Web version / Mobile version



 8/15/17 Subscribe Free LP, AP & IT Security's #1 News Source d-ddaily.net

Facebook Twitter Linkedin




Twin Cities ORC Association Annual Conference & Training
Aug. 15-16

2017 Cargo Theft Summit Southern California
Aug. 22-23

2017 Safety Leadership Conference
Sept. 11-13

NE Loss Prevention Expo
Sept. 14

Retail Risk - New York
Sept. 14

Retail Council of Canada LP Conference
Sept. 19

The D&D Daily attending
Gus Downing & LPNN

Find out more

ASIS International
63rd Annual Seminar

Sept. 25-28

California ORC Association Annual Training Conference
Sept. 28-29

2017 National Cargo Theft Summit, Atlanta
Oct. 4-5

Cyber Defense Summit
Oct. 10-12

National Association of Bunco Investigators Annual Training Conference
Oct. 11-12

Colorado Organized Retail Crime Alliance Conference
Oct. 17

See More Events

'17 National Retail Security Survey

2016 NRSS Survey

2015 NRSS Survey

International LP

The challenges of doing
business in Mexico

Jim Carr, Sr Dir-Global AP, Rent-A-Center

Over the last six years, Jim Carr, Senior Director, Global Asset Protection, Rent-A-Center Inc., has managed the roll-out of 190 locations in Mexico for Rent-A-Center, leading their international and U.S. LP efforts. With this background, he has had the entire retail life cycle of experience in Mexico, from market entry to managing successful locations to closing stores down. Jim shares some of his invaluable international experience and the challenges of doing business in Mexico.

Episode Sponsored By:

Quick Take #4

Hedgie Bartol, Retail Business Development Manager for Axis Communications, explains why people and relationship skills are still extremely important in this digital age, and the value of walking a mile in your business partner's shoes.

Solution Providers: Have a video or commercial you want to publish? Contact us


RLPSA Salute to Excellence Award Winner Announced
Chris Manning, Director of LP, Wendy's, Wins RLPSA's Highest Award

Chris Manning has upheld high standards of excellence not only for his own organization but also within the restaurant industry. His overall contributions to the industry have been invaluable touching almost every aspect of safety and security in the restaurant industry.

From launching the implementation of the organization's Smart Safe program to creating a unique armored car program eliminating employee injuries and assaults. Chris leads a team that manages more than 6,500 franchisees and Company restaurants in the U.S. and 29 other countries.

RLPSA Names New Board President and Members
Rocco Prate, Regional Safety & Security Manager for Wendy's, was nominated as RLPSA's new board president at the 38th Annual Conference held in Las Vegas, NV on July 31 - August 2.

Rocco Prate leads The Wendy's Company (North Region) where he oversees the safety & security for 250 company restaurant locations and supports 2,285 franchise restaurants. He has over 20 years of LP & Security experience working for numerous retail companies. Rocco is also a current member of the United States Army Reserve and holds the rank of Lieutenant Colonel.

Rocco joined the panel discussion at the RLPSA Annual Conference, "What Keeps You Up at Night? Lessons From the Field at All Levels".

"It is an honor to serve an organization of such high caliber," Rocco shared after accepting the board president nomination.

RLPSA members also voted in the following new board members:

 - Jennifer Schaefer, M.A., LPC, Regional Security Manager - Midwest & Heartland Regions at McDonald's
 - Edwin Saul, Director, Asset Protection & Risk Management at CKE Restaurants Holdings
 - Raymond "Paig" Parish, Executive Vice President of Sales and Marketing at Amphion

Update: California Superior Court Judge Rules Against Restorative Justice
Diversion Program Violates California Extortion & False Imprisonment Laws

Superior Court of California, County of San Francisco Judge granted San Francisco's City Attorney motion for summary judgment on extortion and false imprisonment. Saying that CEC's diversion program is unlawful because that program violates California's extortion and false imprisonment laws.

"The irreducible core of CEC's program is a request by the retailer for the suspect to pay money to CEC in exchange for the retailers forbearance of notifying the police that the suspect committed a crime. This is textbook extortion under California law, and has been so declared for at least 125 years... asking for and receiving money or property in return for not calling the cops is the "obtaining of property from another... induced by wrongful use of... fear...by a threat."

"CEC's diversion program violates the UCL prong for the additional reason that the program is designed to and does require detention of a theft suspect under the threat of arrest beyond the time allowed by common law merchant's privilege codified at Penal Code. the unauthorized period of detention constitutes false imprisonment... after a suspect is deemed eligible for CEC's diversion program, the suspect is detained for an appreciable time by the retailers, not for the purposes of the retailer investigating the theft, but to determine whether the suspect agrees to participate in CEC's diversion program.... under threat of arrest other than investigation of the crime exceeds the permissible scope of the merchants privilege and constitutes false imprisonment." sftc.org

Editor's Note: As reported on the Daily on 8-16-16, this lawsuit has been going on for some time. Other articles have shown that this has been a central question for some time as well as reported on 7-28-16 on the Daily.

The San Francisco City Attorney has taken a hard stand on it as evidenced in this article dated 6-8-16.

It's Not too Late to Impact Minnesota's Bill Prohibiting Precharge Programs
Contact Your Respective Store's Representative To Oppose the Effort

As reported Monday in the Legislative Update column, two House of Representatives in Minnesota are attempting to prohibit precharge programs. For those interested in opposing the effort, contact your respective store's Representative with a formal letter. A list can be found here - Legislators. mn.gov

Man Accused of Using eBay for Terrorist Funding Agrees to Plead Guilty
American allegedly accepted Islamic State funds sent over PayPal for possible terrorist attack in U.S.

The American man accused of using fake eBay transactions to receive Islamic State funds for a possible terror attack in the U.S. has agreed to plead guilty, according to a court filing.

The Elshinawy case was critical in uncovering a global financial network centered on a British technology company used by Islamic State to clandestinely move money around the world and pay for military equipment used by the terror group in Syria, the U.S. says.

Mr. Elshinawy has another distinction: His is the first and only publicly known case in which Islamic State money flowed into the U.S. for a potential terror attack in America, according to Seamus Hughes, deputy director of George Washington University's Program on Extremism. wsj.com  Read ebay's response here

Costco Counterfeiting - Judge Agrees
Costco owes Tiffany $19.4 million for fake Tiffany rings: U.S. judge

A federal judge on Monday said Tiffany & Co may recover at least $19.4 million in damages from Costco Wholesale Corp over the warehouse club chain's illegal sale of counterfeit diamond engagement rings bearing the "Tiffany" name.

The Manhattan judge also permanently barred Costco from selling anything that Tiffany did not make as "Tiffany" products, unless it uses modifiers suggesting that the products have, for example, a Tiffany "setting," "set" or "style."

Costco said it intends to appeal, calling the decision "a product of multiple errors" by Swain. "This was not a case about counterfeiting in the common understanding of that word -- Costco was not selling imitation Tiffany & Co rings," Costco said.

Tiffany had sued Costco on Valentine's Day in 2013.

While the case concerned only about 2,500 rings, Tiffany sued to protect its brand and cachet as one of the world's best-known luxury retailers.

Costco's upper management, meanwhile, "displayed at best a cavalier attitude toward Costco's use of the Tiffany name in conjunction with ring sales and marketing," the judge added. reuters.com

Debit Fraud Loss Rates Decline After Chip Cards Introduced
According to the 2017 Debit Issuer Study, commissioned by PULSE, U.S. financial institutions substantially increased issuance of chip debit cards in 2016 and experienced reduced fraud losses. Since the fraud liability shift for most debit transactions took effect in 2015, an estimated 80 percent of U.S. debit cards have been converted to chip cards. The study also found that fraud loss rates dropped by approximately 28 percent in 2016 compared to 2015 levels.

The 12th annual Debit Issuer Study also confirmed that fraud continues to challenge issuers. U.S. financial institutions lost an estimated $900 million to debit card fraud in 2016. securitymagazine.com

LinkedIn Can't Bar Competitor From Its Public Profiles
A federal judge enjoined LinkedIn on Monday from keepings its website off limits to a company that tells employers which of their workers may be "flight risks."

U.S. District Judge Edward Chen enjoined LinkedIn from blocking San Francisco-based data-analytics firm hiQ from collecting data from public LinkedIn profiles that hiQ uses to sell intelligence reports to employers.

"The court is doubtful that the Computer Fraud and Abuse Act (CFAA) may be invoked by LinkedIn to punish hiQ for accessing publicly available data," Chen wrote in a 25-page ruling.

HiQ sued in June, claiming LinkedIn improperly invoked the Computer Fraud and Abuse Act when it sent a cease-and-desist letter in May, saying it would hold hiQ criminally liable if it kept accessing its website. HiQ claims LinkedIn revoked its access for anticompetitive purposes, in violation of the First Amendment.

LinkedIn claims HiQ uses anonymous, automated bots to bypass its data-scraping protections and track changes to profiles that users choose not to broadcast, undermining its privacy commitment to members.

HiQ sells information to clients - including CapitalOne, eBay and GoDaddy - on which employees may be seeking a new job, based on information culled primarily from public LinkedIn profiles.

hiQ plausibly alleged that LinkedIn revoked its access to crush a competitor, rather than to protect the privacy interests of its members. courthousenews.com

Can or Should Employers Fire Employees Who Participate in Hate Groups?
Legal experts say the decision should be based on case-by-case determinations

The answer is surprisingly unclear, according to management attorneys, who recommend a case-by-case inquiry depending partly on the state where the worker is employed, how risk-averse the company is and whether workplace policies have been violated.

No federal law would be implicated in firing the worker. The First Amendment's protections of freedom of speech apply only to the government, not to private employers.

Employment is at will in general at the state level, and employees can be terminated for any reason as long as it is not an unlawful reason, he noted.

In some states, employers are prohibited from discriminating against employees for engaging in lawful conduct when they are off duty. These laws are typically referred to as lifestyle discrimination statutes and usually prohibit discrimination based on smoking. But some of the laws-such as those in California, Colorado, New York and North Dakota, according to the National Conference of State Legislatures-prohibit off-duty activities more generally. If that law is in place in an employer's state, the employer's analysis of whether to fire someone will have to be more thorough, Eastman said. shrm.org

When Simulation Means Survival
Active shooter simulation exercises are undoubtedly the most effective way to prepare for a real-life scenario. These scenarios mimic the stress and chaos of an actual event and reinforce the principles of survival taught in active shooter training programs.

But in recent years, some companies have taken that idea to the extreme, conducting surprise active shooter drills on unsuspecting employees, students, and teachers.

Michelle Meeker, an employee at a Colorado nursing home, filed a federal lawsuit against a local law enforcement officer and her workplace in July 2014 for being taken hostage during one such drill. Meeker had no idea it was a simulation, according to The Wall Street Journal, and tearfully begged for her life as the "gunman" forced her into an empty room. She sued for damages after being so traumatized from the event that she quit her job.

The most effective way to prepare for a potential active shooter event is to combine announced simulated exercises with training materials that constantly reinforce the principles of the program.

Hiring specialized companies that facilitate training and simulation can help organizations close  the gaps that they may not have otherwise noticed. These firms bring with them both expertise and experience that businesses lack.

To develop effective response tactics, security personnel should understand what environmental and human factors typically occur during a shooting, which they can then simulate in training exercises. Loud noises-including gunshots, screams, breaking glass, alarms, and public address announcements-are to be expected. Consulting companies can provide such noises over speakers during the simulations to heighten the stress and reality of the scenario. The physical environment will be in disarray as high concentrations of people flock to exits or seek cover. There is also the possibility of visual trauma, including seeing the shooter as well as wounded or deceased victims.

The drills can be conducted as often as quarterly or as infrequently as once a year, depending on the size and capabilities of the company. Fire, police, and EMS personnel should be involved in at least one training per year. Tabletop exercises among key staff are also a good option to refresh critical decision making skills. shrm.org

Dick's Sporting Goods CEO - Retail is in "Perfect Storm" & Some Are Panicking
Dick's Sporting Goods CEO Edward Stack said the retail industry is in a "perfect storm" for pain - and some retailers are panicking. There's a lot of people right now, I think, in retail and in this industry, in panic mode," Stack said in a call with investors on Tuesday. "There's been a difficult environment."  businessinsider.com

J.C. Penney Adds 10 Market Investigators Across U.S.

July Retail Sales Sees Best Month of the Year - Up 0.6%

Quarterly Same Store Sales Results

Home Depot Q2 comp's up 6.3%, sales up 6.2%
Coach Q2 North America comp's up 4%, sales down 1.8%
TJX Q2 consolidated comp's up 3%, net sales up 6%
    Marmaxx up 2%
    Home Goods up 7%
    TJX Canada up 7%
    TJX International up 1%
Dick's Sporting Goods Q2 comp's up 0.1%, net sales up 9.6%

 2017 Cargo Theft Summit - Southern California
August 22 and 23

Join us for the 3rd annual Cargo Theft Summit hosted by Travelers Insurance and National Insurance Crime Bureau. The Cargo Theft Summit provides an important opportunity for law enforcement, insurance, and private industry personnel to gain insight into local and national cargo theft issues.

The Summit offers training and networking opportunities to provide a collaborative effort to detect and deter theft.

For more information, including registration and questions, click here

All the News - One Place - One Source - One Time
The D&D Daily respects your time & doesn't filter retail's reality


Wellington Financial Provides US$4 Million in Growth Capital to Agilence to Create Greater Data-Driven Profit Opportunities from Improved Store Operations and Loss Prevention

Specialty finance firm's investment enables cloud-based platform to focus on product development and team expansion to meet the needs of retail, grocery, pharmacy, and chain restaurant establishments

MOUNT LAUREL, N.J. & TORONTO - Wellington Financial LP, a privately-held specialty finance firm, announced today a US$4 million commitment for Agilence Inc., the leading provider of cloud-based analytics for store operations and loss prevention. The new capital will be used to further develop Agilence's reporting solution that supports the mission-critical needs of some of the largest retailers, grocers, pharmacies, and chain restaurant operations in the United States. Today's news comes on the heels of Wellington's recent announcement that it has opened an office in the New York - New Jersey area.

"Many of the largest challenges facing retailers, grocers, pharmacies and others centre around operational inefficiencies and losses. Yet by identifying patterns and events within point-of-sale data, these challenges can become profit opportunities," said Amy Olah, Business Development at Wellington Financial. "Agilence delivers the actionable insights these businesses need to stay ahead of their competition. We look forward to forging a partnership with a company that boasts such a diverse client portfolio, each of whom cite Agilence's data analytics platform as an integral part of their long-term success."

As the world's leading cloud-based data analytics provider, Agilence works with more than 118 brands encompassing over 35,000 stores, including Rite Aid, L Brands, Panera Bread, and BJ's Wholesale Club, to deliver insights on performance, empowering them to make informed decisions faster, increase efficiency, and improve profit margins across the enterprise. The company's 20/20 Data Analytics platform recently expanded from a focus strictly on retail to include versions that support the individual needs of restaurants and pharmacies. Each industry-specific product variation evaluates business performance at every stage of the sales cycle while also ensuring that customers remain compliant with corporate or government standards.

Read more here.



First Half ORC Legislative Updates

ORC Legislation Passed or Passing

NC H384
Gov. Ray Cooper (D) Increase Penalties/Organized Retail Theft. AN ACT to strengthen the organized retail theft laws. Signed

TN HB0055 / TN SB0120
As enacted, enacts the "Organized Retail Crime Prevention Act." - Amends TCA Title 39, Chapter 14, Part 1. Signed (6/14/2017)

This bill creates the offense of organized retail crime, committed when a person:

(1) Works with one or more persons to commit theft of merchandise with a value exceeding $1,000 aggregated over a 90-day period with the intent to sell that property for monetary or other gain, or to fraudulently return the merchandise to a retail merchant; or
(2) Receives, possesses, or purchases merchandise or stored value cards obtained from a fraudulent return with the knowledge that the property was obtained by theft.

A "stored value card" is any card, gift card, instrument, or device issued with or without fee for the use of the cardholder to obtain money, goods, services, or anything else of value.

In a prosecution under (2) above, the trier of fact may infer from the defendant's receipt, possession, or purchase of 10 or more stored value cards in a 14-day period from the same individual or merchant that the property was obtained by theft. tnsosfiles.com

NY A03682
In Committee (1/30/2017)
Enacts the "anti-organized retail theft act"; criminalizes organized retail theft and establishes the crime of leader of an organized retail theft enterprise; relates to the authorization of jurisdiction and venue and authorized sentences for a pattern of criminal offenses; relates to the aggregated value of stolen merchandise; relates to the use of an emergency exit in the theft of property; relates to the possession of anti-security items; relates to retail sales receipt and universal product. assembly.state.ny.us

NY A06160
AN ACT to amend the penal law, in relation to the prevention of organized retail crime. In Committee

MA H3039
In Committee (1/23/2017)
SECTION 1. Section 30D of chapter 266 of the 2014 official edition of the Massachusetts Generals Laws is hereby amended by striking subsection (d) and inserting the following subsections: 4 5 6 7 8 (d) A person commits an organized retail crime by flash mob if the person, acting in concert with 6 or more persons, steals retail merchandise cumulatively valued at more than $500, and makes or receives in the course of planning or commission of the theft at least one electronic communication, including but not limited to text message, electronic mail or social media post, seeking participation in the theft. 9 10 11 A violation of this subsection shall be punished by imprisonment in a house of correction for not more than 2 1/2 years or by imprisonment in the state prison for not more than 5 years or by a fine of not more than $10,000, or by both such fine and imprisonment. malegislature.gov

Recent Bill Failures

IN HB1209
Organized retail theft. Makes it organized retail theft, a Level 5 felony. Dead/Failed/Vetoed (4/29/2017) in.gov

MD HB831
Task Force on Organized Retail Crime Rings Dead/Failed/Vetoed
Establishing the Task Force on Organized Retail Crime Rings; providing for the composition, chair, and staffing of the Task Force; prohibiting a member of the Task Force from receiving specified compensation, but authorizing the reimbursement of specified expenses; requiring the Task Force to study and make recommendations regarding specified matters; requiring the Task Force to report its findings and recommendations to specified committees of the General Assembly on or before October 1, 2018; etc. maryland.gov

MS HB743
Organized retail theft; provide definition of
Dead/Failed/Vetoed (2/28/2017)

An Act To Amend Section 97-43-3, Mississippi Code Of 1972, To Add The Definition Of "organized Retail Theft"; To Bring Forward Section 97-43-3.1, Mississippi Code Of 1972, Which Provide The Penalty For Organized Retail Theft; And For Related Purposes. billstatus.ls.state.ms.us


Cost of insider threats vs. investment in proactive education and technology
Executives need to know how much of a negative effect poor security can have on the bottom-line (net profit). Essentially, investment into cybersecurity is an investment in risk mitigation; increased revenue should not be the expectation. Instead preservation of capital and assets is what should be expected. With that understanding they can make a comparison of what may be needed to cover cybersecurity efforts. While the C-suite is often mentioned as a collective, when it comes to financial and information technology matters, decisions are influenced most by the CFO, CEO, and CIO. The best dichotomy to present to executives is the cost of insider incidents against the costs of proactive education and technology software.

The Ponemon Institute released a report in late 2016 that providing some alarming numbers about the costs on insider threats. According to that report the average cost of just one insider incident is $206,000. Throughout the course of a year the cost averaged out to be around $4.3 million. These numbers change depending on the size of the organization, with large enterprises paying out the most to resolve an insider incident at $7.8 million. Some of the indirect costs were calculated on estimations, the actual costs for an enterprise could be significantly higher.

The report also detailed a surprise about who was the largest contributor of these insider incidents. Most suspect either a malicious insider or credential theft victims. However, the most frequent perpetrator 68% of time was the negligent insider. This detail about who causes insider incidents lends support to the need for investment in security training and preventative technology.

The same report from the Ponemon Institute also was thoughtful enough to analyze the costs of proactive measures for large enterprises. For cybersecurity awareness training programs, large enterprises were spending roughly $4 million annually. This cost may seem high but is still $300,000 less than the average cost of a data breach, or $3.8 million less than the average cost of a breach for large enterprises. Given that insider threat is mainly driven by negligence, cybersecurity awareness training provides an excellent payback in savings for an organization. csoonline.com

Amazon Tackles Security of Data in S3 Storage
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.

Amazon today announced a new security service built to identify, classify, and protect sensitive data stored in AWS from leaks, breaches, and unauthorized access, with Amazon Simple Storage Service (S3) being the initial data store.

S3 appeals to organizations due to its simplicity: It's easy for users to sort their software and services data into "buckets" in the cloud. But the catch is that it's equally easy for users to misconfigure permissions and leave data exposed, as evidenced in high-profile data leaks affecting Verizon, the WWE, Republican National Committee, and Scottrade earlier this year.

Amazon's new Macie service was not created in response to this year's S3 leaks, but could help address similar incidents by alerting security teams to events like misconfigured bucket permissions, which led to the Deep Root Analytics leak.

The service finds and classifies data stored in S3, gives each data object a business value, and monitors for suspicious activity based on user authentications to data, times of access, and data access locations, according to Amazon. darkreading.com

Behavioral Science Provides Insights for Ethics, Compliance
Behavioral science can help organizations improve their ethics and compliance programs, but wading through the academic prose of such research reports can make them less useful to the people tasked with overseeing those programs. A new e-book from Ethical Systems, a collaboration of researchers that promote ethical business culture, highlights the latest insights from the behavioral science field and provides action points for organizations to incorporate any lessons that are learned.

The book is presented as a conversation between Ethical Systems Chief Executive Azish Filabi and Jeff Kaplan, partner in the law firm Kaplan & Walker LLP. "Behavioral ethicists continue to conduct experiments to better understand individual decision-making when it comes to ethics, and what influences their decisions," said Ms. Filabi in the book. Mr. Kaplan states in the book that the challenge to having effective compliance and ethics programs in organizations "is more about the 'will' than the 'way.'" wsj.com

What CISOs Need to Know about the Psychology behind Security Analysis
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.

Even if you have dozens of point security products, security analysts are still your final line of defense. You tasked them with evaluating the thousands of events your security products generate to determine if something harmful is lurking in your environment. This is a daunting responsibility in the face of expanding data volumes.

To put it into perspective, a recent Ponemon Study shows that in a typical week, an organization may receive 17,000 malware alerts. If the company has three to five dedicated security analysts, each would have to review nearly 3,000 to 5,000 alerts per week.

The process of investigating each security alert tends to be boring, but the volume of such events continues to increase at an unprecedented rate. Hiring to keep up isn't a viable option because of skill-set and budget constraints. As a result, analysts are overwhelmed with the number of alerts they must process every day. This fatigue leads to individuals rushing through investigations, with a strong tendency to skip key steps, thus increasing the probability of missed breaches.

The nature of security operations (SecOps) is that the system evaluates millions or billions of events each day, and only a tiny percentage are suspect. Of those, analysts review thousands and only a few merit further escalation. Boredom leads to complacency, which leads to low job satisfaction, contributing to lower performance and higher attrition. The key is to automate much of the routine workflow, so that you keep analysts focused on investigating real problems.

Cognitive Biases
The third weakness is micro in nature: the cognitive biases that all humans struggle with in making diagnoses and prescribing solutions. Cognitive bias is an area of study that often arises in the context of financial trading and medical diagnosing. It is relevant in the area of cybersecurity because it has implications in terms of not only how many evaluations can be made per time, but also of the quality of those evaluations. Security analysts face the following cognitive biases:

Anchoring is the tendency to rely too heavily, or "anchor," on one trait or piece of information when making decisions (usually the first piece of information acquired on a subject). It's not uncommon for SecOps teams to inadvertently have a narrow focus on daily activities. Hence, they may miss intrusions because they anchored on the likely source of a given pattern in the data and didn't consider every alternative.

Availability heuristics
 refers to the tendency to overestimate the likelihood of events with greater "availability" in memory, which can be influenced by how recent the memories are or how unusual or emotionally charged they may be. One of the issues we return to often is that there is so much data to evaluate that a holistic view of the threat landscape is impossible for a single person to hold in his or her head. Another issue is that analysts will make inferences about the entirety of the data set based only on the events they've reviewed.

Confirmation bias
is the tendency to search for, interpret, focus on, and remember information in a way that confirms one's preconceptions. An example of this is in the most boring data set anyone could imagine: VPC Flow logs. I recently challenged one of our teams to find intrusion patterns in a data set of VPC logs and immediately got the response, "Of course there won't be anything in there - there never is." When we looked, we found some servers that were wide open to public scanning, as well as some other problems. It's critical to always check and check again. 

Clustering illusion is the tendency to overestimate the importance of small runs, streaks, or clusters in large samples of random data (that is, seeing phantom patterns). It's hard to get people to think in terms of statistical significance, even with the aid of powerful tools. So it's not surprising when SecOps teams become convinced there is something there when there isn't. Other biases lead to false negatives, while the clustering illusion leads to false positives.

Inattentional blindness is the failure to notice something in plain sight because of cognitive overload. For security analysts, the excessive stimulus is the volume of data to sift through. During the alert triage process, there is a tendency to rely on mental shortcuts that effectively cause analysts to miss obvious critical signals.

Part 2 Tomorrow - Overcoming the Sheer Numbers & Boredom  darkreading.com

WannaCry Hero Hutchins Pleads Not Guilty


Public Wi-Fi: Are You Safe When You Surf the Web?

Recently a colleague of mine told me his organization fell victim to an email spoofing scam. His corporate email login was compromised while using public WiFi at a hotel, and the crooks successfully conned his finance department into changing a wire transfer to their account, all the while impersonating him.

Public WiFi hotspots like the ones we use at hotels, airports or Starbucks offer no encryption security. Someone with very little computer skills can easily eavesdrop on your communications (or your team members') and even steal your log in credentials.

One possible solution? VPN - Virtual Private Network. If your company currently does not use one, you can purchase it for as little as $5 a month per user. A VPN will encrypt your activities and keep you safe on the go.


Blockchain Gears Up To Conquer Ad Tech, Fraud
The digital advertising realm is riddled with complexities and fraud, brought upon by intermediaries and hackers that ultimately put consumer privacy at risk. Blockchain technology shows immense potential in getting rid of these problems and changing advertising as we know it.

Perhaps the most widespread application for blockchain today is for securing the supply chain. Intermediaries can manipulate inventory, leading to inaccuracies and thousands, if not millions, of dollars lost. Third parties like ad-blockers also cause advertisers to invest money only to fail in reaching their desired audience.

By adopting blockchain technology, publishers and advertisers can use their unique blockchain keys to verify transactions. This prevents disreputable resellers from tricking buyers to purchase ads on clones of popular URLs. By looking at blockchain keys instead of domain names, all parties can trace back to the genuine source of the transaction and avoid scams. huffingtonpost.com

The Costs of Mobile Payment Fraud and How to Avoid It
Online and mobile fraud was valued at $10.7 billion in 2015, according to Juniper Research, and is projected to reach $25.6 billion by the end of the decade. The level of fraud as a percentage of retail revenues grew from 1.32 percent in 2015 to 1.47 percent in 2016, according to LexisNexis' 2016 True Cost of Fraud Report, with every dollar of fraud costing merchants $2.40, as opposed to $2.23 in 2015, as a result of chargebacks and their associated fees, as well as merchandise replacement costs. Furthermore, the merchant suffers from decreased customer trust, negatively affecting online and mobile sales.

How should merchants protect themselves?

While mobile fraud may be on the rise, so is the awareness of the specific challenges merchants must address to protect themselves and their customers. The following are a number of best practices for m-commerce retailers to implement in their fight against mobile fraud:

1. Distinguish between e-commerce and m-commerce.
2. Implement PCI DSS Level 1 security standards.
3. Use multi-factor authentication.
4. Track customer behavior and set velocity limits. business.com

Amazon ranks first for back-to-school shoppers

Back-to-School Online Shopping: More Transactions, More Spend

U.S. E-Commerce will Account for 17% of Total Retail by 2022: Report

Oklahoma City, OK: Woman uses fake ID to steal $94K of diamonds

This woman interfered with a shipment of diamonds, and had the shipment sent to a location in OKC. She then used a fake ID to pick up nearly $94,000 worth of diamonds.

Please help the Oklahoma City Police Department catch this diamond thief! Call Crime Stoppers at (405) 235-7300 or submit a tip online at OKCCrimeTips.com (Case #17-64571)

New Jersey Couple Steals Enough Lowe's Merchandise, Including $2,500 in Underwear, to Fill an 18 ft Trailer; exploited "weaknesses" in website
A New Jersey couple has been arrested for allegedly exploiting insecurity in the Lowe's home improvement website to have merchandise -- from a gazebo to a lawn mower to $2,500 in Victoria Secret underwear -- to their Brick Township home without paying. Romela and Kimy Velazquez allegedly tried to have nearly $260,000 in Lowe's items sent to their home, and managed to receive nearly $13,000 worth of merchandise without paying before the alleged fraud was uncovered.

According to prosecutors, who announced the arrests Tuesday, a Lowe's retail crime manager alerted authorities to the alleged scheme, which 24-year-old Romela Velazquez is accused of orchestrating. Romela Velazquez took advantage of "weaknesses" in Lowe's website to have the items shipped, then posted photos of the stolen pieces to a local "Buy and Sell" Facebook group, often listing the items as "new" for half price, authorities allege. When a team of agencies searched the couple's home earlier this month, prosecutors say they recovered enough stolen merchandise to fill an 18-foot trailer. Detectives at the scene said the home looked more like a warehouse than a residence.

Romela Velazquez was taken into custody and released Aug. 4 after her first court appearance on charges of computer criminal activity and theft by deception. Her 40-year-old husband is charged with receipt of stolen property and fencing, which means he is accused of knowingly buying stolen goods in order to resell them for a profit. nbcnewyork.com

Louisville, KY: Cricket Wireless employee busted for theft of $6,800 in phones
An arrest warrant says Sanchez had been working at a Cricket Wireless when the store manager noticed some of the display phones were missing. A check of the inventory revealed that many more phones unaccounted for. The total of the missing merchandise was $6,800. A review of the video surveillance showed Sanchez leaving the store with a number of phones in a bag on July 11 and again on July 16. When called by her employer, Sanchez admitted to taking and selling the phones.

Salem, NH: Two 18 yr old females busted at Macy's with thousands in merchandise
On Saturday just before 8 p.m., a Salem police officer who was working a detail at the Mall at Rockingham Park called for backup, saying he was trying to catch two women believed to have shoplifted from Macy's. Police later stopped three females (one female who was not involved was released). Police conducted a search and found many items of clothing that appeared to be new, with the price tags still on. Lewis and Jones are facing a charge of organized retail crime enterprise. wmur.com

Lower Macungie Township, PA: Police Charge NY Man in $600 Baby Formula Theft
A New York City man is facing shoplifting charges for allegedly stealing nearly $600 worth of baby formula from a Lehigh County Costco in a scheme police said he also tried in Montgomery County. PA State Police charged Jun Lin with misdemeanor counts of retail theft and conspiracy in connection to an alleged theft from the Hamilton Crossings Costco in March. He was arrested last week on an outstanding warrant filed by state police in June. The general manager of the Costco in Lower Macungie Township reported to state police about a shoplifting case from the King of Prussia location that matched an incident caught on his store's surveillance video. Lin was working with a female suspect who would make a small dollar purchase, pass the receipt off to Lin who would load a cart with formula and walk past the greeter/security flashing the receipt, hoping they would not stop him to check. wfmz.com

Dauphin County, PA: Three guys dressed as Animals steal $500 in merchandise from Walmart
Police have charged three men who were dressed as animals with retail theft in Harrisburg. Lamar Wall, Dangelo Manns, and Jahsahn Dickson are facing retail theft and criminal conspiracy charges after allegedly stealing over $500 worth of merchandise. Upon arrival, police found the three suspects dressed as a Bull, a Werewolf and a Gorilla with $561.86 worth of merchandise in a dufflebag. fox43.com

Please join the San Diego Organized Retail Crime Alliance for an upcoming meeting at the Carlsbad Police Department. The meeting will begin at 9:30 a.m. on August 22nd and will include refreshments. Please bring any current case information you would like to discuss with the group. This will also be a great opportunity to network with Law Enforcement and Retail Investigators in the area.

If you are interested in participating, please email Chris Arbeene at chris_arbeene@anfcorp.com for further details.

Vernon, FL: Three Alabama women arrested after stealing from patio of Dollar General

Police across Michigan battling rash of wheel, tire theft

Submit your ORC Association News

Visit the ORC Resource Center


Charges & Sentencings

Baltimore, MD: Surveillance Video Released, No Charges For Off-Duty Officer Who Shot and killed Shoplifter
Baltimore County prosecutors now say an off-duty police officer was acting in self-defense when he fatally shot a man outside a Catonsville grocery store earlier this month. Surveillance footage has been released of the incident authorities say shows the shooting was justified. The county's top prosecutor says the video should leave little doubt the officer had no other option than to shoot Clapp. Authorities say the surveillance footage reveals why a police-involved shooting is justified.

New York, NY: Robbery Ringleader sentenced for recruiting teens to cellphone store heists in Flushing and Howard Beach
A Brooklyn man has been sentenced after orchestrating nearly a dozen cellphone store robberies spanning the course of a year, including two in Flushing and Howard Beach. Arthur Sam, otherwise known as "16," was sentenced on Aug. 11 to 10 years in prison. The sentence also included a term of three years of supervised release and $304,179 in restitution.

Warren, OH: Fencing Operation: Man receives 4 years in fencing case
A man charged with conspiracy in a fencing operation that was broken more than seven years ago received a four-year prison sentence Monday after pleading guilty to 11 felony charges of a 22-count indictment. Robert Karpenko, 44, pleaded guilty to two counts of conspiracy to engage in a pattern of corrupt activity, six counts of receiving stolen property and single charges each of breaking and entering, vandalism and grand theft. Eleven other charges, including nine more counts of receiving stolen property, were dismissed by prosecutors in the plea deal. Karpenko's case was delayed because he was doing a lengthy prison term in Florida.

Urbana, IL: Man accused of using relative's identity to buy $4,000 in jewelry from Kay Jewelers
A Fisher man is due back in court Sept. 5 after being charged with two counts of identity theft at a Champaign jewelry store. Michael E. Brock, 50, was charged Monday with two counts of felony identity theft between $2,000 and $10,000. According to a police report, an officer was dispatched to Kay Jewelers at Market Place Shopping Center on Aug. 7. An employee told police she was directed by the store's fraud investigator to tell them about a June 20 incident in which she said she assisted Brock with filling out a credit application that turned out to be in the name of a family member. After the credit application was approved, Brock proceeded to buy about $4,000 of jewelry. An investigator for the jewelry chain later discovered the identity theft. After police arrested Brock, he allegedly admitted to opening the credit card account in a relative's name.

San Jose, CA: Murder charge in shooting of Evergreen liquor-store owner

Brooklyn, NY: Robbery ringleader sentenced for recruiting teens to cellphone store heists

Winston-Salem, NC: Woman indicted on 1st-degree murder in fatal shooting of gas station manager

Robberies & Thefts

Stanton, CA: $3,000 to $5,000 Worth of Jewelry Stolen in Smash-and-Grab Robbery
Four men used sledge hammers and stole jewelry worth thousands of dollars Monday in a smash and grab robbery of a vendor at the Indoor Swapmeet of Stanton. The rapid heist occurred about 6:15 p.m. at Grace Jewelry, a vendor at the swap meet at the intersection of Beach Boulevard and Cerritos Avenue.

Janesville, WI: Woman arrested in connection to over a dozen Burglaries in last few weeks
Clawson, 25, was caught red handed breaking into a bar, but the uncooperative suspect refused to listen to police. 'Fred', the Police K9 bit her on the arm and she was taken into custody. Along with the 12+ Burglaries, Clawson was charged on Aug. 8 with Retail Theft/ Obstructing at Kohl's.

Update - Beaufort County, SC: Police release photo of Sunglass Hut suspects; $1,720 in merchandise
The pair was seen on surveillance footage entering the store around 4 p.m. and leaving 20 minutes later with six pairs of sunglasses. They may also be responsible for a similar theft by another Sunglass Hut store in Savannah.

UK: Derbyshire: Burglars destroy the wall of a Grocery Store with a Fork Lift to steal an ATM
CCTV footage has been released by police of a gang stealing a cash machine from a supermarket. It shows the gang arrive with a car, a 4x4 towing a trailer and a telescopic handler on Thursday, August 3.

Long Island, NY: Kohl's Shoplifter makes it easy on Police, left cellphone behind after attempted assault with a bike chain on LP

Allentown, PA: Man charged in 4 area Robberies in past 3 weeks; Speedway, Gulf, KFC and CVS

Piercing Pagoda in the Sunvalley Mal, Concord, CA reported an Attempted Burglary on 8/11

Zales Outlet in The Loop, Kissimmee, FL reported a Grab & Run on 8/14, item valued at $7,999

Bomb Threat

Jefferson, NC: Another Walmart bomb threat


Advance Auto - Dayton, OH - Armed Robbery
Cabela's - Woodbury, MN - Robbery
Casey's General - Fargo, ND - Armed Robbery
Citgo - Warwick, PA - Armed Robbery
Dollar General - Duson, LA - Armed Robbery
Fruita's Co-Op - Mesa County, CO - Robbery
Grace Jewelers - Stanton, CA - Robbery
Jerry's One Stop - Lincoln County, NC - Armed Robbery
Maplefields - Colchester, VT - Armed Robbery
Metro PCS - New York, NY - Armed Robbery
Park Grocery - Rock Hill, SC - Armed Robbery
Piercing Pagoda - Concord, CA - Burglary
Sprint - Yonkers, NY - Armed Robbery
T- Mobile - Valparaiso, IN - Armed Robbery
Walgreens - Laguna Niguel, CA - Burglary
7-Eleven - Waco, TX - Armed Robbery


Daily Totals:
14 robberies
2 burglaries
0 shootings
0 killed



Kamron Horn
named Loss Prevention Manager for Gap Inc/Old Navy

Brad Buckley
named Distribution Center Regional LP Manager for TJX Companies

Carlos Vidot
promoted to Market Investigator in Region 1 for JCPenney

Mark McDermott
named Market Investigator for JCPenney
Chris Frederick named Loss Prevention Training Specialist for TJX Companies

Submit Your New Hires/Promotions or New Position

Featured Job Spotlights


Director of Loss Prevention- West Zone- Gap
San Francisco, California

The Director of Loss Prevention is an enthusiastic, customer obsessed, and results oriented security and protection professional. Responsible for ensuring all company directed shortage and safety programs are implemented and executed...

Director of Risk Management
San Francisco, CA

The Director of Risk Management will lead a team of Loss Prevention Managers to work closely with the field organization and distribution center in the areas of loss prevention, risk management, data analysis, auditing, and the training and implementation of awareness programs...

Loss Prevention Director
St. Louis, MO

The Loss Prevention Director is on the front line of defense to identify and prevent theft of cash and merchandise. Responsible for the investigation and detection of coworker and vendor activity that would cause a loss to Company assets and assists in implementing and maintaining awareness programs or audits relating to shortage, theft prevention, inventory control and safety...

Director, EHS & Loss Prevention
Irving, TX

• Strengthen and develop a strong safety culture in the company with the goal of all employees recognizing their role in "everyone going home safe."
• Directs LP Compliance activities to monitor and audit internal and external theft cases to ensure policy and procedure compliance and reporting accuracy...

Manager, Physical Corporate Security
Jacksonville, FL
The Manager, Corporate Security will oversee all aspects of the company's physical security strategy for retail stores, warehouses, and store support center and field offices. This includes responsibility for the capital expense and repair budgets, developing written specifications, layout and design for all systems and to ensure all installations and repairs are made to SEG standards...

Regional Loss Prevention Manager
Irvine, CA

• Conducts internal investigations related to theft, business abuse, and safety violations by conducting interviews, determining course of action, and writing reports.
• Formal interview training, i.e. Wicklander-Zulawski or Reid Techniques.
• Monitors compliance with loss prevention policies and programs including routine audits/checklists for internal/external controls...

District Asset Protection Manager
Baltimore, MD

The District Asset Protection Manager is responsible for driving Weis Markets' objectives in profit and loss controls, physical security, investigations, safety and shrink in an assigned market [Baltimore Metro / 11 stores]. Objectives must be accomplished through building effective partnerships and directing the organization with integrity and professionalism...

Safety and Loss Prevention Manager (Northeast)
New York, NY
The Safety and Loss Prevention Manager is responsible for the design and development of Domino's store safety, security and loss prevention programs and policies for all corporate owned stores (over 400 stores). The Safety and Loss Prevention Manager will manage a team of 3 Regional Safety and Loss Prevention team members and oversee 8 regional markets...

Featured Jobs

To apply to any of today's Featured Jobs, Click Here


Today's Daily Job Postings from all around the net - Appearing today only

To apply to today's Internet Jobs, Click Here

Sponsor Today's Internet Jobs 


Submit Your Group LP Selfie Today!



What Makes a Great Boss

Don't Underestimate the Power of Positive Leadership  Good leadership transforms into great leadership when you add in strong positivity. While strength, discipline and organization are great qualities to have, nothing can influence a team quite like positivity. Here's how you can gain and use it to unite your team. Positive leadership is a state of action

10 Best Boss Traits
I think everyone knows a bad boss when they see one. Chances are, you've probably worked for one, but what makes a great boss? What makes employees stick around for a great leader? Here are the top 10 best boss traits. Stand in your team's shoes

Want to Be a Remarkably Likable Boss? These 7 Simple Habits Will Get You There  One of the harder things for leaders to manage is how to carry themselves so they are a likable boss but also able to accomplish their goals and meet landmarks. If you're looking for help on being a likable yet effective leader, here are 7 habits you'll want to incorporate. Make time for people

What I Learned from Having a Great Boss  If you've ever had a great boss, you've been very lucky. The path to becoming a boss often doesn't prepare someone for that role, so great bosses are certainly a great thing to have. Here's how having a great boss can impact others. Push Yourself

Sometimes the best reaction is no reaction, as the old expression "Silence is Golden" is more applicable than most think. Especially in a situation where you're unfamiliar with the surroundings, the people, the cultural beliefs, or the boundaries. The key is having the self-discipline not to react or speak. It can help prevent you from going too far or showing anger and it just might keep you from destroying a relationship or your reputation. Reacting is easy - listening and biding your time isn't.

Just a Thought,
Gus Downing

We want to post your tips or advice... Click here

Please make sure to add d-ddaily@downing-downing.com to your contact list, address book, trusted sender list, and/or company whitelist to ensure you receive our newsletter. 

FEEDBACK    /    www.downing-downing.com    /    Advertise with The D&D Daily