LPRC - CrimeScience – The Weekly Review – Episode 120 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: September 16, 2022LPRC Team is on the road – Listen to see where! In this week’s episode, our co-hosts discuss the breach of Tik Toks information, take a look at Q1 Violence Report for 2022, explore the cyber secur...ity layoffs, discuss the projections for retail sales for this holiday season which are expected to be positive, take a look at the recent trends and data found at GSX, and they compare Walmart’s cybersecurity to the DOD and DHS! Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 120 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science. In this podcast, we explore the science of
crime and the practical application of this science for loss prevention and asset protection
practitioners as well as other professionals.
Welcome, everybody, to another episode of Crime Science Podcast. This is the latest
in our weekly update series. I'm joined, as usual, from all points around the globe by Tony D'Onofrio, Tom Meehan, our producer, Diego Rodriguez.
And my voice is a little hoarse.
I'll be honest with you, I haven't been sick that I know of in probably four or five years and just got a little cold.
And couldn't have been better timing as I spent some quality time at GSSX after, say, four days where I felt, OK, I'm not infectious.
And then traveling around now, I'm in Coral Gables, Miami area for a Florida tech conference I mentioned before. has always been for probably decades that retail loss prevention, asset protection,
back in the day security, never heavily, heavily represented as is or ASIS. Just, you know,
it was more of a physical security bent for manufacturing and military and everything in
between, but also retail.
So the retail group, I've had the opportunity to engage with or be part of that group for years.
And so there were some retailers at the conference.
We had a session, a panel hosted by this group.
And we had our moderator, Hedgie Bartol,
now of Aura, formerly of Axis, of course,
and we had Tony, Tony D'Onofrio on, and we had Peter Chee, the vice president of asset protection for Bloomingdale's,
a real luminary, very thoughtful, very capable and experienced practitioner,
and we just sort of went through what's probably some of
the big dynamics that we're all dealing with and how they changed, maybe some of the reasons for
that change and how the dealing with these issues continues to change. And because of the, you know,
potential erosion of consequences or downside risk for the bad guy, for the offender, for those out to victimize others,
has continued to decline with fewer law enforcement officers available and prioritized to deal with retail crime
because of the lower numbers and the increases across the board crime.
In some areas, these reluctant prosecutors, but also that some prosecutors, reluctant or not,
are understaffed as well due to shortages of people. And and then the idea, too, that you can
get on the Internet, social media, whatever your favorite platform is, if you're an offender and
record your session, put it out there, show off, make a point, fit in whatever this particular
motive is for that instead of the
opposite where you do not want to be recognized. You don't want to be acknowledged that you're out
there harming other people. And so we see these dynamics have flipped. And we talked a little bit
about that, possible ways to affect those dynamics. The big theme here, and we've talked
about on this podcast quite a bit, is individual
protection, individual, an individual place, though, primarily since we deal with mostly
places-based crime prevention, but also the collective or collaborative or partnering
protection that's been a hallmark over probably millennia for humans, And that in this case, Peter Chee of Lomiza,
as well as Ken of Dollar General, Ken Bashir, the VP there,
are big champions of the collaborative
and partnership type of prevention and protection,
lower budgets, less support, of course,
as we talked about from our law enforcement partners
for what all they're going through.
How do we work together? How do we
get better at understanding risk? And you see our team working away to help come up with better
ways, quicker ways to map dynamics, understand who's getting hit compared to who's not and why
and when and how and where and so on. In addition to say cap data and risk scores and things like that. And then sharing Intel. Orcas have been amazing. And I've been involved in retail sharing since I got in as a retail LP leader back in the early 90s and with Ross Stores, where we would host monthly gathering in 1990 and actually in 89, I can remember our director at Ross Stores, Dave Whitney,
encouraging us, each district LP manager, and giving us a budget to buy bagels and donuts, coffee, tea,
whatever is accordingly and invite our law enforcement partners.
So it's been going on a long time, but how do we better formalize and focus, use the data even better and better?
How do we invest in parking lots together with maybe some of these platforms and other tools that provide more deterrence, but maybe more comfort to our green actor and so on?
So that was discussed.
Tony went over a lot of the broad trends.
That's what he's particularly good at, looking at aggregate data pulling together uh information from various studies around the us and the world
uh at that level my role of course talk more about individual perceptions and decisions by offenders
so we had a lot of good q a peter was able to describe some what he's been going through
Peter was able to describe some of what he's been going through.
Peter also was able to share a compilation of videos examining some of the mass robs, the riots, the individual aggression going on at self-checkout, curbside transactions.
Nonsensical, you know, hardcore look at different types of biometric recognition, facial features,
and others.
If we've got a high-impact, high-rate offender that's going from place to place, how do we
recognize that threat is on the way or is present before that threat becomes action, goes kinetic, if you
will. So great dialogue, a lot of Q&A. Then now I've proceeded down to Miami. I'll be talking
tomorrow morning at the tech conference, talking again about how we leverage innovation and innovate
to solve current problems, those problems that are continuing to emerge and change, as well as
looking ahead in place in time. So I'm excited about it. We won't talk a whole lot about COVID.
I know it's out there. It's still a problem, especially for some, and we wish you the best.
But let me do this. Let me go ahead and turn this over to Tony. And Tony, if you could take it away.
ahead and turn this over to Tony. And Tony, if you could take it away. Tony Hintze Thank you, Reed, and for all these updates,
and also really enjoyed sharing the stage with you at GSX 2022 in Atlanta, and really great job in
terms of showcasing all the great work that is taking place at the Loss Prevention Research
Council. Let me start this week with a summary
of the latest shrink data that I shared
in the just completed first webinar this year,
and falls under the umbrella
of the disruptive future of retail.
I'm doing this in cooperation
with the Loss Prevention Foundation.
From the 2021 RELA study on shrink,
some of the key data, nearly $69 billion of product
were stolen pre-pandemic in 2019.
USA Retail Crime results in nearly 126 billion
in lost economic activity and over 650,000 fewer jobs, paying over $39 billion
in wages and benefits to workers.
Retail thefts cost the federal and state governments nearly $15 billion in personal and business
tax revenue, not including the lost sales taxes. Nearly 67% of SS protection managers
report a moderate to considerable ORC increase,
organized retail crime increase,
with 80% believing it will get even worse.
Growth in online marketplaces is highly correlated at 61%
to the number of shoplifting events reported each year
and the categories subject to shoplifting activities
are the ones most sought after through online marketplace.
We talked a lot about this during our GSX event.
This, every one of us pays for crime, is this what says.
Also from the NRF to 2021 security Survey, the top five stolen specific items by organized retail crime gangs are designer clothes, number one, number two, laundry detergent, number three, razors, number four, designer handbags, and number five, deodorant.
and number five deodorant and then as I also highlighted a GSX according to the National Association of shoplifting prevention the majority of retail theft
is caused by adults with 75% aged 18 plus nearly 55 one of every shop online only one
out of 100 shop litters are caught nearly 48 percent of shoplifters are
repeat offenders and then this is one of my favorite stats us as about 27 million
known shoplifters but only 3% of professionals 72% of kids and 73% of
this all set a decision to steer was made while in the store in other words
it was not premeditated and then finally the other two great stats for every 330
dollars products were stolen a retailer to sell on incremental 300,000 worth of stolen, a retailer to sell an incremental 300,000 worth of products and for
every one dollar recover nearly 12 dollars is lost to retail theft meaning that roughly eight percent
of total theft ever results in a recovery. Those are very very disturbing statistics as we discussed
at GSX and all of us need to work to actually improve going forward as a society, including
with a lot of the great work that's going on at the LPRC. Let me now pivot to some new data just
published by DND, which is their latest information on retail violence, and this is for the first quarter of 2022. Since D&D started tracking the data in 2016,
retail fatalities have been up every single year. In total, retail fatalities are up 63%
since 2016. Comparing quarter to quarter for the previous year for Q1 2022 to Q1 2021,
for Q1 2022 to Q1 2021, retail fatalities are up 9% and violent incidents are up 16%.
In Q1 2022, USA Retail had an amazing 163 fatalities. 13 of the 54% were customers, which was up 13%, 28% were store associates,
which was up a dramatic 32%, and 5% were law enforcement, law prevention, or security personnel,
which was up again a dramatic 100%. For Q1 2022, 49% of the fatalities were in parking lots, 48% were inside the store
or mall, and 3% were off-promises. Of the 45 store associates killed in Q1 2022, 87% died
during the commission of the crime, 7% from workplace violence, and 4% were accidental,
and 2% were from domestic violence.
80% of Stora's social fatalities were male, and 20% were females, which that's an interesting
stat.
89% of Stora's surgeons were killed by gun, 5% from stabbing, 5% from car crashes, and 1% from fire.
Restaurants led as a top segment fatalities in Q1 2021 with 29% of the total. Specialty store
followed with 8%, gas station with a third at 7%, and liquor and marijuana were also at 7%.
The top three days of the week for retail fatalities were Sunday, Friday, and Monday.
The top three U.S. states with the highest retail fatalities were Texas, California, and Pennsylvania.
And the top three U.S. cities for retail fatalities were Philadelphia, Houston,
and Memphis. So disturbing statistics, especially since this trend keeps going up,
and we all, as I said at the beginning of this session, need to work together to get better.
Finally, some good news in terms of what's coming up in terms of the holiday season one of the first really good forecasts this is from mastercard
spending pulse they're projecting that this holiday season u.s retail sales excluding
automotives are expected to increase 7.1 percent year over year according to the mascot to to the
their study mastercard spending poll measures in-store and online retail sales across all forms
of payment. However, it is not adjusted for inflation. And as we saw this week, inflation
is still hot in the market. Last year, the 2021 holiday season was resurgent for retailers,
which was up 8.5% as a pandemic, based on the pandemic,
pent-up demand, excess savings, and supply chain nation,
send shoppers to basically stock up for gifts.
This year, the holidays are expected to shape up as another positive retail season.
The key trends to watch this season are number one the holiday season will start earlier
that will start in October as consumer worry are both about prices and supplies. They are going to
be looking for deals number two so there will be a lot because of inflation the retailers have the
best deals are going to be to do the best this holiday season.
Stores are back and they're back strong for the holiday season.
So that's going to be a trend.
And then fashion will also have, apparel will also have a strong season in terms of buying clothes.
So those are good trends that portray for the holiday season.
So good news at least for the holiday season. So good news, at least for the holiday season, bad news in terms of what's happening to violence this week, and also some of the
retail theft. So great job again at GSX. And with that, let me turn it over to Tom.
Well, thank you, Reed. And thank you, Tony. And today we'll talk about some just general
tech information and then some cybersecurity and risk as we always do.
Starting off with iOS or the Apple operating system for the mobile phone device for the iPhone.
There is a new security patch that's out there.
It feels like we're saying this every podcast and we probably are, but I can't stress enough how important it is to update your phone.
15.7 is available now that patches a pretty significant
vulnerability one of the things that I say often a wall it is repetitive I
think it's one of the most important messages is to patch early and often so
if you're using an iOS to us go ahead and update that right now and hang up
it's definitely worth it additionally Additionally, iOS 16 came out, which is a brand new operating system for the iPhone.
And a couple of key features in iOS 16 that I think people will appreciate a lot around text messaging.
So there is the ability to, when you send a message, to recall or unsend that message within two minutes of sending the message.
or unsend that message within two minutes of sending the message.
So that is a new feature on the iPhone,
as well as the edit within 15 minutes of sending the message.
You can edit the message.
So while these sound seemingly simplistic, they're actually pretty great upgrades to the iOS platform.
It's important to note that both users have to be on iMessage,
which is proprietary to the iPhone, in order to see this.
And then there are a host of other features.
Probably the two other features that bring most attention is the ability to drag a subject out of an image,
removing the background directly into a text message, as well as the battery percentage indication going back.
So now you can actually see how much battery is that in percent is left. So
iOS 16 is patched the same as 15.7. So if you're under, if you have a version lower than 15.7,
go ahead and patch it. And I know that it's always the comment of it'll drain my battery,
it might have bugs, but the vulnerabilities are real. And today the vulnerabilities are being taken advantage of very, very differently than they have in the past.
Cybersecurity space and cryptocurrency.
So the U.S. government seized 30 million worth of cryptocurrency stolen by Korean hackers.
stolen by Korean hackers.
This is really interesting because this keeps going back to
the ability when the government wants to
be able to seize
crypto.
It isn't always that easy.
This is linked to the Korean
Lazarus Group. The Caesar represents about
10% of the total funds stolen from
Axia Infinity.
So it isn't everything here,
but it really does show that the development
in the way the Department of Justice
and other law enforcement agencies are working together
to combat some of these cyber instances
that have been occurring globally
and really sending the message
to these cyber criminal organizations that you're not immune to the U.S. government
because you are in a country that's non-extradite or non-cooperative with our government.
The United States government will come after you.
They will exercise whatever they can to either apprehend folks or go ahead and recover assets.
I continue to see these stories and it's a very big win for us because this has been a space that's largely untapped.
When you have a ransomware or a cryptocurrency event that occurs,
it's kind of the old anthem of what we would say credit card fraud was
many years ago a victimless crime very hard for law enforcement to enforce very
hard to figure out who was really involved so this is really a big step
for us moving forward in this in the cyber incident space and this is not the
first one that we've seen. Another interesting report
that I read over the weekend related specifically to Walmart was one expert stated that Walmart has
better cyber security plans than Department of Homeland Security and Department of Defense and
that's actually a pretty common theme that I see, although I think that's a
very bold statement. And I wouldn't say it's inaccurate that some private companies or
publicly held companies have substantial resources, both from human capital and financial
capital. And at times they do have better plans and more robust programs than governmental
agencies why I you know thought I would highlight this is because when we're
talking about retail that isn't always the case so I think cybersecurity
consultant group wrote this wrote this report and talked about it and their CEO
went ahead and just basically based it on what the NIST 800-171 requirements are
and where a couple other requirements where Walmart fit in versus that.
So the report is somewhat ambiguous.
It's not very long, but it is just a kind of indication of what retailers are methods and stakes that retailers are going to to protect their infrastructure.
So I think this is a very positive message.
It shows that retailers are moving with the times and really doing everything they can to protect both their customers and their infrastructure.
And then
one other risk story before I kind of switch into LPRC and FusionNet is
the company Patreon.
So Patreon is a company where you may hear after podcasts where they're
not a crowdfunding, but they are kind of a crowdsourcing for folks
where they're not a crowdfunding, but they are kind of a crowdsourcing for folks that have unsupported platforms to generate a means of being paid. So Patreon is commonly used at the end of a podcast or another place where someone needs a way to collect money.
And this is a very interesting story.
I made PC Magazine.
It was all over there in the internet kind of space news
and this is patreon lays off entire security team well patron claims that
they didn't lay off their entire security team but there are multiple
reports that they did and this is a payment service they had some layoffs
and a larger percentage of security folks were laid off and including
additionally to some business development folks, it looks like this report,
but this leads to as companies downsize, where do they downsize?
And in some cases, and I'm speaking very generally here,
when you're making a decision to lay off,
sometimes security teams are put into this and the cybersecurity space and the
physical security space,
because there are programs in place that inherently can be automated.
So that story, there's not a lot to it, but wanted to just kind of throw out there some
of the talk about we're starting to see these layoffs in the cybersecurity and IT space.
And then I just want to touch on one story that we talked about last week, which was
the TikTok breach or the potential TikTok breach.
So TikTok formally came out and announced that there was not a breach
that that data was data that would have been that's I don't want to say this
wrong but publicly available anyway so this was data that they felt was not
involved in a breach they did it was pretty much major news in the internet
sector day after we talked about it here.
So I saw it on some back channels
and it kind of caught, ran legs.
But as of right now, they're denying the breach.
I did see info.
I still question some of the info that I saw what it is,
but at this point I'm gonna take them at their word
because companies like this generally do disclose.
So that data and one one statement by
a security expert said it was garbage data just junk data that yes did belong to tick tock but
had no value and was available through back channels on the open web so one to close that
loop out and then last but certainly not the least impact is coming up for those of you listening
though we'll be there i'll be there i'll be happy to see you. Looking forward to seeing everybody. And then as. The fusion net is a method or a way to share
active intelligence data in real time to help validate what's going on in certain
geographics for emergency events. And with that, I will turn it back over to Reid.
Tony, thanks so much for that. Tom, for your information and Diego for producing.
I'm hoping that I'll see each and every one of you
out there, your colleagues, your friends at 2022 version of the LPRC Impact Conference. We're
excited. We've got right now about 370 top executives registered. That means we'll probably
end up, who knows, right? 20 or 30 of those will not be able to make it because of unforeseen
circumstances. We'll probably get another 20 and 30 that register between now and the conference,
the October 3rd through the 5th. And then we'll maybe even see another 20 or 30 show up that just
didn't know they had to or how to register. This is what's happened over the last 16 years of impact
and I'm sure at most conferences. But we are excited for the content, the retailers that are participating, the solution partners, the technologies.
The labs look amazing.
What we call the activation labs just full right now, boxes of all this technology.
We've got people bolting in technologies all the way up till the is really supposed to be the 19th.
But I think it's going to the 22nd, 23rd of September as a cutoff to get the new technologies in and integrated and up and running.
But we look forward to seeing each and every one of you there.
The social events on that Monday, the 3rd, that evening.
Amazing AT&T dinner actually on the the Sunday the 2nd for the leaders.
And then going through all the meetings with our board of advisors, our LPRC Innovate Advisory Panel.
We're going to have that strategy at session with, you know, leading faculty member here at the University of Florida, Jamie Craft.
That reception that Monday evening should be really cool inside and out at the UF Innovate Hub and at the Innovation Square area up in our labs.
We've got all six labs, as I mentioned, ready to go or will be ready to go at that point.
And then all day Wednesday, some fantastic anti-theft, anti-fraud, anti-violence content throughout the day with cool breaks in the Experience Center.
We've got unprecedented amount of involvement by our solution partners as far as their tables and booths and things that they'll be doing and tying that into what LPRC is working on in the five zones of influence.
We've got that again, that that Tuesday evening over at the Swamp, the stadium.
We've got that again, that that Tuesday evening over at the Swamp, the stadium.
We're up in the football area, the Champions Club, live music, great barbecue and other types of foods, open bars.
It's always a great event, a great networking event after that Monday evening event.
And then, of course, everybody working together through just afternoon on Wednesday the 5th. And then there's always the impromptu, informal Ballyhoo Grill dinner for those that are in town that Wednesday,
as well as the lab tours after that 1 p.m. on Wednesday the 5th. So
everybody, we hope to see you there. Stay safe. Stay in touch.
Thanks for listening to the Crime Science Podcast, presented by the Loss Prevention
Research Council. If you enjoyed today's episode, you can find more crime science episodes and
valuable information at lpresearch.org. The content provided in the Crime Science Podcast
is for informational purposes only and is not a substitute for legal, financial, or other advice.
Views expressed by guests of the Crime Science Podcast are those of the authors
and do not reflect the opinions or positions
of the Loss Prevention Research Council.