The D&D Daily Mobile Edition
LP, AP & IT Security's #1 News Source

Keith White, SVP LP for Gap Inc., promoted to Executive Vice President and will now lead Loss Prevention (LP) and Global Sustainability
Keith is an inspirational leader who truly embodies the Gap Inc. values. He has a passion for the work Gap Inc. is doing with sustainability and is adept at leading large global teams.

At the core of who Gap Inc. is as a company are their values. They believe in access to opportunity and protecting and preserving the world in which we all live and operate. As they continue to expand their work in those areas, and their business needs they've separated Global Sustainability, Gap Foundation and Government Affairs into three distinct functions. While they have separated those functions to ensure they have a more dedicated focus in their respective areas, there will still be a high level of cross-functional collaboration among these groups in order to tell their larger values and sustainability story.

These changes are designed to provide Gap Foundation, Sustainability and Government Affairs teams with more leadership, and more focus with their individual missions.

Congratulations Keith in being named to lead this effort.

Submit Your New Corporate Hires/Promotions
or New Position 

Top Industry News
 

A former sporting goods store manager was charged Thursday with felony embezzlement, accused of stealing thousands of dollars of products and selling them online.

Brandon Mace, 45, worked as an Academy Sports + Outdoors store manager until this past summer when he was confronted by company officials with evidence that he was allegedly behind the thefts and sales. Mace was charged in Oklahoma County District Court Thursday with two counts of felony embezzlement. Read more

For further information on PROACT, email inquiries to PROACT@eBay.com.

Is Privacy Evolving? Experts Weigh In

By Jesse Davis West
Director of Content Marketing, FaceFirst Face Recognition Software

Earlier this year, Amazon unveiled a service called Amazon Key, in which delivery people are given a key to enter customers’ apartments without the customer being at home. More recently, the service expanded to car delivery. Is this a sign that we’ve entered a post-privacy era, or has the definition of privacy merely changed?

To shed light on how privacy is evolving, I asked several technology and privacy leaders their opinions. Here’s what they had to say:

“We’re currently in the midst of a massive shift in the way that we interact with technology. With the end goal in mind being that technology will help get us from point A to Z in all facets of our lives, we are living in a time where humans still need to “fill in the gaps” where technology hasn’t yet been fully integrated. The Amazon Key is a great example of this. It is not the end goal of Amazon to offer a service allowing delivery people into their homes. Rather, Amazon is merely using the human delivery drivers as the beta version of what they have in mind for the future — end-to-end robotic delivery. By offering Amazon Key early, Amazon kills two birds with one stone. First, they’re able to offer a better delivery service. They don’t have to spend time sending out drivers to recipients who weren’t home and they don’t have to pay to replace stolen/misplaced packages. Second, they’re preparing people for the future, where this type of service will be normalized and taken over through means of a robot and/or drone, rather than human. We’ve entered an era where the definition of privacy has changed and will continue to change as technology catches up.” -Dan Scalco, Owner, Digitalux

“I wouldn’t characterize it that way. I think it’s more fair to look at it in terms of value exchange. What kind of privacy are consumers willing to give up, and what are they asking for in return in order to give up their privacy? Consumers have always been willing to give up their privacy, as long as they feel like they are getting something out of the exchange. In the case of Amazon Key, with the rise of “porch pirates” (people stealing boxes off of people’s front porches), some consumers are willing to give up the overall security of their home in order to continue the convenience of having products delivered to their house. If porch piracy was a non-issue, then I don’t think people would be as interested in letting delivery people open their front doors.” -Nikki Baird, Vice President of Retail Innovation, Aptos

Click here to read more expert opinions.

Dunkin' Donuts accounts may have been hacked in credential stuffing attack
Hackers targeted DD Perks customer rewards program
Dunkin', the company behind the Dunkin' Donuts franchise, has notified owners of DD Perks rewards accounts that a hacker might have accessed their profiles and personal data last month.

The company said it didn't suffer an actual breach of its backend systems but only fell victim to an automated attack known in the cyber-security field as a credential stuffing attack.

"Third-parties who obtained DD Perks account holders' usernames and passwords through other companies' or organizations' security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts," a Dunkin' Donuts spokesperson told ZDNet today.

The company said it learned of the attack from one of its security vendors, which, Dunkin' said "was successful in stopping most of these attempts." zdnet.com

U.S. Congressman Says Internet Bill of Rights Will Not Follow EU Model
Once Democrats take over the House in January, some members of the new majority will make a foray into rule-making for the internet.

Rep. Ro Khanna (D-Calif.), who developed 10 principles he dubbed the Internet Bill of Rights, said he expects the House to pass an internet regulation bill in the next two-year session. Whether it becomes law is an open question.

"I think my Internet Bill of Rights is more consistent with American constitutional law and leaves more space for innovation," Khanna said in an interview earlier this month.

Allowing for innovation is a key element of any proposed internet legislation, Khanna said, if the U.S. is to maintain its status as the incubator of the world's most successful technology companies.

"There's a reason Europe hasn't produced any great tech companies and really hasn't led in technology," he said, citing regulations that are "overbroad and overprescriptive," compared with the "more nuanced and better crafted" laws in this country. "We need to make sure that any Internet Bill of Rights allows for innovation and is also respectful of the First Amendment."

Legislative changes in the United States, which is home to the largest internet companies, could have a profound effect on how enterprises can operate online. A Silicon Valley Democrat, Khanna represents an important view, as his party ascends to the majority in one chamber of Congress. But progress on legislative has been slow, despite ample evidence that regulation is needed. techtarget.com

Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues
Retail’s State of Software Security Receives High Marks – Yet There’s More to be Done
The good news is Veracode’s State of Software Security Volume 9 (SOSS Vol. 9) found that retail is faster than most industries – second only to healthcare – when it comes to addressing common vulnerabilities found in software, thereby reducing risk exposure. Through our flaw persistence analysis, or how long a flaw lingers after first discovery, we found that the retail industry remediates a quarter of its vulnerabilities in 14 days, and 50 percent of flaws in 64 days. Retail outpaced the average fix speed at every interval across all industries, keeping consistent with its urgency to close vulnerabilities.

However, two-thirds (66 percent) of applications retailers use are at risk from information leakage attacks. This means that an application may reveal sensitive data that an attacker can then use to exploit the web application, its hosting network, or the user. Retail reported the third-most information leakage issues after technology and financial services. SOSS Vol. 9 also shows that the retail industry has the highest number of code quality flaws when compared to all other verticals at 65 percent. Code quality is the third most common vulnerability category across the board, following information leakage and cryptographic issues, suggesting that developing quality, secure code is an industry-wide issue for the retail sector.

Secure Software Development Education and the Skills Gap

It is estimated 3.5 million cybersecurity jobs will go unfilled by the year 2020. Our research shows 76 percent of developers say that security and secure development education is necessary – but not offered in current curriculums – so this hardly comes as a surprise. The onus falls on organizations such as retailers to ensure that their development teams are receiving the education necessary, and are equipped with the appropriate tooling, to make security a priority in the software development process.

As the retail industry offers new ways to buy, pick up, and ship goods, it is also increasing the threat landscape by producing a wider portfolio of web applications. It will be critical for them to ensure their developers have what they need to keep their systems and their customers’ sensitive information safe from potential cyber attacks. securityboulevard.com

Who's the Weakest Link in Your Supply Chain?
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.

Do you know how many third parties your organization works with?

If not, you're not alone: Only 34% of companies have a comprehensive inventory of all third party suppliers they work with, according to a survey of 1,038 professionals across multiple industries in the US and UK, according to the recently released "Data Risk in the Third-Party Ecosystem" report conducted by The Ponemon Institute and commissioned by Opus.

Third party breaches are significant and in the US at least, they are growing. (This is the first year UK respondents were polled, so no earlier data exists for comparison in that region). In the US, 61% of businesses have had a third-party breach, up 5% from last year and 12% from 2016.

More than three-quarters of respondents say the number of third-party security incidents involving vendors is going up, researchers found. Part of the reason is greater reliance on them: in the US, the number of third party suppliers increased 25% over 2017 and sits at an average of 583.

However, companies struggle to keep an inventory of all their suppliers due to a lack of centralized control (69%) and the complexity of these relationships. Only 15% know how their information is accessed and processed by the companies they work with, and only 28% receive notifications when their information is shared with a third party, researchers report.  darkreading.com

Majority of holiday shoppers concerned about identity theft
Retailers will end up on consumers’ naughty lists this holiday season if they don’t protect their personal data. This was according to new data from Generali Global Assistance (GCA), which reported that 71% of shoppers are concerned that their financial and personal information could be compromised due to data breaches while shopping for holiday gifts.

This holiday season, most (65%) plan to shop in brick-and-mortar stores, online via a laptop / desktop computer (59%), and through mobile devices (36%). Regardless of their preferred shopping method, 33% of consumers don’t believe businesses are doing all they can to protect their personal information; another 33% said they are unsure if businesses are doing enough. This was a decrease of 7% and 5%, respectively from 2017.

Moreover, if a retailer experienced a data breach in the past, 83% of shoppers feel concerned making an online or in-store purchase at that retailer.

When it comes to identity theft, data breaches from online merchants (51%) far outweighed other risks on shoppers’ minds. Twenty percent believed brick-and-mortar point-of-sale systems cause a threat to identity theft, while 15% feared their identity theft could result from being pick-pocketed or robbed. Ten percent feared it would result from having their car broken into. chainstoreage.com

e-commerce
Sponsored by The Zellman Group

Shazam!
Experts Fell For a Fake Product From A Nonexistent Company In A Fraud Test
Cyber security pros and risk analysts should be better than the average person at detecting fraud, but a little over three percent submitted their personal identification information to sign up for an app described as “Shazam for voice identification.”

Credit Trulioo, a global identity and business verification company, which launched an online fraud experiment to evoke some interest around International Fraud Awareness Week.

So Trulioo set out to learn whether fraudsters, under the guise of a fake company, offering a fake product, could convince internet users to disclose their personal information.

Trulioo ran a week-long campaign that delivered ads to compliance professionals, fraud and risk analysts, and other individuals who showed an interest in data privacy, cybersecurity and technology, and may even have had credentials. They were directed to a fake company’s web page where visitors were asked to sign up for Audentity by providing their personal information including name and email addresses. None of the information was recorded or stored, unfortunately eliminating the possibility of followup interviews.

The campaign resulted in a total of 2,139 unique visits to the fictitious company’s website. Of those visitors, 66 people completed the sign-up form. forbes.com

Research shows consumers are worried about online fraud
Earlier this year, identity verification and fraud prevention firm IDology conducted a survey of U.S. consumers focusing on their concerns about online fraud. Most respondents — 57 percent — said they were more worried that their personal information would be compromised than they had been a year ago; 83 percent indicated extreme to moderate concern that their identities would be used to fraudulently open accounts.

The study also disclosed a significant disconnect between what worries consumers and what, at least so far, they’re willing to do about it: 45 percent of respondents said they write their passwords down (almost always on some sort of device that can be hacked) and 73 percent never change them.

“That surprised us,” says Christine Luttrell, IDology’s vice president of client solutions, product and marketing, “especially with all the publicity about account takeovers and data breaches and so on. There’s something on the news about this practically every day. We see it, and we thought all this awareness would give rise to a higher level of caution. But we were wrong. People are still not changing their passwords.”

Luttrell attributes much of this to sheer human nature. People don’t like to change their habits, and they tend to avoid doing so until something personally impacts them. stores.org

eBay polishes plans for online second-hand luxury watch market

Electronic Identity Verification (eIDV) reduces ecommerce fraud by 90+ percent

Chanel Is Suing Two Popular Resale Companies for Allegedly Selling Counterfeit Bags
 

ORC News
Sponsored by Auror
 

Butte, MT: Man arrested for tool thefts from Ace Hardware and True Value
A 27-year-old man was arrested on Tuesday for allegedly attempting to steal from both ACE Hardware and True Value stores. Around 5:30 p.m., police received a call from True Value and Stokes store employees that informed them Austin Campbell had attempted to steal from their building. Police said the employees had found Campbell trying to steal drills and power tools and attempted to stop him, when he took off running. Employees reportedly pursued Campbell on foot and were able to stop him near the Civic Center. When officers arrived, they took Campbell into custody. mstandard.com

Update: Newport Beach, CA: 2 More Thieves Wanted In Louis Vuitton Handbag Heist From Neiman Marcus
Two more men are wanted Thursday in connection with the theft of $20,000 worth of Louis Vuitton handbags from the Neiman Marcus. Police say four suspects had stolen the bags from Neiman Marcus on Tuesday at about 4:20 p.m. and were driven away by a fifth suspect who was waiting in a vehicle nearby. Less than two hours later, three of the five suspects were found at a pawn shop in Los Angeles. cbslocal.com

Adelaide, Australia: Brazen $30,000 Lego burglary caught on camera at toy stores
Security cameras have captured robberies at two Adelaide toy stores where close to $30,000 worth of Lego was stolen, a little over three weeks from Christmas. Thieves cleared out Laygo on South Road in St Marys in the early hours of yesterday morning, two days after Daw Park's Toys R Go was targeted. Laygo store owner Steve Campbell said the bandits "emptied and destroyed his shelves". The pair used a crow bar to smash their way into the business, before kicking down the door and making off with 100 sets of Lego, valued at around $10,000. The brazen robbery also comes after a vintage and collectables toy shop was broken into on Goodwood Road at Daw Park on Sunday evening. Sixty-nine of the store's most expensive and rare Lego sets were stolen in the break-in. 9news.com.au

Guelph, Ontario, Canada: Shoplifter brings suitcase to steal drones and cold medicine valued at over $5,000
A 26-year-old Guelph man has been charged with theft under $5,000 after police say he brought his own suitcase to a store Wednesday night and shoplifted a number of items. Police say they were called to a store on Woodlawn Road at 10:34 p.m. Wednesday. Police did not name the business. Officers learned the man had filled the suitcase with two drones, cold medicine, camping equipment and some beverages. Police confronted the man "as he was on conditions not to be in the business from previous charges." cbc.ca

New Hartford, CT: JC Penney Associate and 2 others charged in $2,800 theft of merchandise

Milford, CT: Man arrested for $700 Shoplifting from Victoria’s Secret and Bath & Body Works

UK: Dunfermline, Scotland: Romanian perfume thief busted with foil-lined backpack, nearly $2,000 of merchandise recovered; sentenced to 8 months in jail

Retail Crime News
Sponsored by Security Resources
 

Home of the Industry's Original
On the Move
 

Submit Your New Hires/Promotions
or New Position
See all the Industry Movement

Featured Job Listings
Sponsored by Delta Lock
Feature Your Job Here For 30 Days -
70% Aren't On the Boards
Post your job listing

Daily Jobs
Appearing One Day Only
View our Internet Jobs Archives here

• Security Risk Analyst - Amazon - Phoenix, AZ

• Investigations Specialist - Amazon - Seattle, WA

• LP Supervisor - Burlington Stores - Bronx, NY

• Information Security - Senior Manager - CVS Health - Woonsrocket, RI

• Field ORC Investigator - Gap Inc. - San Francisco, CA

• AP Specialist - Home Depot - Burlington, WA

• Senior AP Specialist - King Soopers - Loveland, CO

• AP Manager - Kmart - Bridgehampton, NY

• Multi Unit AP Manager - Kmart - Marathon, FL

• LP Supervisor - Kohl's - Parker, CO

• LP Supervisor - Kohl's - North Richland Hills, TX

• Market Director Operations/AP - Macy's - Lakewood, CA

• Market Director Operations/AP - Macy's - North Hollywood, CA

• Manager, Operations & AP - Macy's - Federal Way, WA

• Assistant Manager AP/LP - Macy's - Concord, CA

• Manager, Operations & AP - Macy's - Los Angeles, CA

• AP District Leader - Rite Aid - Sacramento, CA

• DC LP Specialist - Safeway - Tracy, CA

• AP Manager - Sears - Burbank, CA

• AP Manager - Sears - Glen Burnie, MD

• Sr Corporate Security Manager - Global Crisis Management - Target - Minneapolis, MN

• Corporate ORC Supervisor - TJX Canada - Montreal, QC, CA

• Supply Chain AP Area Manager - WalMart - Bethlehem, PA

• AP ASM - Walmart - Oxnard, CA

Your Career
 

Struggling with a Career Change? Try Looking at it Like Dating
Some of us wind up on a totally different career path than what we thought, or when we started. To really keep the new career positive and the right choice, look at it like dating. Here's how. Trust your gut

What to Do If There's No Clear Path for You at Your Company
We all know the old routine: join a company, work hard and move up the ladder, but these days, the enemy preventing to many people from identifying a clear career path is that one no longer exists. Here's how to navigate this new terrain for any professional. Seek out help

How to Raise Your Game to Get the Job You Want
If you ever find the role you're in isn't the job you want, this performance coach has the answers to help you make the transition from your current role to the role you want. Take immediate action

5 Things to Do to Advance Your Career
In order to advance your career, you first must have a plan. Career advancement comes in different forms, but regardless of what you're trying to achieve, it's not possible without a clear plan to help guide your way. Here's how you can set the roadmap and foundation to help you go further. Define YOUR success

Tip of the Day
Sponsored by Vector Security Networks
 

The references you use are a reflection of you and those that you select should be well thought out and be able to truly give an accurate picture of your work performance and your accomplishments. The best references come from the Operators you've worked with, who are in actuality your customers. These Operators can add more value in your search process than you think. They too have a network of friends and colleagues in the business that stretch well beyond your normal circle of executives. Obviously the list of references you develop over time requires follow up and contact. So keep in tuned to their movement as well and always be able to find them for they may be the key to your future success in more ways than one.

Just a Thought,
Gus

Post Your Tip or Advice!
(content subject to approval)

Upcoming Events

D&D’s Live in NYC At NRF Big Show Monday, Jan. 14 The Daily’s New Year’s Kickoff Reception Honoring NRF LP Council Tuesday Evening Jan. 15 NRF Big Show Jan. 13-15 ISCPO 2019 Conference March 6-7 RILA AP Conference 2019 May 5-8 CNP Expo 2019 May 21-24 The D&D Daily 'Live at NRF Protect' June 14 RLPSA Conference 2019 Aug. 4-7

See More Events

Recruiting?
Get your job e-mailed to everyone... everyday
Post on our Featured Jobs Board!

Reach your target audience in 2018 every day!
Request our 2018 Media Kit

Not getting the Daily?
Is it ending up in your spam folder?
Please make sure to add d-ddaily@downing-downing.com to your contact list, address book, trusted sender list, and/or company whitelist to ensure you receive our newsletter. 
Want to know how? Read Here

SUBSCRIBE

FEEDBACK

www.downing-downing.com

Advertise With The D&D Daily

36615 Vine Street, Suite 103
Willoughby, OH 44094
440.942.0671
copyright 2009-2019
all rights reserved globally