The retail industry is estimated to lose $30 billion annually to a wide spectrum of threats. Retail operations must develop loss prevention strategies to identify, quantify, prioritize, and mitigate the potential causes of these losses at the local store level. The following discussion examines the most common threats, how they occur, and how they can be prevented or detected.

Fraud. Among the types of threats that the loss prevention manager (LPM) must address are fiduciary frauds such as missing deposits, cash shortages, bad checks, credit card chargebacks, corporate malfeasance, and other associate thefts.

Let’s consider the case of a manager, who we’ll call Jane Smith. Smith managed a small specialty store in a suburban mall. Her duties included counting up and depositing daily earnings into the local bank.

Smith was unsupervised except for the district manager, who visited the store every three or four months. She was considered a good, reliable employee.

But unknown to the district manager, Smith also had a gambling problem. She had run up debts and was being threatened by those she owed money to. In desperation, Smith took cash from a deposit, intending to put it back on payday. She reasoned that the company would not notice.

Smith’s first theft was of $350. Sure enough, a week went by and nothing happened. That success gave her the confidence to continue stealing money from the bank deposits and to branch out into return fraud. When a customer made a $520 cash purchase, for example, Smith entered a false return for the items and pocketed the money.

Finding this an easier way to steal, Smith began to make two or three fraudulent refunds per week. It wasn’t until a customer came into the store when Smith was not there, asking for a refund on purchases Smith had already “refunded,” that an associate called a business abuse hotline.

The tip led the company’s LPM to analyze the store returns. The LPM found that Smith’s refunds were three times the average of other stores’ total refund percentages. Smith was confronted with the evidence and admitted to the theft of $19,900.

In the investigative report, the LPM, a multistore field manager, stated that the local store’s lack of management supervision and the lack of a deposit balancing system created an environment where such a crime could be easily committed without being detected. In addition, an exception-tracking report should have been used to detect theft. In the regional environment, a possible solution is to have a team of analysts review exception reports and assign investigations to the LPM.

The LPM recommended several policy changes to prevent the problem from recurring. First, to improve refund controls, the store should require each employee to obtain an authorization by a manager; in cases where a manager was ringing up the refund, he or she would need to get another manager to authorize that transaction.

The original purchase receipt would have to be attached to the refund document filed in the store. Returns could only be in the same amount as the sale, and if made by credit card, the return could only be credited to that same card.

A cash refund log was also established. The log allowed the store manager to reconcile returned merchandise in the store with refunds given, as well as to call the customer to inquire about customer service during their visit and ask whether cash or credit had indeed been received.

The LPM had also noticed other vulnerabilities ready to be exploited due to a lack of record keeping. To prevent more loss, the LPM inaugurated a deposit slip validation log where each day’s register reading was noted by the closing manager along with the amount of money being deposited and which employee took it to the bank.

Store management has the responsibility to ensure that money taken into the register is properly balanced and taken to the bank. Additionally, the store manager retains and notes the bank deposit slip and there is a sign-off column for the district manager.

Inventory loss. Inventory loss, or shrink­age, is the difference between the product count and book inventory. Causes of shrinkage may be external or internal. External theft includes shoplifting, burglary, and product tampering or destruction. Internal theft includes, but is not limited to, outright employee theft, selling product without entering the sale into the register, and refunds that electronically add product back into the inventory even though it has not actually been returned to the store.

In some cases, honest paperwork er­rors are made during receiving when short shipments go unnoticed. Shrinkage can also result from errors during product transfers.

In other cases, shrinkage may arise from collusion between insiders and vendors or others. That was the case with one college student (we’ll call him James). James was an associate of a store’s electronics department. He colluded with his fraternity brothers to help them steal CDs, DVDs, and electronics, using the security sleeve key to remove the plastic sleeves from the product. James also made under-the-table sales, including one of a $359 digital camera for which he accepted $60.

An early-shift department manager eventually noticed something amiss. He told the store’s LPM that on mornings after James worked, CD stock was often low and he could not identify enough sales to explain the missing product.

The LPM conducted covert CCTV surveillance that collected evidence of theft. James admitted that he let his friends steal CDs and CD players and that he sold a number of cameras and film for greatly reduced prices. In all, he admitted to aiding in the theft of $15,780 worth of goods.

The LPM assessed the situation that had made this crime possible and recommended that the store’s electronic department be staffed by two employees at all times. In addition, a log of camera equipment sales and daily counts of product on hand would not only deter thefts, but might identify them much earlier. It was also recommended that daily activity in the department be viewed and recorded via CCTV.

Liability. Accidents can lead to liability if the incident is mishandled. In one case, an elderly lady slipped and fell on a spill in one of the aisles of a store. Panicked store associates promised that the company would take care of all of her medical bills.

No report was filled out, no photos were taken of the spill, nor were statements taken from witnesses. When the customer submitted her medical expenses to the company’s insurance provider and was denied, she brought suit based on the promises of the associates. In court, the company lost its bid for summary judgment and dismissal of the case. Ultimately, it was ordered to pay the medical bills and all legal costs.

The incident led the store to recognize the need to properly train its employees on housekeeping policy and accident response, as well as on OSHA guidelines. To reduce the exposure from these types of incidents, many companies have instituted a safety committee to educate employees, perform safety walk-throughs, and publicize safety via posters and contests.

Fires. Retail establishments are at great risk of loss from fire unless they take the proper precautions. Fire alarms and sprinkler systems are typically mandated by local ordinances. But just putting these systems in is not sufficient.

The LPM should monitor complete monthly testing of the fire alarm flow valves and tamper devices. The LPM should also arrange for employee training on such issues as the use of fire extinguishers and identifying flammable liquids. Each store should also have an emergency plan of evacuation with practice evacuations on a quarterly basis. Employees should also be instructed never to block fire exits.

Workplace violence. Workplace violence is another issue that, as well as possibly causing bodily harm to workers or customers, may result in financial loss from lawsuits, medical and workers’ compensation expenses, and adverse publicity. To mitigate these risks, the LPM must forge a relationship with the company’s human resource and legal departments to create and maintain programs that train employees to be aware of and report the signs of pending violence.

Consider the case of one employee (let’s call him Mike) who was increasingly unhappy with his boss. One of his children was seriously ill, and he was often late as a result. The boss knew this, yet he often criticized Mike for his tardiness.

As the stress took its toll, Mike’s performance suffered. In addition, he complained frequently to peers and began making angry comments to his boss. Mike finally became violent, striking his employer in the face and knocking him to the ground. He was fired.

The situation should never have been allowed to worsen to that extent. Many employees knew of Mike’s increasing anger, but no one reported it because there was no understanding of the danger and no mechanism for reporting concerns.

All businesses should train employees and managers on workplace violence indicators. After a report or tip is made, the allegations should always be taken seriously and investigated.

An example of appropriate workplace violence response occurred last year in a specialty retail store. A store’s general manager had been demoted to assistant manager by her district manager. She believed the district manager had been looking for ways to fire her during each visit paid to the store. She made a comment in the lunch room that she could buy a gun and take care of the district manager. Store associates who heard her comments called the store’s business-abuse tip line.

In response, loss prevention partnered with the associate relations department to investigate. It was discovered that the worker had in fact bought a handgun from a customer earlier that week. When interviewed, she acknowledged the gun purchase, but said she bought it for protection because she lived alone.

Based on the company’s zero tolerance policy, she was terminated and warned not to come near the store. In addition, the LPM hired off-duty police officers to work as security in the store for three weeks. The police were notified officially of the threat and circumstances of the case. No further threats or violence occurred.

Disasters. The risk of external disasters must also be addressed and mitigated. One way to reduce this risk is by exploring the risks of the location of the store. For instance, a store may be located in an area prone to seasonal flooding, and the LPM might move valuable inventory to prevent water damage.

In an area prone to tornadoes or earthquakes, the LPM might instigate physical changes to the store to eliminate or reduce risk of injury—such as eliminating high shelves with heavy products on top that could fall during a tremor. The LPM could also ensure that tempered safety glass was used in all windows and that safety curtains were put up during tornado warnings.

Evacuation and shelter-in-place plans should be made and employees and managers instructed on how to obtain emergency assistance.

Since 9-11, the LPM must also pay attention to the possibility of terrorism. In analyzing risk, the LPM must consider both the nation’s and the company’s economic and international relationships. A good rapport with lo­cal police and federal agencies is an essential tool in the LPM’s arsenal, as is access to local, state, and federal homeland security information sources.

It may be advisable to go beyond standard emergency planning for a store, depending on that store’s specific risk assessment profile. For example, the company may decide to secure all HVAC air intake portals with lockable screens or bars and require all equipment repair technicians to sign in and wear proper identification. That said, LPMs must, of course, balance their desire to fortify the store with the store’s need to be a welcoming place for customers.

Cost-benefit analysis. With every suggested mitigating measure, a cost-benefit analysis should be undertaken to determine the benefit of the strategy versus its potential negative effects. For instance, spending $100,000 on security technology to protect the loss of a few $1,000 items is excessive, when increased theft insurance might be a more cost-effective option.

William Morris wrote in The Wanderers, “boundless risk must pay for boundless gain.” In retail, it is up to LPMs to ensure that mitigated risk ensures healthy profits.

Alan F. Greggo, CPP, CFE (Certified Fraud Examiner), is senior director of loss prevention for Luxottica Retail of Mason, Ohio. He is a member of the ASIS International Retail Loss Prevention Council.