New Solutions to Old Problems
THE LATEST National Retail Security Survey confirms what most retailers know instinctively: Retail shrink continues to rise. The survey, released in June, puts 2008 losses at $36.5 billion, up from $34.8 billion in 2007.
Companies don’t just passively accept the status quo, however. They constantly adjust their countermeasures in an effort to hold shrink to a manageable level. The companies highlighted in this article say that new technologies have made a substantial difference in the ongoing war against shrink. The following case studies illustrate how implementation of some of these measures is working.
Souring the Sweethearts
Big Y Foods, Inc., is an independently owned regional supermarket chain with 58 stores in Massachusetts and Connecticut. According to the company’s director of loss prevention, Mark L. Gaudette, “Retailers know that a lot of shrink is caused by employees. No matter whose survey you look at, it’s always about 40 to 45 percent.”
Solutions such as access control, CCTV, and exception reporting—which highlights irregular transactions—have helped to address the problem. However, Gaudette says, “One area where there was still a big void in loss prevention was ‘sweethearting’ at point-of-sale (POS) stations.”
Sweethearting is when a cashier does not scan an item before placing it in the shopping bag, thus giving it to the customer for free. Exception reporting systems cannot catch sweethearting, Gaudette explains, “because if an item isn’t scanned, it doesn’t become part of the aggregate, and therefore, it can’t be measured.”
While it’s possible that the theft may have been caught with surveillance equipment, trying to catch sweethearting incidents by reviewing CCTV video of all transactions would take resources far greater than those of the average retail security and loss prevention operation.
That’s assuming the review would have to be carried out by a human. Newer video analytics technology, however, offers a way to automate at least the front end of that process so that the amount of video a human has to review is limited to what has been flagged as suspicious.
One product that is specifically designed to address the problem of sweethearting is the StopLift Checkout Vision System by StopLift, Inc. The software mathematically analyzes the pixels of digitized video, scrutinizing how cashiers handle items to determine whether or not they have properly scanned them. This type of analytic had not been previously available, according to Gaudette.
Big Y decided to pilot the system, which consists of an appliance with the analytic and a monthly service contract providing that StopLift personnel at a central station would review footage flagged as suspicious by the analytic and cull out false alarms. The pilot was carried out in three stores for four months beginning in September 2008. Employees were not informed that StopLift had been installed at the stores.
Installation was simple. There were no requirements on camera type or resolution but, says Gaudette, “We had to have CCTV in place that gave a straight dropdown shot of each register.” After that, all it took was plugging the store’s digital video recorders (DVRs) into Stop lift’s appliance, which housed the analytic software.
Each day, the data is sent via the Internet to StopLift’s data center. There, suspicious transactions flagged by the analytics are reviewed by human analysts who confirm or negate them. “They take out the false positives,” says Gaudette. “For example, they make sure it isn’t a pocketbook placed accidently over the scanner.”
Other commonly flagged transactions involve free publications. For instance, “Big Y produces a magazine with recipes and coupons…. It looks like a Sports Illustrated or a Woman’s Day going across the belt. We provide that information to Stop-Lift so that their reviewers can look at it and say, ‘Oh… it’s the free magazine and not sweethearting.’”
As the results from the pilot tests came in, Gaudette began to realize the true scope of the ongoing loss. “I’d seen the footage from other StopLift pilots, but when I saw my stuff going out the door and not getting paid for, it was kind of an emotional moment,” he states.
Not only did the system point out cashiers who were sweethearting and cashier errors, it also pointed out a technical glitch that had been adding to shrink for some time—a malfunction in the POS exception reporting software. Gaudette explains: “Big Y has a loyalty card, and if a customer forgets it, the customer punches in a phone number, and the loyalty card number comes up. While the customer was punching in that number, all the scans that the cashier was doing did not register. The cashier would hear the ‘beep, beep, beep,’ but the scans were never captured.”
Theft and losses were also found to be plentiful in the self-checkout aisles. “Unfortunately, it only takes one person with larceny in their heart to steal from a selfcheck; it takes two in a regular lane,” wryly comments Gaudette. The self-scan attendants have since been retrained to be more observant of customers and to watch for items that can be both purposely and accidently overlooked on the bottom sections of grocery carts.
These “bottom-of-the-basket” losses were also found to be common in the cashiered aisles. “I have to admit that I was a little embarrassed, because I had been telling my executives that we don’t have a bottom-of-the-basket problem,” says Gaudette.
After the incidents were exposed by StopLift, retraining of front-end management and staff was undertaken. As a result, bottom-of-the-basket losses are “pretty minimal right now,” he states.
Regarding cashier errors, “We assumed that most losses were intentional, but we also found that there were a huge amount of unintentional misscans where the cashiers thought they had scanned the item, and they hadn’t,” says Gaudette. This issue was addressed in retraining.
Of the intentional sweethearting incidents, Gaudette says that some of what they have learned goes against conventional wisdom. It has been assumed that in sweethearting, there is a relationship between the employee and the customer; however, the incidents caught by StopLift show this is “not true all the time.” Neither is the assumption that certain types of items—for example, high-priced meats—are more likely to be sweethearted.
“What we see in the surveillance videos,” says Gaudette, “is that the selection of the sweetheart items [was] often random because the opportunity presented itself—the supervisor walked away or the service clerk was no longer at the end of the register, for instance.”
At the end of the pilot testing, Gaudette says that it was evident that the StopLift system should be rolled out to all Big Y stores. In preparation for that, Big Y developed “an awareness and education program for the staff [as well as a] counseling process,” he explains.
Loss prevention now receives incident reports from StopLift within 48 hours of an event. Loss prevention then sends each incident report, accompanied by the related video clip, to the manager of the store where the incident occurred. The manager has seven days to reply regarding what action has been taken.
The company has a zero-tolerance policy; employees caught sweethearting are fired. An employee who makes unintentional errors meets with the store’s manager, who explains that the clerk missed scans. “The reaction is almost always ‘No, I didn’t.’ But the manager can show the employee the video,” Gaudette says.
Retraining is then given to the employee. In some cases, cashiers whose performance did not improve after retraining have been reassigned to different jobs. “Some people are just not good at being cashiers. They are often relieved when that happens,” he says.
The Checkout Vision System has now been installed in 47 of the 58 Big Y stores, and it will soon be in all locations. Since the pilot program began, verified incidents of sweethearting and accidental error are down 86 percent. Gaudette says of projected cost savings, “We’re estimating $3 million in nine months. This more than covers the cost of the system. We’ve got our money back already, and we’ll be preventing future losses.”
T-Mobile USA, Inc., a national provider of wireless voice, messaging, and data services, operates about 2,000 company-owned stores across the United States and Puerto Rico. According to Joe Davis, CPP, senior manager of loss prevention for the company’s South Region, “Loss prevention is a new organization inside T-Mobile—just over two years old.” The first step, he says, was “to evaluate what systems were in place to reduce loss and fraud.”
He says the team found that “We had video systems in place that were adequate for physical security—watching the front and back doors—but we didn’t have a robust capability for reviewing forensic video and tying people to transactions inside a business.”
For example, an individual might come into a store and conduct a transaction at the register, claiming to be someone they were not. “Shortly, we get notification from the real person, who says, ‘Hey, I just got a bill from T-Mobile for five new phones and $5,000!’” says Davis. At that point, “We’d have to find the overhead video of the register and try to identify the person who came in and conducted the transaction.”
It was a labor-intensive investigative process, and given the volume of incidents, resources weren’t always available to thoroughly research each reported case, Davis says. Then in 2008, the loss prevention team came across a technology that seemed to offer a way to get the job done cost effectively. It was the 3VR SmartRecorder P-Series, by 3VR Security, Inc., of San Francisco, a hybrid digital video recorder/ network video recorder (DVR/NVR) that had software with embedded analytics and biometrics, such as facial recognition, which could intelligently search surveillance video. It could also integrate with POS, intrusion, access control, and other systems.
T-Mobile decided to pilot the system from the autumn of 2008 until early this summer. The system captures the faces of people coming into a store, and applies metadata—data about the context of the image—and it then catalogs each one. The images can also be tied to POS transactions, if desired, in a searchable database that resides on the company’s network so that in the future, if there were an incident of identification fraud, for example, Davis could watch the video and review each face captured in association with that incident. “Then I can search forensically across my network in all locations where I have the system deployed,” explains Davis.
“The system uses the metadata to find the closest matches to the face that I’m looking for. I can set an accuracy range too so that I’ll be served up faces that are a 50 percent match if I want to look at a broad range, or I can see faces that match at 95 percent for a narrow range,” he says. “What that allows us to do is look for individuals who are targeting T-Mobile stores across multiple locations and across specific markets.”
Before the pilot began, the loss prevention team brought in representatives from T-Mobile’s enterprise information technology group “because we knew this was going to be set on our network and required bandwidth,” says Davis. Loss prevention also brought in members of the physical security team, who had been responsible for loss prevention before the creation of Davis’s unit.
“We made it a multifunctional team working along with people from 3VR so that we could make this a successful pilot and not a half-effort set up for failure. We wanted to ensure that everyone’s concerns were met,” he states.
The types of deployments were varied to collect the most information about how the system would function in various settings. For example, at one location, the system was installed with megapixel cameras to see if that technology would allow for fewer cameras in stores. At another location, it was integrated with the store’s POS exception-reporting system to see how the two technologies functioned in tandem.
Making sure that T-Mobile’s network security was protected was also important. “Because we do collect such a massive amount of customer data, we’re very concerned that it is controlled and accessible only to people with the proper business need to access it,” Davis states. The system gives administrators the ability to strictly control who can access it.
Additionally, “It has a logging feature for every box so that I can see who made any changes or how long they were on it and what they did with the video they were looking at—for example, recorded it or took snapshots,” he says.
Davis says that during the pilot, IT issues such as network up-time were carefully monitored. Within the entire pilot, there was no time that the boxes were not feeding data to the company, he states. Another issue was that if this success were replicated across all T-Mobile stores, a disk failure would not interrupt video recording. That was good for the sake of uninterrupted surveillance but it also had a financial benefit—it meant fewer emergency technician repair calls, which would lead to an impressive cost savings.
“With the DVR that we had been using, if there was a disk failure, someone needed to be on site as soon as possible to replace the hard drive. Until that was done, there was no video captured—you were blind,” Davis explains. “The 3VR boxes have two disks, independent of each other, recording the same information. So, if there is a failure of one disk, the same information is being recorded on the second disk. The chance of a dual disk failure in one box at the same time is unlikely, so getting a technician there right away is not such a pressing issue.”
The system also has a proactive health alert. “If there’s a change in the box or an event within the box that may compromise its capability of functioning, it generates a message automatically,” says Davis. For instance, if a camera is accidentally unplugged, the system sends T-Mobile’s enterprise security operations center a message saying the camera has been down since a certain time. “They go in remotely through the network and identify if it’s something they can correct. If they can, they do; if not, they generate a service ticket,” he explains.
The pilot, which ended in June, was so successful that the company chose to incorporate the 3VR system into all new stores as well as to add it to existing stores in higher-risk markets.
By the time the pilot ended in June, the team had gained some valuable insight about incidents and those who commit them. For example, security found that it is not unusual for “a person who commits fraud against us to also be a customer legitimately, on other accounts,” explains Davis.
He found that during forensic reviews of faces from other store locations, the face from the incident being investigated would come up again, tied to another transaction on another account. “So, now, I have gone from having no idea who this person was and no capability of ever identifying him to finding out not only who he is, but I also have all his contact, transaction, and other information—everything that I would need to take [the incident] to law enforcement,” Davis notes.
Since being installed more widely, the 3VR system has also proved its worth in burglary and robbery cases. It has long been known that criminals often case a store before the actual break-in or hold-up. With that in mind, the loss prevention team can review the faces of people in the store within the days before an incident to compare them to faces from the event.
And again, Davis explains, “It’s not unheard of that the person is a customer. He may have made a payment on his account or someone else’s account,” for instance, and thereby have tied himself to information that allows his identity to be known.
Cost-effectiveness. Davis says that as a result of using the system, research time for loss events “dropped considerably.” As an example, he discusses the frequent theft of demonstration phones from store sales floors. Before the system was in place, it took field investigators an average of 45 to 90 minutes to retrieve the video data of the incident. Using the 3VR, search time dropped to 15 to 30 minutes.
Another cost-effective aspect of the project was that the use of megapixel cameras would allow the system to function at peak performance using fewer cameras. “If we can cover a store with five megapixel cameras instead of 12 to 15 analog cameras, the cost of peripheral hardware that the box uses can also be cut,” Davis says.
Most recently, return on investment is being further improved by finding nonsecurity uses that allow other groups within T-Mobile to benefit from the system. One example is its built-in people-counting capability. Davis says this saves the company from spending “thousands per store,” to have a system of counting customer traffic. The 3VR system can do that while carrying out its security function.
At the time of this interview, testing was being conducted to make sure that the 3VR system worked as efficiently as other people-counting systems. Davis states, “Right now, we’re seeing accuracy within 2 percent.”
T-Mobile is also exploring the possibility of using the system to provide the company with data on how long customers wait in line and how they interact with the demo equipment. “For example, how long does someone look at a Blackberry versus a Samsung,” explains Davis.
“We’ll work with 3VR to define custom analytics that are going to add value for the nonsecurity parts of the business. The more groups inside T-Mobile that get value out of the box, the lower the return-on investment threshold is for each group involved,” notes Davis. And that helps make the case for approving the security purchase.
Ann Longmore-Etheridge is an associate editor of Security Management and editor of ASIS Dynamics.