Former exec denies affair with Best Buy CEO Corie Barry
Karl Sanft, who formerly led U.S. retail store operations at Best Buy, has denied an allegation that he had an inappropriate romantic relationship with Corie Barry before she became the consumer electronics retailer's CEO last June. Mr. Sanft left Best Buy last March to become chief operating officer at 24 Hour Fitness.

In a short e-mail to the Star Tribune, Karl Sanft wrote: "The anonymous allegation that I had an affair with Corie Barry is false." He said he had no further comment.

Barry issued a statement then, too, saying the board has her full cooperation and support in the inquiry and that she looks forward to its resolution. startribune.com
 

Loss Prevention's New Role:
Fighting Counterfeits

U.S. increases liability for online retailers to police counterfeit goods

They're Coming to Your Warehouses

The New Retail Imperative: 'Exercising Duty of Reasonable Care'

Defining 'Private Sector Best Practices'

With news of the U.S. government's plan to step up enforcement of counterfeit goods, law enforcement will have greater rights to inspect warehouses and fulfillment centers of U.S. online marketplaces for counterfeit merchandise.

"It is critical to the integrity of e-commerce and for the protection of consumers and rights holders that e-commerce platforms that operate third-party marketplaces, and other third-party intermediaries assume greater responsibility, and therefore greater liability for their roles in the trafficking of counterfeit and pirated goods," the report stated.

In addition, the government plans to collect more data about domestic warehouses and fulfillment centers used by third-party marketplaces, and to form a consortium of industry participants to share information on counterfeit merchandise sales. E-commerce retailers are being urged to strengthen their vetting process for third-party merchandise and to make terms of service banning the sale of counterfeit goods very clear. chainstoreage.com

Editor's Note: For years, fighting counterfeits was the purview of outside law firms with expatriate investigators around the globe, with the highest concentration in the Pacific Rim. These investigators were mostly comprised of retired government, military, and law enforcement individuals. But this is about to change. That is if this new fight truly does take off and become a massive effort. And while most, if not the vast majority, of the LP community hasn't really been involved, that is about to change as well.

With third party sellers basically the tip of the sword, Retail America has their work cut out for them, with LP getting more involved than ever before. Supply chain movement and distribution will be the focus of this new effort, and its about time. With numbers exceeding $509 billion in 2016 and doubling in one year alone, this problem needs to be dealt with. And LP has a major role to play, which is rather detailed in the report itself, with page 27 of the report stating:

The first listed: Immediate Action by DHS and Recommendations for the USG

1. Ensure Entities with Financial Interests in Imports Bear Responsibility
- CBP will adjust its entry processes and requirements, as necessary, to ensure that all appropriate parties to import transactions are held responsible for exercising a duty of reasonable care.
- CBP will treat domestic warehouses and fulfillment centers as the ultimate consignee for any good that has not been sold to a specific consumer at the time of its importation.
- DHS will encourage platforms and other third-party intermediaries that own or operate warehouses or fulfillment centers to pursue, in coordination with rights holders, bulk abandonment and destruction of contraband goods that were not interdicted by CBP but are in the platform's or other third-party intermediary's possession in a warehouse or fulfillment center.
- CBP will require formal entry for shipments deemed high-risk.
- CBP will address such high-risk shipments within its current bonding regime, developing a framework for a new type of bond specifically for counterfeit risk (like bonds required for anti-dumping and countervailing duties).

Read the full report
 

eCommerce Delivery - The New Retail Frontier

'Grocery Delivery Goes Small With Micro-Fulfillment Centers'

LP's New Frontier - Micro-Fulfillment Centers

The Store Front With No-Name - Hundreds are Coming Fast

Closer to customers - keep costs down - heavy with automation

Grocers looking to fill online orders more quickly are testing micro-fulfillment systems that can spit out as many as 4,000 orders a week but can still be housed in the back of stores or in urban areas where space is at a premium. The store owners are evaluating whether automation can help tamp down costs while speeding up deliveries and they are turning to a new set of startups aiming to make e-commerce fulfillment more efficient in a small footprint.

Food and beverage is the fastest-growing U.S. e-commerce segment, with an estimated $22.63 billion in sales last year and projected to nearly double by 2022, to $40.04 billion.

The shifts echo broader logistics trends tied to e-commerce, as retailers looking to speed delivery move inventory closer to big population centers and use automation to build more compact distribution operations.

Kroger Co., plans to build as many as 20 largely automated warehouses range in size from 20,000 square feet to more than 300,000 square feet. wsj.com

E-commerce deliveries will overrun cities in 1 to 3 years

Urban last-mile deliveries will increase 78% by 2030

In one to three years, cities will be "severely challenged" by e-commerce-driven delivery traffic, but existing technology and policy fixes can help quell the resulting carbon emissions and congestion if implemented quickly, according to a report from the World Economic Forum (WEF) with input from DHL, Llamasoft, McKinsey, Uber Freight, Unilever, UPS and Walmart among others, released Jan. 10.

The study analyzed 24 last-mile technologies including drones, robots and unmanned deliveries, drop boxes, locker systems and other ways of consolidating orders, along with non-tech changes including increased double-parking enforcement, delivery time shifts, traffic light interventions and road lane changes.  retaildive.com

Editor's Note: Don't know if you've noticed in your town, but three weeks before Christmas about 70 Amazon vans showed up parked behind the closed Sears store at Great Lakes Mall in Mentor, OH, where I live, and they're using it as a staging area for drivers. Amazon vans have popped up across the country over the last few months after they bought 10,000, according to reports. Well we now have the answer to all those closed stores in the malls. Amazon vans!
 

U.S. Coronavirus

Cal-OSHA Flash Report: Don't Panic, but Be Prepared
The rapidly developing outbreak of novel coronavirus (nCoV-2019) in central China is sparking fears of a widespread health threat, a pandemic even, but right now there are as many questions as there are answers. Some cities around the world have declared a crisis and closed schools and non-essential businesses.

So far, two Californians have been infected with the virus after traveling from Wuhan, China. The California patients are from Orange and Los Angeles counties and are being treated at local hospitals. Public health authorities in the Southland say there is a low risk for infection from these cases. cal-osha.com

Medical Associations Warning Doctors & the Public on Coronavirus Outbreak

How to Recognize Cases & Protect Yourself

Now, medical associations are warning both their members and the public about the virus, which infects the respiratory system and has so far killed at least 80 people worldwide. At least five cases have been confirmed in the U.S., and the Centers for Disease Control and Prevention (CDC) is tracking dozens more potential ones. associationsnow.com

New York Braces for Coronavirus: 'It's Inevitable'
In Queens, some who recently returned from China have even self-quarantined. But officials have urged calm.

"It's inevitable that we will have someone who is positive with coronavirus," New York City's health commissioner, Dr. Oxiris Barbot, said Sunday.

Some people with the virus, Dr. Barbot said, have limited symptoms: coughing, shortness of breath, a low-grade fever. But in others, the virus can be lethal.

By and large, the message to the public has been one of reassurance. "We are encouraging New Yorkers to go about their everyday lives and suggest practicing everyday precautions that we do through the flu season," Dr. Barbot said.

But there is considerable anxiety and debate over the proper precautions within the city's Chinatowns. That has only grown in the past few days as more alarming news has emerged out of Wuhan about the virus's spread. So far more than 4,500 people have been sickened and more than 100 people have died. nytimes.com

Coronavirus Scare Has Face Masks Flying Off Shelves in NY's Chinatown
 

Chipotle Fined $1.3M Over Thousands of Child Labor Abuses in Mass.

Largest Fine Ever in Massachusetts - Violations in 50 Stores

Mass. Attorney General Maura Healey ordered the largest child labor penalty ever issued by the state against the Mexican restaurant chain after finding an estimated 13,253 child labor violations in its more than 50 locations.

The fine detailed that Chipotle had employees under the age of 18 working past midnight and for more than 48 hours a week. Teenagers told investigators their hours of work were so long that it was preventing them from keeping up with their schoolwork. The company also regularly hired minors without work permits.

The settlement total is closer to $2 million, including penalties for earned sick time violations in which managers granted employees paid time off only for certain illnesses. The violations also include failure to keep accurate records and pay timely wages.

Lastly, the company was ordered a voluntary $500,000 payout to a state youth worker fund dedicated to education, enforcement and training. nbcboston.com

cstoredecisions.com: Highlights From NRF 2020, 'Retail's Big Show'

Sustainability Tops Retailers Agenda

Listed first in this review: There were noted six sessions with the word "sustainability" in their headlines and session descriptions. Clearly, sustainability is firmly at the top of every retailer's agenda.

Food Waste - Cash-Handling - Managing the Labor Force cstoredecisions.com

A Healthy Consumer Means More Retail Disruption

Don't expect shoppers to stick with the retail incumbents, whether on land or online

The latest monthly retail sales report from the U.S. Census Bureau recorded December sales (excluding gasoline, automobiles and restaurants) of $384.6 billion. Compared with the prior year's $ 360.5 billion, that's a solid year-over-year gain of 6.7%.

Two interesting issues worth mentioning: Online sales in 2019 reached all-time highs. E-commerce now accounts for 14% of U.S. retail sales and likely will continue to claim a growing piece of the pie. Worldwide, online sales have nearly tripled during the past five years from $1.3 trillion in 2014 to more than $3.5 trillion in 2019, according to Statista. Projections are for this to more than double during the next five years.

The generation that grew up online doesn't think of e-commerce as anything special; it's simply retail. bloomberg.com

Leading Like LeBron James
LeBron James is disciplined about getting enough rest, working at his craft and using mindfulness to prepare himself mentally for the day ahead, writes Alaina Love. "It's about having a champion's mindset and recognizing that it's actually the preparation to be successful that matters more than the competition," she writes.

James applies his practice in pursuit of three goals: developing mental mastery, preparing adequately for success and ensuring athletic recovery. Even if you're not an athlete, these goals are relevant to maintaining your own leadership stamina. smartbrief.com

Background Check Services Provider T&M Protection Resources, LLC Agrees to Settle
FTC Allegations that it Falsely Claimed Participation in the EU-U.S. Privacy Shield

Amazon.com Pop Ups - New Retail Concept - 6 Pop-Ups

Suppliers File Involuntary Bankruptcy Papers on Canada's La Senza
 

The Loss Prevention Foundation Announces Two New Partners

Metro One joins LPF as Bachelor Partner
The Loss Prevention Foundation (LPF) announces its newest Bachelor Level Partner, Metro One Loss Prevention Services Group. The Bachelor level partnership allows Metro One to provide LPQ and LPC certification course scholarships, as well as LPF memberships, to loss prevention industry professionals.

Founded in 1984 as a family owned provider of security/loss prevention services, the Metro One LPSG brand has been built upon and recognized for consistent and uncompromising professional security services. Metro One's portfolio of security management solutions includes vulnerability assessment, training and development, loss prevention, and investigations for stores, supply chains and corporate facilities. yourlpf.org

Appriss Retail joins LPF as Associate Partner
The Loss Prevention Foundation (LPF) announced its newest Associate level partner, Appriss Retail. The Associate level partnership secures LPQ and LPC certification course scholarships, as well as, complimentary LPF memberships for distribution to loss prevention professionals.

Headquartered in Irvine, CA, Appriss Retail benefits its clients with advanced analytic solutions and artificial intelligence models that help retailers increase net sales, enhance the customer experience, reduce loss, tackle sales reducing activities, and improve performance. yourlpf.org
 

Senior LP Job Postings Removed from Website:

● National VP, Child & Club Safety - Boys & Girls Clubs of America - Atlanta, GA
● LP & Inventory Control Director - Cart Mart - San Diego, CA
● Director, Security/Risk - Southern Glazers Wine & Spirits - Las Vegas, NV
● Sr. Loss Prevention Manager - Carvana - Phoenix, AZ
● Sr. Manager of Investigations - Asset Protection - JCPenney - Plano, TX
● Corporate Security Mgr. - VF Corporation - Denver, CO
 

Ransomware Gangs' Rankings Drive The Payments

Average Ransomware Payments More Than Doubled in Q4 2019

From $41K in Q3 '18 to $84K in Q4 '19

By monetizing a mere 2% or so of their attacks, most ransomware operators were able to generate a sizable profit on their investments last quarter, Coveware estimates. Coveware analyzed ransomware victim data collected from its incident response engagements as well as from IR firms using its platform, in the last three months of 2019. The data showed that average ransomware payments soared 104% from $41,198 in the third quarter to $84,116 in the fourth quarter. On average, a ransomware attack cost victim organizations some 16.2 days in downtime, compared to just 12.1 days in the third quarter of 2019. Half of the victims who forked over a ransom paid $41,179 or less, while half paid more. At the high-end, some victims paid up to $780,000 to get the decryption keys for unlocking their data, while at the other end of the spectrum other victims paid as little as $1,500.

Nearly six in 10 attacks last quarter (57%) were enabled through the use of stolen Remote Desktop Protocol (RDP) credentials, which are available in underground markets for less than $100, he notes. "This will continue until the profit margins go down for these cheap and simple attacks. As of right now, the margins are great for cyber crime, so it marches on." A Proofpoint survey of more than 600 security professionals around the world showed that slightly more than half of all organizations infected with ransomware in 2019 elected to pay the demanded ransom. darkreading.com

Average ransom for REvil ransomware infection is a whopping $260,000
In today's crowded ransomware landscape, the REvil (Sodinokibi) ransomware gang rules supreme, dwarfing any other similar ransomware operations.

Run as a Ransomware-as-a-Service (RaaS), the REvil gang rents its ransomware strain to other criminal groups.

These groups, known as REvil affialiates, are solely responsible for distributing the ransomware to victims through the channels they prefer, and then ask for the ransom demand they see fit, based on the number of computers they manage to infect on a company's network.

Researcher sinkhole REvil RaaS backend
However, in a report published today and shared with ZDNet, the security team at KPN, a Dutch telecommunications provider, said it was able to sinkhole and intercept the communications between REvil-infected computers and the REvil ransomware's command-and-control (C&C) servers. zdnet.com
 

How to Get the Most Out of Your Security Metrics
There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.

The value of metrics comes from their ability to tell larger stories about a business that resonate with key stakeholders. You lose that opportunity if security teams use the wrong metrics - those that are overly technical or detailed - or miscommunicate the right metrics. Here are some of the more common reporting mistakes and best practices for avoiding them.

Generic or Overly Technical Metrics - Connect Metrics to Business Outcomes
A more effective way of reporting to leadership is to speak directly to the risk level associated with critical business functions, the core contributors to this risk, and the actions being taken. For example, security leaders should be ready to answer these questions:

● What kinds of attacks are we prepared to defend against?
● Where do we have deficiencies as an organization, and what risks to business operations are elevated as a result?
● What is being done to reduce such risks (from a business and technology perspective)?
● Has a risk grown in significance?
● What is the proposed strategy to reduce the risk to an acceptable level?

The storytelling needs to focus on business risk rather than technical facts.

Metrics Overload - Focus on the Biggest Risks
Instead, help technical teams understand the most important vulnerabilities that require their attention and what progress needs to be made. Again, this needs to be tied back to key business objectives and prioritized based on those functions.

There is an art to reporting security metrics so that they speak the language of leadership and effectively connect the data from security tools and processes to key business objectives. It's crucial to articulate the metrics well so business leaders understand the significance and recognize the true effect the security program is having. Without this understanding, security teams, budgets, and processes could be overlooked, which increases security risks to the company and could negatively affect brand reputation and customer trust. darkreading.com

Police Bust 3 Suspected Magecart Hackers Gang in Indonesia

12 Different Magecart Gangs Operating

Operation 'Night Fury' Targets JavaScript Skimming Gangs Hitting E-Commerce Sites

The suspects were arrested as part of Operation Night Fury, an ongoing anti-skimming probe spearheaded by Interpol's Cyber Capability Desk, backed by U.S. and European law enforcement agencies, which has also involved Indonesia's "Bareskrim Polri" cyber police team. Interpol says another five Association of Southeast Asian Nations have received attack intelligence and are continuing to pursue Night Fury investigations.

"The suspects have managed to infect hundreds of e-commerce websites in various locations, including in Indonesia, Australia, the United Kingdom, the United States, Germany, Brazil and some other countries," says Singapore-based cybersecurity firm Group-IB, which assisted with the investigation. "Payment and personal data of thousands of online shoppers from Asia, Europe, and the Americas have been stolen." One suspect subsequently admitted in an interview on Indonesian television that he'd been intercepting card payments since 2017.

Security firms are tracking at least 12 different Magecart criminal groups, and they say such attacks date from 2014. But since 2018, the quantity of Magecart attacks has surged. Victims of Magecart-associated groups have included shoe manufacturer Fila, bedding sites Mypillow.com and Amerisleep.com, as well as British Airways, Ticketmaster and Newegg.

Magecart Attacks Continue - More Suspects at Large - 200 sites Infected & Number Will Rise govinfosecurity.com