- Corporate Security
- Governance, Risk & Compliance
- Information Security
By Resolver Modified February 7, 2021
What is the latest employee theft scam putting a dent in the profits of your retail organization? Think about any recent changes. Maybe you’ve implemented a new cash management protocol, or a new loyalty program, or a new tabletop payment system. Regardless of what your stores have recently done to boost revenue, it’s likely that some employees are figuring out a way to personally enrich themselves with it.
The hottest employee theft schemes are, by nature, very personal. They are specific to each retailer depending on its business and existing security measures, such as whether or not it’s using inventory management software, as well as a host of other unique factors. That’s why a universal best practice for countering employee theft schemes is to identify, track, and analyze incidents of internal theft across the organization. Implementing targeted theft-deterrent strategies depends on consistent record keeping, organization, and pattern recognition. A data-driven incident management process is the only way to keep pace with an extremely adaptable foe.
That is all to say that the employee theft scams listed here may not currently be a significant cause of loss in your retail organization. However, when we ask retailers about the ways in which employees are trying to steal from them right now, these five methods keep coming up. Employees are stealing…
Mobile point-of-sale (MPOS) devices—such as smartphones equipped with credit-card readers—are increasingly popular tools for checking out customers. They offer retailers an opportunity to accelerate checkout, accept credit card payments anywhere, and enhance the customer experience. But some employees are taking advantage of that mobility to conduct theft that might be more difficult to do in a structured checkout environment with cameras watching. At one clothing store, for example, employees recently conducted a string of bogus MPOS transactions in the men’s room, including processing false returns and putting the money on depleted gift cards that had been handed in by customers. MPOS frauds aren’t different than the popular ones listed below, but crooked store workers are trying to use checkout mobility to provide some cover to those schemes.
Some of the new online fraud schemes require a physical “insider” to pull off. Whether that person is doing reconnaissance for an organized retail crime group, mapping out a retailer’s processes to look for exploits, or whether an employee applied for a job specifically to carry out a fraud plan, internal avenues of attack need to be top of mind for LP as it tries to combat online fraud.
Some of these frauds are relatively straightforward. One fraud occurring today is collusion between online buyers and employees readying packages for shipment: insider thieves simply pack the box with extra products. Weight data is key to stop this type of fraud. If you know the weight of all your SKUs, you know what to expect an online order to weigh. So if the shipping company reports back an unexpected weight, you can check the reported weight against the expected weight. These schemes are being carried out at distribution centers but also at brick-and-mortar stores that double as mini-fulfillment centers and ship to customers’ homes or to other stores. Upon recognizing an instance of process exploitation on the part of an employee, a data-driven LP team can quickly enact safeguards to protect against the type of insider fraud that was just uncovered.
Though not the most costly, the most frequently cited employee theft is the old trick of colluding with a “customer” to steal merchandise. For example, cashiers sometimes void large transactions but still place merchandise in shopping bags for customers. Others ring up only portions of an order to let accomplices walk away with stolen merchandise. Such scams dominate local news reports of arrests of store employees. At a Dollar General store in Elloree, SC, employees would wait until near the close of business, bring pre-loaded shopping carts to the register, pretend to scan most items, and leave with the carts of merchandise. Seven employees stole $56,000 over eight months, according to police. At a Walmart in Philadelphia, a four-person employee theft ring allegedly stole $60,000 worth of merchandise by only ringing up inexpensive items from large orders of merchandise, leaving the rest to go unpaid.
Strategies to reduce theft at the point-of-sale include use of electronic article surveillance; RFID technology; CCTV at POS, specifically the use of video analytics with overhead surveillance of sales counters; and maintaining hiring and employee-screening standards. By integrating high-definition video with point-of-sale transaction data, retail investigation units can quickly and successfully review video surveillance footage associated with a specific transaction to identify individuals in a sweetheartening scheme.
In another type of collusion, employees are issuing pre-paid store credit cards without paying for them. Friends, family, or accomplices bring the pre-paid credit cards to the crooked cashiers at registers, where they load them up with hundreds of dollars. In a gift card scam at a retailer in the Midwest a few months ago, an investigation found that that company software allowed employees to add funds to a gift card in a cash transaction and then void the cash transaction, leaving the funds on the card. In addition, the transactions could be completed without re-swiping the physical gift card. One employee’s alleged theft totaled nearly $60,000 over a 10-month period. Employee training is an integral part of curbing this type of theft.
In December 2016, police said thieves were soliciting Target and Walmart employees throughout the Atlanta metropolitan area to participate in gift card scams, approaching them in parking lots, on social media, and elsewhere. In exchange for fraudulently loading money onto prepaid visa gift cards, the employees were being promised a small cut. Typically, thieves are telling these employees that they have jamming devices on their cell phones that will prevent the transactions from being recorded. They don’t, of course, so employees are being caught and prosecuted while thieves make off with loaded gift cards—in one case, $29,000. In all these cases, employees are never paid for their participation but are the only ones who get caught and face prosecution.
Finally, several retailers say that strict loss prevention controls are being thwarted in some cases because supervisors are helping to cover up employee theft schemes. In one new case, for example, members of an overnight cleaning crew were stealing thousands of dollars worth of tools during breaks in their shifts. Surveillance video was capturing the activity, but a shift manager was intentionally overlooking the evidence to facilitate the crime. In that case, an audit finally uncovered the yearlong fraud.
Finally, employee crooks continue to show that they don’t lack imagination. In September, employees of a Radio Shack in Laurel, MD, turned off the electricity on the store’s breaker panel, cut the store’s surveillance DVR system, and made a holdup alarm activation call to police. “We’ve been robbed,” they falsely claimed—twice—stealing more than $55,000 in cash and merchandise.
And the latest employee theft scam at Apple stores doesn’t even involve employees. Crooks are simply dressing the part, donning a blue shirt that passes for the store uniform, and making their way into repair or storage areas to collect an armful of devices.
This post touched on a few of the employee theft scams of the moment, but keep collecting and analyzing your incident data. It’s the best chance to learn, as your technology and retail processes change, how crooked employees are trying to exploit them.