• Corporate News
• FireKing Office Products
• Image Vault CCTV
• Safes
• Newsletter
• Events Calendar

Identify And Respond To New LP Threats

Where loss prevention (LP) and security are concerned, cash is still king. Multichannel retailers with brick-and-mortar presences can't let the mainstream press coverage about identity theft and credit fraud muddle their priorities. It's not that credit fraud and identity theft aren't important issues with serious consequences, but wherever cash movement and handling are concerned, life safety has to be a retail LP manager's first concern. So says Van Carlisle, CEO of LP hardware vendor FireKing Security Group. "Life safety is always No. 1 whenever we talk to any LP manager, so we focus on what can be done to prevent and deter robbery to create the safest environment for employees," he explains. Carlisle says the second most important security threats are internal shrinkage problems associated with employee theft and cash handling problems. That said, the ability to track questionable transactions in an effort to protect both the customer and the enterprise is the most important trend in retail today, and it's a trend that has to cross channels.

"Payment fraud is a growing threat because the technology made available to automate transactions is also helping the bad guys thieve identities. Technology cuts both ways," says Carlisle.

Tom Keithley is vice president of credit and integration at multichannel retail software vendor I4 Commerce, provider of the Bill Me Later e-commerce payment solution. He says identification of potentially fraudulent e-commerce transactions is a simple matter of looking for context clues. "We verify the validity of the transaction based on information that's shared in the process," he says. For instance, a certain customer might use a Comcast high-speed IP (Internet Protocol) address coming out of Atlanta. That customer might occasionally show up on an IBM regional proxy IP address, which is presumably the consumer's workplace. If, suddenly, the consumer shows up coming from a Kinko's IP address in a rundown area of Los Angeles and requests an item be shipped to an address his or her purchases have never been shipped to before, red flags should pop up. The retailer should ask itself what the likelihood is that this is a legitimate transaction. "When your customer's not standing in front of you, information is the most important resource you have to verify the validity of the transaction," Keithley says.

Third Parties Create Potential For Compromise
According to Keithley, merchants are only beginning to recognize the need to bring online information security practices up to standard. "You see that Visa and MasterCard have created initiatives to mandate security standards," he says. "These are designed to help merchants expedite the process of securing their e-commerce payment infrastructures. As a result, merchants are seeing the value of forming relationships with companies like Verisign and ScanAlert and vendors who specialize in security consultation and auditing."

Keithley brings up an important point here. As merchants work diligently to improve payment security both online and off, the very data they're looking to protect can become subject to compromise. "Merchants are going back and modifying all their vendor contracts to hold their vendors to a much higher standard of data security and integrity," he says. "Frankly, a lot of the weaker links in the security chain are not really the merchants' internal systems but many of their third party vendors, the ones who handle their e-mail marketing, customer list management, and catalog preparation, for instance." In other words, every vendor link where data is being sent out of the retailer's control is a potential point of compromise. Third parties brought in to write these programs and manage the databases that run them have access to enormous amounts of information. "It's one thing to get the merchant internally to adhere to that PCI [payment card industry] standard, but it's going to take a while to get the whole vendor community to tighten up this practice," says Keithley.

Self-Service: An Open Door To Security Breaches?
In keeping with the theme that new technology can both solve and create problems, FKI's Carlisle takes the conversation back to cash handling at the store level. "An emerging issue that isn't quite here yet but that we predict we'll see a lot more of in the next five years is dealing with emerging technologies in self-pay kiosks," he says. "The technology is beginning to come around, and these things are becoming practical for transaction automation. The concern is that security hasn't necessarily kept up with the ability to record and monitor the transaction." At the root of the problem, he says, is that kiosks and self-service stations still need to be serviced periodically to move cash from the front of the store to the back of the store. This creates the potential for shrinkage and life safety issues. The integration of digital video with self-service kiosks is one way this threat is addressed, much as it addresses brick-and-mortar transaction fraud at the traditional POS by monitoring the movement of cash on a transaction-by-transaction basis.

Modern solutions to multichannel LP and security issues require a merging of traditional security with IT-based automation technologies. Who, then, is responsible for spearheading these initiatives? Five or six years ago there was a reluctance on the part of the LP department to involve IT for fear their initiatives would be shot down. But retailers looking to solve security problems today have to look beyond LP and invite collaboration among the IT, operations, and finance departments. Creating synergy among these groups can be challenging, but the resulting automation will result in labor reductions, elimination of manual processes and back office expenses, a reduction in banking fees and management time, and improved reconciliation. Security is no longer about spending money; there's actually an ROI there.