Skip to content

Shutting Down Retail Theft

A retailer of hunting, fishing, and outdoor gear, Cabela’s operates 46 stores across the United States and Canada. Those stores generated $3.1 billion in revenue in 2012. Outdoor enthusiasts can also shop via Cabela’s Web platform. The company had more than $930 million in Internet sales last year. Cabela’s robust e-commerce reflects the company’s progressive view of technology, data, and business analytics. Cabela’s asset protection team, headed by Brad Dykes, has also embraced these tools to reduce theft and fraud.

About five years ago, the asset protection team began using statistics to analyze return rates, shrink, key performance indicators, and other factors, and to use that information to develop more effective security policies and procedures. This multi-year effort resulted in a new protection plan that includes better policies for merchandise tagging and returns, risk profiles of stores to make sure that security solutions are calibrated to each store’s needs, and e-commerce link analysis that has reduced online fraud.


Historically, Cabela’s has used electronic article surveillance (EAS) tags to protect some portion of its merchandise from theft. Cabela’s standard practice was to tag more than 60 percent of clothing items. This was a traditional approach, but it was also costly. The asset protection team set out to find out if the practice could be justified on the basis of a cost-benefit analysis.

The team began an extensive evaluation of the data to determine the correlation between tagging and shrink. One objective was to see whether fewer items could be tagged to save money without causing greater monetary loss via shrink. They used an equation comparing the cost of the goods to the cost of protection and then compared that to the shrink the company could expect if it did nothing.

Among the findings of the analysis was that while it paid to have a certain percentage of items tagged, some low-priced items did not justify the costs of EAS implementation. However, the analysis was not based solely on price. “Some expensive items just didn’t have a history of theft, so we didn’t tag them. Other less expensive items were easy to resell on the street so, even though they were lower-priced, we still tagged them,” says Dykes.

The team carefully monitored shrink after the new tagging policy went into effect to make sure that neither shrink nor theft increased. During a one-year period, Cabela’s merchandise protection costs, including the absorption of shrink, decreased by 40 percent.

Return Policy

Before the asset protection team’s review, Cabela’s had a lenient return policy allowing consumers to return almost anything, with no time limits or restrictions. As sales increased, so did the number of returns. By analyzing the data, the team quickly discovered that some portion of the returns arose from people who were “renting” merchandise—everything from $500 fishing reels to $2,700 binoculars—by purchasing items, using them, and then returning them. For example, people would buy a tent for a weekend camping trip or a pair of waders to go hunting and then return the items after the trip was over. The data, as reported by cashiers receiving the clearly used merchandise, also showed that these renters were repeat offenders and that they rarely presented a receipt with their returns. So the asset protection team set out to make changes to the return policy that would reduce costs without harming relationships with good customers.

One key to the new approach was finding a way to track which customers were abusing the return policy. After researching possible solutions, the asset protection team partnered with The Retail Equation, a retail management consulting firm, to develop a return policy that could catch serial returners. Dykes purchased a service, Verify-2, offered by The Retail Equation that would allow cashiers to check the name of each person attempting to return merchandise against a list of those who had done so before, particularly if they had no receipt.

[ Stay Aware of Threats. SM7 Newsletter: Sign Up ]

Cabela’s implemented a return authorization program that would work with the Verify-2 system. The return policy was changed to say that all returns required a valid ID and that each customer was allowed only a certain number of no-receipt returns. Now, when a customer attempts to return an item with no receipt, the cashier asks for ID and uses the Verify-2 service, via a software interface at each register, to determine how many no-receipt returns that person has previously made. After a certain number of these returns, all subsequent returns are denied, and that person is flagged in the system so that a warning appears to the cashier when a return is attempted.

According to Dykes, the store still honors all returns that are accompanied by a receipt. “We see the receipted return component as an acceptable risk,” explains Dykes. “We didn’t want to negatively affect our customer experience, and most folks pulling this scam were frequently returning items without a receipt.”

Cabela’s trained its front-end teams on the new return policies and procedures across all stores and channels.

The new return policy has been successful. For example, in one case, an individual tried to make a no-receipt return and was asked to produce ID by the cashier. Using the Verify-2 system, the cashier confirmed that the person was ranked as number 9 in the top 25 returners at Cabela’s. Before the person was flagged in the system, he had created losses in excess of $13,000. According to Dykes, within one year of implementing Verify-2, store returns were reduced by 10 percent, saving the company millions of dollars in increased net sales.

Dykes and his team also offered staff refresher training on shoplifting and theft awareness. In addition, the company implemented what is called cart testing to ensure that cashiers were scanning merchandise properly. In this type of testing, cashiers are presented with challenges. For example, merchandise is hidden inside boxes or at the bottom of the basket and UPC labels are switched for similar products. After ringing up the merchandise, cashiers are coached based on how well they processed the items in the cart and how many errors they uncovered. According to Dykes, this training proved to be beneficial to the overall asset protection program, and the company has continued the periodic training.

The training program now includes updates on known scams. For example, the company trains employees to check the inside of bulky boxes for stolen items and to ensure that the item that comes up on the scanner is the item being purchased. “The training helps bolster our professionalism,” says Dykes. “And we have new employees and seasonal help that comes in, so there’s continuous training that must occur.”

Risk Profiles

The asset protection team also performed an analysis of the physical security equipment used at each Cabela’s store. This analysis included costs associated with alarms, personnel, security devices, and cameras at each store. These costs were then compared with internal shrink and external crime metrics. Each store was then assigned a risk profile based on this analysis. The profile determined what type of security equipment the store would receive and what policies would apply in that location.

For the analysis, the team first pulled internal metrics for each store, including trends such as losses. They pulled crime statistics from CAP Index to determine the frequency and severity of criminal activity around the store. The team also benchmarked against the security being used by other retailers in the vicinity of those Cabela’s stores.

After compiling all of the data, the asset protection team was able to designate each store as a high, medium, or low risk. Each risk level is associated with a specific security plan that designates everything from staffing levels to asset protection measures. The plan has led to a 15 to 20 percent cost savings on physical security over the past two years with no degradation in protection.

The risk levels allow for a concrete protection plan that is still tailored to a specific store and location. “It’s smarter than a cookie-cutter approach, but we don’t have to do a plan for every store,” explains Dykes.

The risk profiling is also used in deciding where the company will locate new stores. “Taken overall, we open more stores that are lower risk than high risk,” says Dykes. “But that middle level—medium risk—has the lion’s share of stores. So, by avoiding high-risk stores, we’ve saved money overall.”

When devising the risk profiles and measures that would accompany them, the asset protection team made one universal change aimed at significantly reducing costs while improving security: it switched all of its analog video systems to digital.

In the past, it would require 12 DVRs in a room to record the activity from one store, which put a heavy load on the heating and cooling system, among other considerations. Recording digital images, which are housed on a server, removes that problem. More importantly, perhaps, digital images can be searched more easily to obtain the desired footage, saving hours of staff time.

Link Analysis

The asset protection department includes an organized retail crime (ORC) team. The team sifts through data from all aspects of the company using link analysis and other analytics tools to build interconnections and find trends and patterns to identify ORC and the specific individuals involved in it. This has helped Cabela’s keep ORC gangs out of its stores, even shutting down some gangs and facilitating arrests.

The ORC team gathers data by looking at ORC trends and methods as well as by searching for what’s hot on the ORC market. The team searches for small items that are expensive and can be resold easily, especially online. For example, the team discovered that marine sonar units are a target of ORC groups because the units cost up to $3,000 each and are often resold on eBay. Based on this data, the team flags certain kinds of losses as potential ORC activity. Then, the team cross-references the information with return rates from individual stores. “This helps us develop a picture,” says Dykes. “Is this [an] isolated incident or an ORC activity?”

If the manager determines that an ORC operation is underway, the manager takes steps to identify the perpetrators and uncover how they are making a profit. Once the manager feels that this information is solid, Cabela’s partners with federal, state, or local law enforcement. “Ultimately, the end game for us is not to just prosecute individuals but to get to the next level and shut the operation down entirely,” says Dykes.

By using this method, the ORC team uncovered an ORC gang operating in the Dallas market that had stolen at least $85,000 from the company. The gang was caught when a member returned a stolen GPS unit to a Cabela’s store. The GPS unit was stolen using a scam where one person would go into the store, find a cheap item in a large box, put the GPS unit into the box, and mark it in an inconspicuous way, such as with a small dot. Then, several days later, another member of the group would come into the store and buy that box. The gang would then fence that item or return it to the store for a refund.

Because the ORC manager had flagged the GPS units as a target item for the gangs, the manager looked at the specific GPS unit when it was returned. The ORC gang had actually used the device to make its criminal rounds and the GPS still had the travel history intact. Law enforcement was able to identify retailers within a 60-mile radius as victims of the gang. More importantly, the GPS pinpointed the gang’s home base and allowed police to arrest the criminals.

Online Fraud

In 2012, Cabela’s created an e-commerce component within the overall asset protection team to identify and resolve organized e-commerce fraud. The team quickly identified various fraudulent transactions and used link analysis to connect these transactions to organized groups. Once the team realized these issues were interconnected and organized, they applied new tool sets and rules for processing online transactions. This allowed them to identify potentially fraudulent transactions and either stop the sale or put it through a more detailed review process before accepting the transaction.

For example, in one typical scheme, a group of criminals in Baltimore set up six computers with unique IP addresses. They then used 100 stolen credit cards to make purchases, being careful to link one credit card to one or two computers, giving the illusion that the purchases were valid. The thieves completed 117 transactions in 90 days, resulting in $100,000 in fraudulent sales. The team was able to shut the gang down after identifying them through their shipping addresses—all of the transactions were going to one set of addresses. The team notified federal law enforcement, which set up a fake delivery truck and had warrants ready as the illegally purchased packages were delivered.

This is just one of numerous incidents over the past year, according to Dykes. Cabela’s is already seeing a significant financial impact through its e-commerce efforts, which are helping them find and close security gaps. “My opinion is that the advantage is in learning behaviors,” Dukes says. “We need to know how they are taking advantage of our system so we can plug those holes. That’s where we are seeing the biggest return on investment.”

In addition to these tangible results, revamping the approach of the asset protection department has helped it fit in with the overall corporate environment. “It’s important for the asset protection team to take a business-minded approach as it reviews data and analytics,” says Dykes. “This has been a natural progression for Cabela’s throughout the past few years, and it has helped our team realize significant financial gains for the company.”

Teresa Anderson is senior editor at Security Management.