullen have worked on joint efforts involving many ORC investigations and successfully resolved several multi-million dollar cases.

Though his experience has given him a wide range of skills, it is the area of Organized Retail Crime investigations where Ben is truly a leader in the industry. 

He is certified as an expert in Organized Retail Crime and Diversion and holds additional certifications as a Law Enforcement Instructor and in E-Commerce Investigative Methodologies. He was named Investigator of the Year and sits on the board of the National Coalition of Law Enforcement and Retail. Recently, he was appointed to the Legislative Team of the Florida Organized Retail Crime Alliance

He also recently spoke on ORC/Complex Fraud Investigations at the Florida Law Enforcement Property Recovery Unit Conference in Orlando, which was attended by over 300 law enforcement members. Last summer, he was one of the featured speakers at the First International ORC Summit, and in the past, he has been a guest speaker at Law Enforcement Academies in Louisiana, Arkansas, Alabama, Texas and Florida.

His work in the industry continues today as he hopes to re-energize the conversation around ORC. He believes that success in investigating these cases is working as a team across multiple business channels and external entities. 

"When ORC first started, companies thought that keeping case intelligence 'close hold' gave them a competitive edge," Ben said. "Over time, the industry learned that by sharing information with retail partners and collaborating on cases, they could resolve cases more effectively and reduce investigative costs."

Based on the work Ben has spent a career doing, especially with respect to ORC investigations, it's clear the industry will continue to benefit from his leadership and commitment to fighting these crimes.

NYPD Boosts Security for Thanksgiving Parade After Threat
The New York Police Department plans to beef up security for next week's Macy's Thanksgiving Day Parade after a recent edition of a magazine published by the Islamic State called the event an "excellent target."

The Nov. 11 edition of Rumiyah, the terrorist group's English language propaganda magazine, focused on vehicular attacks and specifically highlighted the iconic parade through Manhattan.

John Miller, the NYPD'S deputy commissioner of intelligence and counterterrorism, says police had already implemented precautionary measures for such an attack.

MMiller says he goes to the parade every year and he advises both New Yorkers and visitors alike to still show up on Nov. 24.

Police Commissioner James O'Neill says the NYPD handles events of a similar magnitude almost daily and the parade will be the safest place in New York City.

Ex-Rite Aid VP, NJ Businessman Get Jail In $13M - 9 yr. Kickback Scheme
A former Rite Aid Corp. vice president and a New Jersey business owner were both sentenced to prison Wednesday by a Pennsylvania federal judge for their roles in an alleged nine-year kickback scheme involving the sale of surplus inventory from the pharmacy.

Former Rite Aid Vice President Timothy P. Foster, 66, received five years in prison. The Portland, Oregon resident pled guilty in February 2015 to an information charging him with false statements to authorities.

Jay Findling, 55, owner of New Jersey-based J. Finn Industries LLC, received four years. He pled guilty to an information charging him with conspiracy to commit wire fraud.

The two admitted to deceiving Rite Aid into believing that its surplus inventory had been sold to J. Finn when it was sold to other buyers for much greater amounts.

Authorities said the two pulled off the scheme by establishing a New Jersey bank account under the name "Rite Aid Salvage Liquidation," which was used to collect payments from the actual end buyers of the inventory. According to prosecutors, after the payments were received, Findling would send lesser amounts dictated by Foster to Rite Aid for the goods, thus inducing Rite Aid to believe the inventory had been purchased by J. Finn.

Prosecutors allege that Findling's company made at least $127.7 million from selling the surplus inventory to the actual buyers but, with Foster's help, only tendered $98.6 million of that amount to Rite Aid. For his role in the scheme, Foster received approximately $5.7 million in kickbacks from Findling, whose company pocketed $29.1 million from the deals over the nine-year period, prosecutors said.

At a loss hearing in 2015, U.S. District Judge John E. Jones - who delivered Wednesday's sentences - gave Findling credit for some of his services, concluding that the net loss to Rite Aid was $11.2 million, according to federal prosecutors. But he also found that Rite Aid lost another $1.7 million as part of a similar kickback scheme with another businessman who was not charged, bringing the loss figure to $12.9 million.

Study: Holiday season has a dark side
'Tis the season for fraud - especially in an age of omnichannel retail. 

Card-not-present (CNP) fraud garners the largest share of criminal activity with 30% increases - a rate that jumps sharply across electronics, entertainment and jewelry market segments. While home and sporting goods categories are impacted the least, they are still on thieves' radars, the study revealed. 

E-commerce attacks are also on the rise during the holidays, especially as cross-border commerce increases. 

Interestingly, these cross-border attacks drop significantly on Cyber Monday. With retailers approving up to 98.59% of cross-border e-commerce orders on Cyber Monday, fraud attack rates dropped over 33% on Cyber Monday compared to the rest of the holiday season, the study said.

Digital gift cards are also a target, however these losses often happen after Dec. 25. Specifically, e-gift card fraud attacks are 10 times more likely during the holiday season compared to other delivery methods. That jumps to almost 25 times more likely the week after Christmas. Even fraudsters take a break on Christmas Day, when attack rates hit an all-time seasonal low. 

"We're heading into our second holiday season with more retailers EMV-ready, which means CNP fraud becomes a lot more attractive to organized and tech savvy criminals."

License plate readers go up at Eastview Mall to help protect the public
Comparing Plates to Federal - State - Local Hot Lists

Victor, N.Y. - Just in time for the holiday rush, Eastview Mall partnered with the Ontario County Sheriff's Department in rolling out new security technology. It aims to keep shoppers safe and criminal away.

Seven license plate camera readers have been installed at the mall's four entrances. Sheriff Philip Povero said this raises the level of security for the approximately one million people who visit Eastview during the holidays. 

"Malls in our country, unfortunately, fall under the category of soft targets," he said. "When it comes to issues of security we've seen too many stories of violence around retail centers."

The readers went up last Wednesday on light posts. They only take snap shots of a car's licenses plate as they enter the mall, not anyone who's in the car.

The pictures the cameras take help deputies identify murders suspects, missing persons or groups involved in a shoplifting and reselling ring. These persons are on a federal, state or local "hot list." Deputies are not checking for expired registrations.

We truly believe that the issue of retail security of incidents that we've seen really motivates us to try and use this as another spoke in our wheel, for example, for enhancing security here," he said.

If a license plate shows up on that "list," it pings deputies in a matter of seconds.

"That way the officers working can know if they are coming back into the mall and keep an eye on them, and hopefully deal with it in a preventative way," said Lt. David Cirencione.

Mall management and deputies say they've have been working on this for several years. 

The Sheriff's office received a total of $75,000 dollars in grant money from the Department of Justice and Homeland Security for the cameras.

Peru seizes $30 million counterfeit dollars in record bust
Police in Peru have seized almost $30 million in counterfeit U.S. dollar bills in the biggest such bust in the country's history. 

Operation Sunset was carried out in conjunction with the U.S. Secret Service and involved the arrest of 47 Peruvians and two Ecuadoreans in three Peruvian cities.

Peru is the world's largest manufacturer and distributor of counterfeit U.S. currency, responsible for almost 60 percent of the nearly $3 billion in false notes circulating worldwide.

Thanksgiving Week Brings Increased Risk Of Cargo Theft
FreightWatch International is warning drivers and carriers to be on extra-high alert over the week of Thanksgiving.

According to the cargo theft reporting group, cargo theft numbers during Thanksgiving week - and especially the during weekend - have been rising since 2010. FreightWatch says that there is a 27 percent increase of cargo thefts during Thanksgiving compared to non-holidays.

During Thanksgiving in 2015, the value of reported cargo thefts reached almost $1.5 million, with electronics, clothing, and shoes being some of the most targeted items.

137.4 Million Consumers Plan to Shop Thanksgiving Weekend
With the election behind them, consumers are eager to see the deals retailers will offer for the biggest shopping weekend of the year, with 59 percent of Americans - an estimated 137.4 million people - planning to or considering shopping during Thanksgiving weekend.
21 percent of weekend shoppers plan to shop on Thanksgiving Day, nearly the same as last year's 22 percent. But Black Friday will remain the busiest day of the holiday weekend with 74 percent planning to shop that day, the same as in 2015. A substantial 47 percent are expected to shop on Saturday; of those shoppers, 24 percent say they will be doing so specifically to support Small Business Saturday, up from 22 percent last year. On Sunday, 24 percent expect to shop.

According to the survey, 77 percent of 18 to 24-year-olds and 76 percent of 25 to 34-year-olds plan to shop over the weekend. As with shoppers overall, Black Friday is the day most Millennial weekend shoppers plan to shop - 86 percent of 18 to 24-year-olds and 78 percent of 25 to 34-year-olds.

LPRC Board of Advisors News
The Board of Advisors champions the longevity of research-based decision making through collaboration, advice and support to the Loss Prevention Research Council's Director's mission.

The BOA will follow new guidelines in the upcoming year. As part of their membership, each Board Member will participate in 1 of 4 committees. The committees, headed by a Vice Chair, are designed to help LPRC run smoothly and ensure a positive experience for our members.

• Operations Committee, Brian Bazer - dressbarn
• Working Groups Committee, Paul Jaeckle - Walmart
• Finance Committee, Dennis Wamsley - Publix
• Membership Committee, Chad McIntosh - Bloomingdale's

Save The Date: LPRC's next IMPACT Conference will take place Oct. 2-4, 2017 

ORC Resource Center to roll-out 'Click to Fight' ORC Legislative Campaign Feb 1st
We'll give you the letter and the email to send it to. All you have to do is copy-paste and send.
Staples to exit UK - Had 105 stores 

Quarterly Same Store Sales Report
Gap Q3 comp's down 3%, net sales down 2% 
   Gap Global comp's down 8%
   Banana Republic comp's down 8%
   Old Navy comp's up 3%

According to last year's survey, retailers lost an estimated $44 billion to shoplifting, employee and vendor theft, and administrative error. How did they do this year? In this webinar, hear the latest findings from the National Retail Security Survey (NRSS). Dr. Richard Hollinger, criminology professor emeritus at the University of Florida and lead author of the NRSS report for the past 24 years, outlines the results and reviews best practices. Listen in to see how your organization matches up against the industry benchmarks.

Watch the webinar on-demand here.

All the News - One Place - One Source - One Time 
The D&D Daily respects your time & doesn't filter retail's reality

Revolutionizing Food Safety
Wal-Mart Tackles Food Safety With Test of Blockchain Technology

If you shop at Wal-Mart, you might be buying packaged produce unlike any ever sold in a U.S. store.

The sliced apples or cut broccoli -- the merchant won't say what's involved exactly -- are being used to test blockchain, a new database technology. If successful, the trial could change how Wal-Mart Stores Inc., which serves some 260 million customers a week, monitors food and takes action when something goes wrong. That could spur big leaps in food safety, cut costs and save lives.

Like most merchants, the world's largest retailer struggles to identify and remove food that's been recalled. When a customer becomes ill, it can take days to identify the product, shipment and vendor. With the blockchain, Wal-Mart will be able to obtain crucial data from a single receipt, including suppliers, details on how and where food was grown and who inspected it. The database extends information from the pallet to the individual package.

"It gives them an ability to have an accounting from origin to completion," said Marshal Cohen, an analyst at researcher NPD Group Inc. "If there's an issue with an outbreak of E. coli, this gives them an ability to immediately find where it came from. That's the difference between days and minutes."

The blockchain is a distributed ledger where companies doing business with each other -- such as growers, distributors and retailers -- can record transactions securely. The database's strength lies in its trustworthiness: the difficulty of reversing or changing what's been recorded. The blockchain database can also hold much more data than what retailers get today, providing tools for more detailed analysis.

Report: Surveillance cameras most dangerous IoT devices in enterprise
Networked security cameras are the most likely to have vulnerabilities

Networked security cameras are the most likely to have vulnerabilities when it comes to securing Internet of Things devices in the enterprise, according to a new report by Zscaler.

I would consider the entire video camera category as particularly dangerous," said Deepen Desai, director of security research at Zscaler.

Take, for example, the Flir FX wireless HD monitoring camera.

Researchers found that the camera communicated with the parent company in plain text and without authentication tokens.

"The firmware that was being updated was not being digitally signed," said Desai. That means that attackers have the opportunity to introduce their own, malicious firmware instead, he said.

Another camera, the Foscam IP surveillance camera, connects to a web server to stream video to users' desktops or smartphones. That can be a useful feature, but the user credentials, including the password, are transmitted in plain text, over HTTP, right in the URL.

The Axis camera has a remote management console, but it uses basic HTTP authentication, allowing sniffing and man-in-the-middle attacks.

Zscaler also found that consumer devices frequently appeared inside enterprises, such as the Chromecast and Roku media players and smart TVs.

Zscaler didn't find any security issues with either the Chromecast or the Roku, but the smart TVs used outdated libraries which could be used to get control of the system.

Late last month, a botnet that infected networked devices, cut off access to large areas of the Web. But this isn't actually the biggest threat that vulnerable IoT devices pose for enterprises, Desai said.

"Based on the analysis that we did, none of the devices that were in our customers' enterprise networks were affected," Desai said. "My take on that is that enterprises had their IoT devices properly segmented in the network. The way that the Mirai botnet was propagating, it was preying on weak and default connections."

Axis responds to CSO Article Above:

Your story about the Zscaler analysis of popular IoT devices, headlined, "Security analysis of popular IoT devices" (11/15), has some incorrect information about Axis cameras. Your story reported the following: ThreatLabz reported that the remote management console of Axis IP cameras used only

HTTP-based authentication, making communication sniffing and man-in-the-middle (MiTM) attacks a possibility. This is not true. Axis cameras by default use HTTP/HTTP digest authentication. While HTTP digest authentication provides a minimal amount of additional protection, it does prevent the username and password from traversing the network as plain text. Axis devices also prompt the user to change the password the first time the device is logged into. At this time, the option is also given to enable HTTPS. Even after the initial setup, users always have the option to setup HTTPS. Also, as a general comment, there is no need to sniff traffic on a network to get the password if default passwords are being used. Sniffing a switched network requires direct access to the switching infrastructure, admin access to the switches involved and the knowledge to, at a minimum, mirror the port the camera is connected to or the port the video management server/admin is connected to. If a bad actor has this level of access, then the organization most likely has larger security problems then the failure to set up HTTPS on the Axis camera. Finally, HTTPS by itself offers no additional protection if default passwords are being used. Cybersecurity is of the highest priority at Axis Communications and we work diligently to stay ahead of the latest threats. 

- Ryan Zatolokin, Senior Systems and Solutions Architect at Axis Communications

US Government Releases New IoT Security Guidance
The US Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) both this week released new guidance documents designed to improve IoT security.

The moves were made partly in response to recent major DDoS attacks leveraging botnets of compromised smart devices, which in one case took out some of the biggest names on the internet.

The DHS release is aimed at manufacturers, services providers, developers and business-level consumers while NIST's much more detailed document targets manufacturers/developers with guidance on how to engineer safer products.

The DHS offers six "strategic principles" including building security into products at the design phase; promoting transparency; building on recognized security practice; and being mindful of whether continuous connectivity is needed or not.

UK Retailers Facing One Million Fraud Attempts Per Day
The UK's retailers have been warned to brace themselves for a barrage of fraud attempts this busy festive shopping season, with estimates claiming they'll be hit by one million attacks each day. Fraud prevention firm ThreatMetrix made the call based on data collected by its Digital Identity Network - which checks over 20 billion annual transactions supporting 30,000 websites and 4000 customers globally.

Some 50 million global online fraud attacks are expected over the Black Friday and Cyber Monday shopping week. This is the case because basket values are traditionally higher this time of year, meaning fraudsters will try to sneak through higher value transactions in the hope of not being spotted.

As Omni retailing continues to evolve, so does the role of the single-unit Loss Prevention Manager. With the internet and technology driving massive change in today's connected store, the LPM is more connected now than ever before and plays a vital role in community relations. Kevin Colman, Group VP of Asset Protection, Macy's, tells us what the profile of an LPM may look like in the future, as the job evolves from adrenaline-based shoplifter takedowns to a larger emphasis on investigations and protecting the company brand.

Episode Sponsored By:

LPNN Quick Take #24

Joe and Amber meet up with Tarik Sheppard, NYPD Lt. Deputy Commissioner of Public Information. Learn about the early success of New York's ORC Association and its recent expansion into a more regional crime-fighting partnership.

Solution Providers: Have a video or commercial you want to publish? Contact us

Report: Election anxiety cost retailers $800M in online sales 
Consumer anxiety over the U.S. presidential election has cost retailers more than $800 million in revenue from online sales this year, according to research conducted between Nov. 1 and 14 by Adobe Digital Insights.

The sharpest drop occurred after the election, with total sales growth slowing to just 1.3% compared to the predicted growth of 7.8%. 

Adobe said the change in spending habits marks the slowest growth rate for U.S. online sales it has identified since it started tracking retail spending.

ComScore predicts online spending to rise 19% to $81B
Aside from a dip the day after the election, there are no signs that shoppers' appetite for spending has been seriously weakened, said comScore analyst Andrew Lipsman.

Another firm, Adobe Digital Insights, predicts that online sales will increase 11 percent to $91.6 billion this holiday season.

About 17 percent of holiday spending is done online. Overall, the National Retail Federation, based in Washington, D.C., is forecasting holiday sales for the November and December period to rise 3.6 percent to $655.8 billion, better than the 3 percent growth seen in the year-ago period.
Target now ships online orders from more than 1,000 stores
In Q3, online sales increased 21% year over year and accounted for 3.5% of total sales. Fulfillment from stores and in-store pickup play a growing role in Target's strategy, executives say.

The number of stores from which the retailer ships orders has more than doubled in the past year to more than 1,000, or at least 55%, of its 1,802 stores compared with 460 during the 2015 holiday shopping

Groupon caught selling fake goods, BBC probe reveals 
According to BBC Watchdog, Groupon's checks and scrutiny of businesses wanting to sell on the discount marketplace were inadequate. The programme showed the ease of listing a fake business on the website where the only information required in order to sell goods and services was a website, an address and a Facebook page.

In a statement to BBC Watchdog in response to the counterfeit claims, Groupon said: "As with any major online retailer, we take counterfeiting seriously and work hard to make sure that no-one ends up being disappointed with their purchase. We work closely with suppliers to perform checks to ensure counterfeit items do not enter the supply chain."

"On the extremely rare occasion where we are made aware that a product we've sold may be counterfeit, we immediately conduct an investigation and if necessary, recall the product and provide a full refund."

Groupon said it was also investigating other claims of counterfeits. "Any customer who is concerned about a deal they have bought should contact us so we can resolve their query."

U.S. Merchants Striking Back Against Card-Not-Present Fraud 
in Online Transactions

Mercator Advisory Group's most recent research report, "Card-Not-Present Fraud: The Merchant Empire Strikes Back", examines the current state of CNP fraud in the U.S. market and frames the market landscape for both online merchants and the fraud solution vendors that serve them.

E-commerce merchants in the United States now find themselves in a perfect storm of rapid online sales growth and the continuing EMV chip card transition. The convergence of these two trends has left merchants vulnerable to card-not-present (CNP) fraud. Cyberthieves are proving quite adept at using both technology and stolen payment card data to attain their ill-gotten gains.

Despite anticipating that fraudsters would transition to online attacks once counterfeit card fraud at the point of sale was reduced through the EMV chip, U.S. payment card networks and issuers, payment providers, merchants, and cardholders are now asking: What can we do about the increase in CNP fraud? In response, an industry of technology developers providing solutions to combat CNP fraud has emerged to give online merchants the means to strike back. This Mercator Advisory Group research report delves into the current state of CNP fraud and where e-commerce merchants should go from here.

U.S. e-commerce sales grow 15.6% in Q3

Groceries and help Wal-Mart grow e-commerce 20.6% in Q3

Digital is mitigating in-store losses at Target 

bottom of page