LPRC - CrimeScience – The Weekly Review – Episode 129 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: December 8, 20222023 LPRC Kickoff is coming soon in NYC! Have you registered? In this week’s episode, our co-hosts discuss lagging retail sales in the UK and their effects on the holiday season, LPRC Integrate scen...ario keeps getting better, why retailers have a labor shortage issue, and a look at physical store improvements of the future! Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 129 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science. In this podcast, we explore the science of
crime and the practical application of this science for loss prevention and asset protection
practitioners as well as other professionals. Welcome, everybody, to another episode of
Crime Science, the podcast from the LPRC. This is the latest in our weekly update series,
and today I'm joined by co-host Tom Meehan and Tony D'Onofrio and our producer,
Diego Rodriguez. And we're just going to take a quick trip around the world. I'll start off,
you know, very briefly. It's been a very busy, very productive week so far here at the LPRC,
brainstorming with the North Florida SAC, or Special Agent in Charge of the Florida Department
of Law Enforcement, the FDLE, Mike Williams, former sheriff and head of law enforcement in
Duval County, Florida, which is the Jacksonville area. So it's JSO, it's called, looking at state
engagement or at least some collaboration on getting ahead of crime problems through good research and
development across crime places and those operators, the retail chains, and then local
law enforcement and beyond, better and better ways to get better information about what
actually is going on, being more focused and precise in what we do about it, individual place protection,
self-protection, as well as collaborative or collective protection. How do we partner
retailers across platforms from retailer to retailer in co-located areas like a shopping mall,
a shopping center, or at intersections or nearby around intersections that have particular issues working together.
And that's with the University of Florida Safer Places Lab. Eastside is an area in East Gainesville,
Florida, where we have a cluster of LPRC members, retail chains that operate stores there,
a particularly high or at least a higher elevated crime rate area, a lot of victimization of the people that work and shop in those environments, and they're all co-located.
And it's an ideal area to conduct, again, self-protection improvement as well as better and better ways to partner with each other and with law enforcement. How do we better deploy, integrate? How do we better dose or modify what and how and
where and what we're doing, when we're doing things, and how we better communicate across
each other? Earlier threat warnings, threat sharing where at all possible. Obviously,
crime problem sharing at an elevated level, understanding the dynamics around those places that might drive why they're experiencing higher levels of crime victimization than other similar places or even other nearby areas for maybe action again with law enforcement, but maybe with other city and civic groups to maybe create better conditions, better transportation and
opportunities, but with an intent to create just much safer, more stable environments
that people want to work, they want to visit, they want to shop in.
And so I think by looking at that Safer Places Lab Eastside concept with the Florida Department
of Law Enforcement, and then also had a very productive meeting with some leadership and crime analysis team
members and leaders at the Gainesville Police Department, looking for ways that we, again,
can collaborate in this environment.
So by individual calls and discussions with retailers, national chains that are LPRC members, and then, of course,
in the future with some locally owned and operated stores that are in those areas,
but also some of the other businesses, liquor stores and things like that,
that are generating and even radiating crime risks from their properties outward.
risks from their properties outward. And some of these retailer stores are between one,
excuse me, two to three of some of these crime radiators. Also, the egress routes and things like that. Some of those factors play a role in why their places are much more heavily victimized
and those that are there are at much elevated risk of being victimized. So stay tuned on all that.
We're excited to conduct these collaborations.
These things can take a year or two to set up.
We've been working on this for about a year now.
So we're very excited about, of course, the UF Safe Replaces Lab and University of Florida's
Innovation Square, the four-block area that's our lab outside, and where our LPRC six interior labs
are located in the UF Innovate Hub building situated there, now to be able to extend
concepts and options and testing from virtual reality environments that you all know. We've
got simulated in that cave environment, the sim lab environment, down into our four-square-block area,
and then now to translate what we're learning there in that real-world environment over to
the east side Safer Places Lab, you can see the opportunities there. We're also working
to establish a west side lab at our Oaks Mall complex.
It's, again, very early days there, but that's going to allow us to look at individual and collaborative protection in a shopping mall environment,
in this case, an enclosed mall.
So what do we do in Zone 4 parking lot in Zones 321 within that environment, the common areas and then the actual store areas?
That's going to be another exciting part of this.
So that's kind of the logic and the environment or ecosystem that we at the LPRC and all of our 70 plus retail corporate members are over 100 technology partner members, solution partners,
the retail associations that we're working with, the national associations, and so on, the planning,
the detailing.
So with the LPRC research team, which is now seven strong, up from the normal two or three
that we've operated over the last 15 years or so, is going to allow us already allowing
us to have a lot more bandwidth, a lot more capability and flexibility and agility,
a lot more expertise to carry off these at a high level, and then collaborating with some of my
colleagues, faculty members across the University of Florida in the Digital Worlds Institute and
College of Art, to architecture and interior design faculty in the design, construction, and planning college, over to working, of
course, where I'm now situated in the Wertheim College of Engineering with computer scientists,
faculty, and grad students, and even undergrads.
The same in ISE, industrial systems engineering, and ECE, electrical and computer engineering.
We're able to get a lot of things done. And then finally over to the U.S. Innovation Academy, those IA students that
get minors across 33 majors in innovation, those teams and interns from that program. So
when you pull all of these factors, all of these capabilities, all these great people,
When you pull all of these factors, all of these capabilities, all these great people, ideas, energy, expertise together, it's absolutely amazing where we are and where we are headed and what we're going to hopefully all work together to do to better safeguard the vulnerable in these places and in these spaces.
It's for the good of everybody, and we're excited about it. Again, for more information, operations at lpresearch.org, our website, of course, lpresearch.org.
And so stay tuned on that.
With no further ado, let me head over to Tony D'Onofrio.
And, Tony, if you could let us know what you're up to and what we need to know.
Thank you, Reid, and I appreciate all those
great updates. And hello, everyone, again, sitting here in Germany. Let me start this week, actually,
with a synopsis from the Robin report in an article titled Reimagining the Future of Retail.
The future of retail will be shaped by a hybrid shopping model based on the new normal of
highly interconnected experiences that serve specific target markets.
Local, personal, smaller, curated, and customized.
The cookie cutter approach of building more and bigger stores does not resonate with today's
consumers' mindset.
The pandemic has left consumers with a new set of value, a higher expectation of what
service means, and very little patience when things don't go the way they should.
Consumers increasingly want variety in how and when and where they shop, and they expect retail to deliver
a memorable environment that addresses their specific needs.
Kia are relevant, curated shopping experiences with abundant personalized choices.
This article also talked about the future of malls consumers are conflicted in what
they want as the endless aisle that online shopping provides but at the same time they
get overwhelmed by the number of choices what they really want again is curated experiences experiences and they don't necessarily like traveling to a whole bunch of stores
and not getting the experiences they want. Malls are absolutely going to be part of the future of
retail but the need to change it really must be like the community more like the communities that they serve. Also, malls should really look like a local market.
And there are great examples of this that I've talked about in previous
presentations on the future of retail in China,
where basically the mall is actually part of the community.
In some cases, it's at the bottom of a skyscraper,
and people just come down and shop.
So it's integrated into the community.
And it could include things like movie theaters, amusement rides, museums,
skating rinks.
You go to Dubai and you actually have an indoor skiing lift,
complete with a lift if you wanted to one of the big malls consumers in one
market don't necessarily want the same as other markets some may want escape
rooms video arcades others may want wellness facilities including gyms
yoga's walking clinics dentists and veterinarians. In terms of physical stores, this article really
pointed to five interesting characteristics that were predicted.
Number one, stores should be designed with social media in mind. Winning
physical stores is designed for shareable word of mind and social media
experiences. And again, this is prevalent in some parts of China and North America
in restaurants and shopping centers.
There are designs especially for social media sharing
and millions of shared impressions are key to driving in store traffic
and even offline sales and increasing brand awareness.
even offline sales and increasing brand awareness.
Number two, stores, physical stores should offer five cents experiences.
Environments in the physical space should activate all five senses in the shopping journal in new imaginative ways.
Grocery stores will have an advantage because they can actually do and go after all
five senses. Number three are meandering designs. And by meandering designs, again, the days of long
monotonous straight lines of goods stacked from floor to ceiling will be replaced by circular
pathways to create environments that foster discovery and exploration. And
number four, smart stores and smart customer interaction. The state of in-store
technology is now equal to customers' technical prowess. RFID can be used for frictionless checkout and to find items
in the store when you are shopping and they can facilitate the whole shopping
experience QR codes can allow you to integrate and look at videos about
products sales people sales people with smart customer relationship or CRM tools can interact
with shoppers understanding where the consumer is in the readiness of
technology is a key consideration for retailers to be able to deliver these
meaningful experiences and these are the four actually that were highlighted and
I've added five the fifth one to me is don't hesitate to study what
the rest of the world is doing. Again, there are markets in other parts of the world and
good examples are actually again in Asia, especially in Japan, in Korea, and also
especially even more in China and leverage those examples and taking them into other parts of the world.
Switching topics, let me summarize some interesting research from RIS News. I was shocked to read that
almost half of U.S. frontline retail employees and two-thirds of frontline managers are thinking of
leaving their job in the next few months.
Not enough flexibility is the number one reason, according to McKinsey.
Garner points to five strategies that can leverage technology to retain employees. Number one is flexible scheduling.
And this is, again, allowing employees to actually engage, to figure out shifttime communication technology enables retailers to communicate
across locations with speed and agility.
And this is important for productivity, so everybody speaks the same message.
Number three, performance management and feedback.
Many retailers are abandoning one-size-fits-all of all approaches in terms of how they provide feedback.
Number four, internal talent marketplaces.
Gartner researchers estimate that by 2023, 15% of large global organizations will integrate
their new business data to drive more AI-enabled talent matching in large-scale deployments and internal
talent marketplaces.
And number five, pulse surveys to gauge employee sentiment.
And this is moving away from the yearly or quarterly company reviews into something and
actually giving almost daily or even hourly feedback. Again, according to Garner, by 2023, 80% of enterprises
with 2,500 plus employees will augment annual engagement surveys with pulse focus groups or
indirect methods to gauge sentiment. I love the quote from Joe Scarupa in the research from RIS
News, and he said there are quote there are two
major waves of disruptions that have been triggered by the COVID pandemic and
these waves have forced retail to change more in the last two years than it has
in the last 20. Many of the changes leverage advanced technology to solve
first wave problems such as serving shoppers during lockdown
and resolving massive supply chain issues. Now two years later especially grocers are dealing with
second wave issues such as tight little markets, rising wages, the great decadation and quiet
quitting. And finally again since I am Europe, some interesting news out of the UK
this week and this one is from Reuters on what's happening with retail and inflation. British
consumers are spending ticked up last month at a rate that greatly lagged behind inflation
according to a survey that underscored the pressure on awful budgets ahead of the Christmas holiday.
Barclay Cards said spending on its credit card and debit rose nearly 4% year-on-year in November,
far behind the annual 11% growth last year.
And in October, that was the highest reading in 41 years.
And in October, that was the highest reading in 41 years.
Some 94% of Britain surveyed by Blackie Card said they were concerned about the impact of sorting household energy on their personal finances.
Again, having been in Europe almost two weeks now, I can tell you there's a heavy, heavy concern about energy here, cost of energy and what's going to happen and also inflation. So, and with that, let me turn it over to Tom. Thank you, Reid. Thank you, Tony. We're
going to cover some risk and some current trends all around risk and what's occurring and maybe
some breaking news here, as we always do. Wanted to just start off with kind of a sombering article that was written and rewritten several times.
I'll reference the Bloomberg article first, which I think for anybody who has children,
I would actually recommend reading it.
And what it really talks about is viral trends with social media. And we've
on the podcast in the past several years talked about viral trends several times. This
is talking about TikTok's viral challenges or trends and luring children to their death.
It is a very sombering article. It's actually rather long, but I would highly recommend
if you have children that use social media in the teen ages of reading it,
what it really talks about is the blackout challenge.
For the listeners that have never heard of this,
I actually have not heard of this until I read this article,
but it is a challenge where, and while this is a preference, this
article is about TikTok, this is in social media challenges in general, where that on
both TikTok and YouTube, there is a challenge that encourages teens to choke themselves
or choke each other until someone blacks out to get the adrenaline rush when they're waking
up. And when you read this article, there are several examples of children that are unfortunately
died from asphyxiation from hanging themselves during this challenge, some actually taping
it, some not.
But what it really leads to is just the pure power of social media and what we always talk about here on the podcast and what it leads to for adults, but also for children.
A big portion of this article is really about the due diligence or the requirements by the social media companies to protect children online.
by the social media companies to protect children online.
There are laws around in the United States around children under 13 and what they're able to access online.
But it's also somewhat challenging to actually enforce or identify how the age here.
TikTok was actually fined outside of the U.S. for children use.
I think if you're a TikTok user, you may see an age prompt appear.
But there are several companies that allow for age verification through video
with a very high degree of accuracy.
One San Francisco-based company, Hive, which I believe Facebook and Instagram use in some fashion today.
And there are a lot of privacy concerns under biometric data,
but these companies by design don't save any information.
And this is one of those arguments of privacy versus safety,
especially when it comes to children.
I continue to use social media for many different platforms.
I know here the LPRC, we talk about it with the FusionNet
and some other things that we use it for,
for open source and active intelligence gathering.
The key fact or the key point of this is, you know,
how do you keep your children safe and educate them on the dangers of social media
and what goes on.
So don't want to spend too much time on that, but it continues to
be a topic. We also continue to see a topic around TikTok specifically, the Chinese government and
their algorithm and what is occurring. And from time to time, we hear about bans and things of
that nature. So definitely a space to look at and continue to watch. Just switching gears a little bit, but kind of wanted to talk about some tech news in general.
Apple was, due to the zero COVID restrictions in China,
has changed their forecasting for the amount of phones related to the supply chain disruption.
And what is occurring is there's a specific Foxconn plant in China that several
people left because of their fear of being locked in for COVID lockdown. So this continues to kind
of talk about the landscape of supply chain and how really challenging it is for companies around
the globe to manage different COVID restrictions throughout the world.
Now, this is one where there's been unprecedented protests in China.
And I think that this is not only this kind of a new phenomenon,
but you're starting to see really large degrees of protests in China and what is occurring there
and how people in China are, you know, protesting
against the government. There was, I think we talked a little bit this last week, this
show of solidarity and also the blank paper, you know, became kind of the subject of their
in the protests holding up a blank paper. Why? Because that blank paper doesn't contain any messages, which is not anti-government.
And a lot of social media videos of just groups of tens of thousands of people protesting.
In the Foxconn instance here, this was basically Apple City. just based iPhone manufacturing where there were some COVID cases and people wanted to get out of the factory so they weren't stuck there for very long periods of time.
So definitely still something to watch and continue to monitor for all of us in the supply chain world, although you may not have any manufacturing in China.
you may not have any manufacturing in China.
I mean, in China, there is something to be said about the number of sheer components that are made there. So just definitely something for all of us to keep an eye on.
I know that there's still a fair amount of things made there,
and I think we need to keep that in front of mind as we continue to see these challenges with supply chains.
Switching gears a little bit to kind of some interesting news around the U.S. government.
So the FBI and the Federal Trade Commission seized a website called iSpoof.
Interestingly enough, iSpoof has been around for a long time.
This was actually hundreds were arrested along with the seizure.
And iSpoof was an account, I'm sorry, a website and or an app that allowed you to spoof a phone
number. So you could actually go in and change a phone number, caller ID phone number to use this.
And they portrayed it as a joking app. But this is a really interesting
one because this is going on for a long time. This has been out for a long time and hasn't
advertised. But they were able to identify a large percentage of fraud being perpetrated
through this service and were able to seize it and stop it. And this is a very interesting one
because this shows that the U.S. government
along with the U.K. government
are really going and pushing the fact that,
hey, Interpol, the U.S. government,
you have all these different agencies working together.
Europol is involved as well,
saying we're going to go after companies that perpetrate fraud or allow fraud to be perpetrated using an online methodology. a lot of information on this, a 34-year-old arrested, and he's pending a court hearing
in London as one of the folks that owned this website.
And this is one of those ones where the due diligence, where it starts and where it stops.
If you have a website or a service that is used to perpetrate fraud and you're aware
of it, what is your onus on it?
So I thought it was very interesting.
It's obviously a victory for all of us because this was a website that was used to perpetrate fraud. enough, there were things where they were able to talk about 59,000 suspects and fraud associated
with this and were able to arrest some. So I think this is a trend that we'll continue to see.
There are other programs like this available. And this has been around for a few years several years actually so this
is a win for all of us here in the security and loss prevention space that
that sites like this are being attacked it also gives you some solitude of some
of these cases take years to address and that well at times it may seem
discouraging that we may not see these things actually being addressed, they are still being addressed.
And switching a little bit to TikTok and kind of a ransomware or malware type event is that there's a TikTok challenge called the invisible challenge, which is actually a trend where people there's a filter that makes you look invisible and naturally people take it to the extreme.
So they use this trend and they take off all their clothes to be invisible.
So there was a slew of posts about how you could undo this filter to see these folks.
And they called it the malware basically basically was really really advanced why it's so advanced is what they
did is they allowed uh the they they allowed people to go to a website into github actually
say this works the way github works is kind of you can go in and give feedback on it working so
they drove them to a code text code. It was called the
Uninvisibility De-Cloaker. And you had folks that were actually going on to GitHub saying this was
great, didn't even try it, and then downloading malicious code all with the means to try to
with the means to try to, you know, decloak this invisible piece.
Why is this such an interesting example? Not so much of the filter, but the fact that the way this worked is they had a tool.
The information on this was there's a toolkit available.
They actually brought people into a Discord group in a private area, talked to them.
They lured them into upvoting on GitHub.
You know, this unfiltered code work somehow persuaded people to do this before they used it.
Then they had them download it and install a Python package that, you know, actually was malware.
So these are a lot of steps involved here.
But one of the interesting parts here is that this is a different trend really in malware because you're
actually what they're doing there is by up voting the github you're artificially
letting people artificially telling people this is safe so you have this
unusual impact here where you have this code that people are artificially
saying is good, which in turn increases the thought process and validity of it.
So now you have folks going and going, well, hey, this many people uploaded it. It's got to work.
I'm going to download this. It's got to be safe. So a really, really interesting challenge that occurred. And I think it's important to note that this is one of those
kind of more sophisticated attempts. And I think most of the news is focused on the fact that this
is an invisibility challenge, fraud after, and people are leaning on the fact of being able to decloak images
of naked people.
But one of the most prolific things here for me
is the level of sophistication
in the attack.
And this wouldn't be challenging
to duplicate in other facets.
So it really throws a whole new challenge
of you have a recognized place to download code like GitHub where someone is utilizing an upvote feature to artificially make people feel like it's safe.
So I think it's something we'll have to watch a little bit more closely.
Next, LastPass made an announcement to customers that a breach caused by a previous breach,
that they had a second breach that was caused by a previous breach.
The crooks made off with proprietary information, including some of their source code,
which is actually pretty concerning when you think about a password management tool.
Now, according to the last pass, customers' passwords backed up on the company's servers never existed in a decrypted form in the cloud. The master password used to unscramble
the saved passwords is only ever requested and user and memory stored on your own device.
Therefore, any passwords stored in the cloud are encrypted before they're uploaded and only decrypted again after they've been downloaded.
In other words, even if a vault data had been stolen, it would be in an intelligible way.
So basically what LastPass is saying is they're not saying that that information was stolen,
but if it was, it would be encrypted in a way that a user would have to have your key
and a device to decrypt it.
The concerning part about all of this, and I'm a user of LastPass,
I also use 1Password, I encourage people to use PasswordVaults,
is that when you have these companies
that there are folks that target them and it's very, very important in password management
tools to use only the most reputable tools out there so that you know that they're going
to use the most significant security protocols available today. I think that LastPass is doing the right thing here.
They're giving information as it becomes available, and I feel like they're doing the best they can.
Even if this information turns out that Crooks could have some personal information, it would most likely be home addresses, phone numbers, and some payment cards, you know, information.
This is kind of typical in a breach.
I'm not saying that that's the case, but from all technical aspects, your passwords are safe.
And then the only way they'd be able to get them is to be able to get that password, you password, that master password and decrypt them.
So if you're using LastPass today,
the theoretical thought process would be that
you would not have any risk.
And why I said theoretical is because
that's based on information that's available today.
I'm pretty confident here with this one that your password
data is safe. Much like other breaches, though, and this is unfortunate, you may have
some of your information available, like what we see in a lot of different breaches.
And then last but certainly not least,
we're coming up on the two-year anniversary of January 6th
and the Capitol insurrection.
There has been a lot of chatter.
Fortunately, I have not seen or haven't heard of any specific around chatter
associated with domestic terror.
There have been recently some news stories about the D.C. Metro Police
and the things that they're working on.
And we will continue to monitor this situation as needed.
to monitor this situation as needed. I think that a lot of the recent lawsuits
that we're dealing with here are related
to the January 6th are definitely a good deterrent
for folks, when I say lawsuits, I apologize,
I mean indictments are a good deterrent for people who want to let know that the U.S. government's not going to tolerate this
type of activity. But we'll continue to monitor it. There was some chatter this morning about
people talking about what occurred. There have been general bulletins throughout federal,
local, and state law enforcement around domestic terror and staying in tune to what's occurring,
but no specific credible threats around that two-year anniversary. But as I said, we'll monitor
and activate the fusion net as needed. And with that, I will turn it over to Tony and Reid.
All right. Thanks so much, Tom, for all that great information. Again, Tony, thanks again for
all that you do and all that you're providing
to the Crime Science Podcast listeners,
to our team and our membership
at the LPRC.
And I want to wish everybody
a continued happy
and safe holiday season.
We're always here for you
at lpresearch.org
and stay tuned, stay in touch.
Thanks for listening to the Crime Science Podcast, for you at lpresearch.org for legal, financial, or other advice.
Views expressed by guests of the Crime Science Podcast are those of the authors
and do not reflect the opinions or positions
of the Loss Prevention Research Council.