Fraud/White Collar Crime TroubleGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-03-01T05:00:00Z, Holly Gilbert Stowell<p>​The insider fraud that took place at Wells Fargo is still being investigated, but experts say the scam that involved the creation of 2 million unauthorized customer accounts is unprecedented. Beginning as early as 2011, thousands of Wells Fargo employees created bank accounts for existing customers without authorization, and generated millions of dollars in fees that profited the company along the way. </p><p>“Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses,” said Richard Cordray, director of the Consumer Financial Protection Bureau (CFPB) in a statement. </p><p>The CFPB went onto say that workers even created fake PIN numbers and phony email addresses to fraudulently create the accounts. The bank will pay $185 million in fines to the bureau and $5 million to customers for their losses.</p><p>During a U.S. Congressional hearing in which then-Wells Fargo Chairman and CEO John Stumpf testified before lawmakers, U.S. Rep. Maxine Waters (D-CA) called the event “some of the most egregious fraud we have seen since the foreclosure crisis.”</p><p>Stumpf stepped down in October 2016 as leader of Wells Fargo, and forfeited $41 million in stock awards and part of his 2016 salary and bonus. Since the scandal was uncovered, the bank has fired at least 5,300 employees.</p><p>While the ethics scandal at Wells Fargo garnered international attention, insider fraud and theft by employees has become increasingly prevalent at financial institutions. In 2014, New York Attorney General Eric T. Schneiderman announced the arrest of an identity theft ring that had siphoned $850,000 from a bank’s customer accounts with the help of several tellers at banks in New York City and surrounding counties. </p><p>In 2015, two private bankers with J.P. Morgan Chase were indicted for funneling $400,000 from Social Security accounts of 15 people, some of whom were deceased, according to court documents from the Brooklyn District Attorney’s office. </p><p>Schneiderman later sent a letter to several large banks, including J.P. Morgan Chase, Bank of America, and Wells Fargo, urging the financial institutions to rein in their employees’ access to customer data. The Wall Street Journal first reported on the letter, which it obtained in June 2015. Schneiderman said that teller theft was the number three cause of data breaches in the state of New York, just behind poor cybersecurity and lost or stolen equipment. </p><p>Schneiderman concluded that “much of the wrongdoing could have been caught if the banks had noticed and shared red flags; for example, an employee accessing an unusually large number of accounts or looking up accounts without dealing with those customers,” according to the article. ​</p><h4>Access to Information</h4><p>Experts say that an increase in theft and fraud has been accompanied by an evolution in the banker’s role. The traditional role of the teller who sits behind a desk counting dollar bills has progressed with the proliferation of the Internet and other digital tools. </p><p>“Technology now handles so many of the traditional teller transactions, like checking your balance or moving your money,” says Dr. Kevin Streff, associate professor and director of the Center for Information Assurance at Dakota State University. “Those kinds of transactions that used to be handled by people are now handled by automation for a large part, so the teller’s responsibility then moves up to the next level of service to the customer.” </p><p>Such transactions include changing personally identifiable information details on accounts, all available to tellers with the click of a button. </p><p>“Technology in general makes it so much easier to get the information that we’re talking about; there’s no question that’s increased the risk for internal theft cases,” says Kevin Smith, CPP, former senior vice president and corporate security director at Chevy Chase Bank and member of the ASIS International Banking and Financial Services Council. </p><p>But with the proliferation of ATMs and online banking services, this increased access to information is coupled with a diminished demand for tellers. They don’t garner the largest salaries—on average, tellers make about $13 an hour, or $27,000 a year, according to 2015 statistics from the U.S. Bureau of Labor. Experts say these low wages, combined with tempting sales-goal incentives, can create a formula for theft and fraud. </p><p><strong>Theft.</strong> Streff notes that the black market for customer records, credit card information, and other sensitive data is based on supply and demand, and the current supply is high. Therefore, employees will be tempted to steal more records to make the most money. </p><p>“It’s still very motivating to get 1,000 payment cards from a bank, and even if you can only get $25 a card, that’s still $25,000,” he says.</p><p>And there are plenty of bad actors waiting on the other side of the Web to help them carry out the crime. “The bad guy externally has the skill, the insider has the access privileges and the rights and trust, and that together creates the perfect storm to be able to complete that cybercrime,” Streff explains.</p><p>He recounts such a situation investigated by his firm Secure Banking Solutions, a cybersecurity company focused exclusively on the banking sector. </p><p>“We saw a situation at a Midwestern bank where a couple of tellers were printing about eight customer records each per day for about a year, and then they were putting them in their bags or purses and walking out the door,” Streff says. “So eight customer records a day is about $200 a day—there’s a nice little augmentation to their salary.”  </p><p>During his long tenure as a security director and vice president at banks across the country, Smith says he dealt with a similar situation during a merger and acquisition. </p><p>“The criminals were focused on the fact that the employees would no longer have allegiance to the company” that was being acquired, he says. “We apprehended one of our employees working at a call center that was selling customer information in the parking lot to someone that had approached them and said, ‘I’ll give you $50 for every name, address, telephone number, and date of birth that you can give me.’” </p><p><strong>Incentives.</strong> Scamming customers with help from the outside is just one of many risks faced by financial institutions. Corporate culture can become the catalyst for bad behavior as well. </p><p>During the U.S. House Congressional Services Committee hearing on Wells Fargo, lawmakers criticized the sales incentives that offered rewards to employees who opened a certain number of accounts. CNN Money reported in September 2016 that Wells Fargo employees had complained about the “pressure cooker environment” created by these “wildly unrealistic” sales goals. </p><p>Stumpf testified before the committee that sales goals were being eliminated companywide in January 2017 as a result of the scandal. </p><p>While this practice had become toxic at Wells Fargo, other banks rely heavily on the motivation behind such goals. </p><p>“The reality is that many companies, particularly smaller companies, survive on those sales goals,” says Smith, adding that common practice is to reward not only tellers, but managers and senior executives when their employees reach those goals. </p><p>This practice can lead to fraudulent behavior when employees are pressured to meet goals or face negative repercussions for not doing so. “When you dangle the guillotine over someone’s head and say ‘If you don’t do this, this thing is going to happen to you.’ Well come on, leadership gets exactly what they deserve,” says Clint Hilbert, owner of Corporate Protection Technologies, LLC. “They’re actually promoting that behavior.” </p><p>Hilbert says that a series of checks and balances within the company will help prevent fraud from occurring. </p><p>“The checks and balances have to be built in from the time you’re pursuing a market to the time you’re reinvesting your profits,” he says. “All of those stages in between have to have checks and balances that can be independently surveyed.” </p><p>Smith echoes the concern regarding a competitive sales environment, and notes that management can often become a part of the problem. </p><p>“Hypothetically, I think what happens in those situations is people are incented to sell, sell, sell,” he says. “And if the person monitoring that activity is also gaining from the sell, sell, sell, they’re disincentivized from identifying any problems.” </p><p>Having an independent third party or group outside the management chain to audit sales activity ensures that banks aren’t engaging in fraudulent behavior.​</p><h4>Management </h4><p>Experts say that engaging employees and giving them a sense of buy-in at the company is a first step to keeping them from becoming an insider threat, and treating whistleblowers with fairness and exercising transparency can help leadership build trust. </p><p><strong>Whistleblowers.</strong> Since the Wells Fargo scandal came to light, employees have come forward saying that they were fired or punished for blowing the whistle on the fraudulent activity taking place. </p><p>In a November 2016 letter to new Wells Fargo President and CEO Timothy Sloan, U.S. Senators Elizabeth Warren (D-MA), Robert Menendez (D-NJ), and Ron Wyden (D-OR) inquired about the firing of certain employees, writing that “the bank may have done so to retaliate against whistleblowers.” </p><p>Former employees told NPR News that they received bad marks on their U5 forms—a system set up and operated by the Financial Industry Regulatory Authority—after pointing out the fraudulent behavior. Those forms are essentially used as a permanent record of their employment history as a banker. Wells Fargo says it is investigating those claims.  </p><p>Hilbert says that anyone who raises a red flag about company practices should be treated with fairness, whether they are right or wrong. </p><p>“The first time you publicly fry a whistleblower, you no longer have ownership by the employees,” Hilbert says. “Even if the whistleblower is 100 percent wrong, there has to be transparency because that’s where you’re going to lose trust.” </p><p>Rather than creating a culture where managers are pitted against employees, Hilbert says, creating mutual respect will fuel the two-way relationship. He adds that employees essentially should respect the company more than they respect their coworkers who engage in bad behavior so that they report any incidents. </p><p> “You have to be transparent, you have to be honest, and you have to communicate—therein lies the basis of every relationship,” he says. “That trust today is such an important factor for the C-suite to embrace.”</p><p><strong>Hiring and training.</strong> Increasing levels of responsibility for tellers ought to be supplemented with more security training and better hiring practices, Smith says. And security compliance and training programs should be ongoing to keep employees engaged with banking best practices. </p><p>“Those types of training programs on ethics in the workplace really have to be an integral part of the program coming through the door, and they have to be emphasized on a regular basis,” he notes.  </p><p>For many bank workers, it may be their first job, meaning they haven’t had exposure to security or compliance training in the past. </p><p>“These tellers and call center employees can be right out of high school,” Smith says. “It’s an entry-level position, and you really need to drive that point home about ethics in the workplace because they’ve never had that training before.” </p><p>Hiring people with the right background is critical for employees that will be handling sensitive customer information. Banks can take advantage of access to law enforcement to conduct background checks. </p><p>“In the financial services industry, background investigations are critical,” Smith says. Under Federal Deposit Insurance Corporation (FDIC) rule number 19, banks can get permission to go directly to the FBI for such background screening. </p><p>Smith adds that under these regulations, banks are also prohibited from hiring someone who has been convicted of a theft or a breach of trust offense. </p><p><strong>Monitoring.</strong> Supervisors need to be the first line of defense when it comes to ensuring their employees aren’t engaging in bad behavior, Smith says. He explains that several technological tools are available to help produce reports using data from employee transactions. Using those reports, supervisors “ought to identify what the typical pattern is for their employees…and develop a report that would alert to out-of-pattern activity.”  </p><p>A worker accessing unusual amounts of customer information could be a tipoff to fraudulent behavior. “Let’s say typical daily activity for a teller is servicing about 50 accounts,” Smith says. “If you find that they’re looking at 300 accounts, that’s out-of-pattern activity and should be investigated.” </p><p>Streff adds that while technology is a great tool, creating awareness within the company is invaluable. “Certainly you want controls in place that lock things down, you want sensors to identify anomalous behavior, but you want to create an awareness in your workforce to be a protection as well,” he says.  </p><p>And employees at all levels can be the best tools for fighting insider threats, Hilbert says. “If you have 100 employees, you have 200 eyes,” he notes. “And if you can motivate those employees to do your camera work for you, you’ve got the best camera system that money can buy.”  ​ ​</p>

Fraud/White Collar Crime Trouble of Opportunity Clean Review: Anti-Fraud Program Design Review: Fraud Identification and Prevention the Ante on Corruption Expands Corruption to Focus on Executives in Corporate Investigations Review: White Collar Crimeón-Médica.aspx2015-06-10T04:00:00ZFuga de Información Médica Medical Data Tries to Cage Corruption the Biometrics Test Analytics: Strategies and Methods for Detection and Prevention Theft, Inc. Fraud in Lithuania Blocking Releases 'Culture of Compliance' Guidance for Financial Institution Leaders CAST A Wider NET

 You May Also Like... to the Masses<p>Sanofi is a global pharmaceuticals business that manufactures and distributes vaccines and medications worldwide. The organization provides diabetes solutions, consumer healthcare services, animal health products, and other therapies. Sanofi Pasteur, the vaccines division of Sanofi, provides more than 1 billion doses of vaccines each year, which immunize more than 500 million people across the globe.<img src="/ASIS%20SM%20Callout%20Images/0317%20Case%20Study%20Stats%20Sidebar.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:296px;" /></p><p>With more than 100 locations in the United States, Sanofi has approximately 25,000 employees domestically, and a global workforce of more than 125,000. Keeping track of those workers and ensuring their safety is of utmost concern to the company, says Joe Blakeslee, security systems manager at Sanofi. </p><p>For its North American sector, the organization incorporates several solutions as part of its overall security profile, including access control, CCTV, and emergency notification. For many years, Sanofi had several mass notification platforms that were disparate, without a centralized way to manage alerts for all employees. </p><p>In late 2014, Sanofi put out a request for proposal to find a product that could unify its many mass notification platforms into one seamless solution. Near the beginning of 2015, it chose Everbridge Mass Notification, a Web-based application that allows for distribution of messages to a large audience. </p><p>“The biggest part about Everbridge that stood out was the user interface,” Blakeslee says. “It provided everything we needed, and we were also impressed with how easy the system was to use.” The Sanofi North America security team started rolling out the application at the beginning of 2015 for internal security purposes, and in June of that year began registering all North American employees into the system.</p><p>He adds that the variety of options for reaching employees was paramount, given Sanofi’s mobile workforce. “Everbridge has multiple modalities in which you can actually send the message,” he says. “We use all the modalities whether it’s cell phone, SMS, home phone, or email. We give all of our employees the ability to elect whatever modality they would like.” Employees rank their preferred communication modalities in order when registering for the system; that way, if one method fails to contact the worker, notifications will automatically be sent via other methods until the party is reached.  </p><p>Everbridge is used on a daily basis at Sanofi, he adds. “Every day we use the application to alert various groups within the company, whether it’s related to fire alarms, evacuations, hazmat response, or other incidents.” </p><p>Sanofi has a central security services center (SSC). There, analysts monitor the business locations across the country for alarms and alerts using various security management software. Only designated individuals within the SSC can access the Everbridge platform and administrate messages through the platform. When there is an incident, such as a fire alarm, analysts send out alerts to the affected employees to give them situational awareness through the Everbridge Web portal. In the fire example, employees would be alerted to evacuate the building and await further instruction. The messages being sent can be selected from a set of prewritten options, or modified based on the particular event; normally in an emergency, the messages are written at the time by the security team. </p><p>“Say you have a building with 3,000 people in it. We want to reach them wherever they may be,” he says, “and reach as many people as we can in as little amount of time as possible.” </p><p>The Everbridge application is used to notify workers that it is safe to return to their desks. It also displays in real-time the status of employees involved in the incident. Employee status can either be confirmed or unconfirmed. If someone is unconfirmed, the Everbridge system allows the SCC to resend the message or try a new contact path based on the order of the employee’s preferred contact methods to try to get a response. For example, if sending an SMS to a cell phone doesn’t work, the system will make a telephone call, then send an email, and so forth. The confirmation lets the security team determine which employees are safe. </p><p>The system helps get employees back to work more quickly, because people aren’t wondering whether it’s safe to return to their desks. </p><p>Everbridge can also be used for incident management. For example, in the case of a trespasser, security would get an alarm or a phone call. “From there, SSC would send out a notification from Everbridge to the local emergency response personnel, asking for them to respond to the occurrence,” Blakeslee says. “After the message is sent to all the recipients’ devices, the SSC would, in real time, monitor the responses from the recipients’ confirmations and determine how many people are responding to the event.” </p><p>Everbridge isn’t just used for reactionary purposes. It provides proactive security measures as well. Sanofi has security officers at each of its locations, and the organization conducts daily check-ins with those personnel who are patrolling alone to ensure they are safe and accounted for. Sanofi expects a message back, and “if they don’t respond, we escalate that to the SSC and they handle it from there,” Blakeslee says.  </p><p>He adds that the mobile nature of the modern workforce means that employees won’t always be working from their primary location. “Our workforce is dynamic. One day I may be working in Pennsylvania, the next day I might be in New Jersey,” he says, noting that several employees and contractors travel frequently. To help keep track of its mobile workforce, Sanofi rolled out a newer feature from Everbridge called Safety Connection in the second quarter of 2016. The solution aggregates geo-location data from multiple systems so Sanofi knows where its employees are at any given time.  </p><p>Blakeslee says that given the sensitivity of materials they manufacture and distribute, as well as the importance of their services to customers, the culture at Sanofi is safety oriented. “Anything dealing with safety we’re really reactive to, so Everbridge provides us another means of communicating to keep our employees safe.”</p><p>--<br></p><p>For more information: Jeff Benanto,,, 781.373.9879 ​</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Performance Trends<p>​</p><div>On December 24, 2003, a woman broke into an exhibit case in Kentucky’s Owensboro Medical Health System and stole a case of 50 antique glass eyes. The theft was an unwelcome Christmas present that could’ve been a black eye for the hospital, but fortunately, the security team had the right detection measures in place. The woman, who had the unlikely but appropriate name of Wink, was recorded stealing the goods by the hospital’s CCTV cameras and was quickly caught.</div><div><br> </div><div>Apprehensions are one mark of the security department’s effectiveness. But the security department at the Owensboro Medical Center—which has some 447 beds and which handled more than 60,000 emergency-room visits last year—wanted a more comprehensive way to measure its performance on a day-to-day basis. It chose as its metric average hours per incident.</div><div><br> </div><div>Selecting an indictor. In developing a system for looking at how well security resources are deployed and how effective they are, the first challenge was identifying what exactly should be monitored. While security incidents are easy to count, we wanted to go beyond whether incidents were trending up or down. We also wanted to go beyond simply looking at whether costs per square feet were up or down.</div><div><br> </div><div>The goal was to select and define an indicator that could be used to measure the level of security and the effectiveness of preventive activities. The indicator chosen was time per incident.</div><div><br> </div><div>The first step was to quantify the time devoted to each reported incident as a way to establish a baseline for security coverage. As the security supervisor, I planned to correlate each new measurement against this baseline as a workable measure of security performance.</div><div><br> </div><div>Measurement components. There are two components of the performance measurement. First is the hours devoted to security. This factor only includes regular and overtime hours that the security staff is actually working—it doesn’t include any other hours, such as vacation or sick time.</div><div><br> </div><div>Second are the incidents and activities themselves. In a healthcare setting, incidents might include disturbances caused by visitors or patients, medical detentions, or safety-related occurrences such as fire drills. A comprehensive risk assessment will help define the types of incidents a facility will need to track.</div><div><br> </div><div>Activities may encompass routine duties that security staff carry out, such as patrolling the grounds, escorting visitors, or bringing articles to or from the safe. All of these specific incident responses and routine activities are collectively called incidents for simplicity sake throughout this article.</div><div><br> </div><div>To determine a measure of performance, the total number of security hours was correlated to the number of incidents to provide a ratio of hours to the total number of tasks completed. This is not a measure of the amount of time devoted to each security assignment—which can range from a few minutes for a safe run to a full shift for an officer sitting with a detained patient—rather, it is a global statistical ratio of total hours worked to total security actions handled.</div><div><br> </div><div>Graphing results. By graphing this relationship of total hours to total incidents each month, we developed a curve that represented a level of performance for the facility. While I can't go into the specifics from my own organization for confidentiality reasons, the point is illustrated with two years of hypothetical numbers. </div><div><br> </div><div>Year 1 (see chart) shows typical statistics for a facility with a security staff of about 10 full-time officers with a representative number of incidents recorded each month during the year. You can see that towards the end of the year there is an alarming downward trend in the curve; that is, there were fewer hours spent on each incident. </div><div><br> </div><div>There were several possible explanations for this. For example, the fictional organization might have been expanding, such as by adding a new medical office building. As a result, officers would have had more areas to patrol.</div><div><br> </div><div>Perhaps the hours of outpatient services were extended as well, meaning that there were more people in the building than in earlier months. Since the number of security officers remained the same despite the larger facility and the extended hours, there would have been more incidents to respond to within the same time frame, thus causing the downward trend.</div><div><br> </div><div>Benchmark. At Owensboro, we chose a baseline of 12 hours per incident. Because the system was still under development, this number was chosen provisionally after reviewing the existing data. It served as a benchmark against which future data could be analyzed.</div><div><br> </div><div>If this number proved to be off the mark as a reasonable baseline, we could adjust it later. But as long as it was the baseline, the goal would be to track trends against this number, and where the results rose or fell, to find out why and to take steps to reallocate resources so that the average hours per incident would stay in the range of 12.</div><div><br> </div><div>If the number of hours per incident rose, that might indicate that we had a reduction in the number of incidents. Alternatively, it might simply be because more hours were available thanks to overtime or fewer sick days. We analyzed the data each month to determine the underlying cause of the shift and to put the findings into proper context for our own use and for management.</div><div><br> </div><div>When hours per incident are up, the security department can reallocate resources to improve overall performance. For example, security officers could be directed to devote more time to making rounds, thus providing a more visible presence to deter crime. Additionally, they could be more available to defuse potentially volatile situations before they could escalate, and to work closely with the public, patients, families, and visitors to increase customer satisfaction by attending to their needs, such as escorting visitors or staff to parking areas.</div><div><br> </div><div>Conversely, if security hours decrease or incidents increase, the number of hours per incident will decline, as happens in the example chart. By examining the underlying data about incidents and staff time, the security department can assess the cause and take corrective action or use the numbers to justify a request for more staff.</div><div><br> </div><div>In our case, we were expanding the facility, and our analysis showed that the addition of one-half full-time employee (FTE) to patrol the added space would bring our hours per incident back into compliance. This calculation showed a whole FTE was not necessary, particularly when an adjustment in fixed factors was made, such as a revision of lockdown procedures and the installation of new cameras and signage in the new medical office building. Not having to hire a full FTE would save the department money, but because the metrics showed that we were maintaining our benchmark goal, we knew that we were not sacrificing the level of security in the process.</div><div><br> </div><div>It’s interesting to note that if we had used the more traditional indicators such as hours per square foot, we could have argued that the facility needed a whole FTE as opposed to one-half FTE. By using the performance measurement formula, and making improvements in fixed security factors, our goal was obtainable while still keeping within budget constraints.</div><div><br> </div><div>The increase in security coverage raised the curve back to the desired security level even though there were actually more incidents reported in some months. The Year 2 graph shows how implementing this type of improvement plan could affect the numbers.</div><div><br> </div><div>Working with this model over the past couple of years has helped us to establish the appropriate staffing levels for the area we presently cover. As we expand our medical office areas and build a new cancer treatment center, we will continually reevaluate our staffing requirements.</div><div><br> </div><div>PDCA. Creating a system to benchmark security performance was an important element, but it was only part of our overall solution. Our facility uses the Plan-Do-Check-Act (PDCA) cycle for performance improvement to comply with Joint Commission on Accreditation of Healthcare Organizations’ performance standards. Our PDCA performance improvement model was developed as follows.</div><div><br> </div><div>Plan. Our plan was to monitor the level of our security by trending the number of hours as a function of total security responses to determine a level of security performance, with a goal of maintaining an average of 12 hours per incident.</div><div><br> </div><div>Do. Officers fill out a security incident report for each security incident. This report describes the security incident, the actions taken by officers, and the results of that action. This security log is put in a box in the security office, and subsequent security shifts review it to see what’s going on in the facility.</div><div><br> </div><div>We expanded our camera system and redirected several cameras. We enhanced security by securing access to the building after hours, and we are reviewing our lockdown procedures as they apply to both staff and visitors. We are currently upgrading our badge-access entry points to the building to limit access to the building during off hours.</div><div><br> </div><div>We created a dedicated security office near the ER from which to centralize security operations. And a security officer now makes a proactive effort to reduce security incidents by making a presentation at new employee orientation about parking and personal security habits.</div><div><br> </div><div>Check. We checked our progress by using the security incident reports as source documents for reporting all incident statistics to the Environment of Care committee each month and at year-end. This information is graphed along with hourly payroll statistics to allow us to see our progress.</div><div><br> </div><div>Act. We acted on the results by changing coverage and modifying protocols as required to meet these issues. We adjusted our staffing levels to accommodate our new service offerings and expanded facilities.</div><div><br> </div><div>The final piece consisted of reporting our performance to the Environment of Care Committee and including the performance results in the annual security evaluation submitted to the hospital’s governing body each year.</div><div><br> </div><div>What’s ahead. Despite the benchmarking tool’s effectiveness so far, it’s still in its formative stages. One thing that has become clear is that not all incidents are the same, so there needs to be a way to weigh each one and to add those weighted values to the mix. This is an effort I am working on presently.</div><div><br> </div><div>For now the tool allows us to benchmark our security performance, and it gives us a way of communicating to management what level of security is being provided. It also provides a basis for funding requests in an era of increased competition for available resources.</div><div><br> </div><div>The net outcome is that we now have a much better confidence level in our security coverage because we have a simple method of visually presenting our level of security that management and security staff can identify with, and one that helps justify requests for security enhancements when new security challenges arise. </div><div><br> </div><div>Stephen Wall supervises security and communications at Owensboro Medical Health System in Owensboro, Kentucky, which services western Kentucky and southern Indiana. He has nine years of experience in coordinating environment-of-care issues for their facility.</div><div> </div>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Theft, Inc.<p>On any given day in any given location in the world, there is a retail boss taking stock of his or her organization and planning mission strategy. Priority number one for this boss is hitting the number goals for the rest of the fiscal year. Although sales are strong, and orders are coming in daily, filling these orders has become a midyear crisis. Issues with sourcing are putting profits at risk. Staffing problems are further complicating matters. On top of all of this, there is external pressure on the organization by an oversight group wanting answers to key questions.</p><p>The above scenario, while common, does not come from the boardroom of a conventional retail company. It's a picture of the issues facing an organized retail crime (ORC) syndicate that targets conventional brick-and-mortar retail locations and steals billions of dollars in merchandise each year. </p><p>The impact of organized crime on retail is devastating. The National Retail Federation estimates that ORC results in $30 billion in losses for retailers every year. Retail expert Richard Hollinger found in a recent study that retail shrinkage—the portion of inventory that is lost or stolen—cost the industry $37.14 billion last year, or 1.5 percent of total retail industry sales. The National Shrink Database, developed by CAP Index and LP Innovations, indicates that the problem with shrink is endemic. The developers surveyed 52 retailers and discovered an average retail shrink in excess of 2 percent of sales.  </p><p>"ORC is definitely a problem that keeps me up at night," says Mike Silveira, vice president of loss prevention for CVS Health, based in Woonsocket, Rhode Island.</p><p>Nonetheless, the industry is not taking the losses lying down, and retailers have come together to wage a war against ORC. In this battle, companies are joining forces with government and law enforcement officials to launch operations designed to identify and prosecute those committing ORC. There are also new technological tools, and even a think tank for the development of loss prevention strategies.</p><h4>Structure</h4><p>An ORC syndicate is an organized group of criminals who attack retail. But unlike most organized crime groups, ORC teams are usually streamlined with minimal layers of leadership. This is by design; the fewer moving parts, the more likely they can avoid collapse when an operative is captured and provides evidence to prosecutors. A typical ORC cell consists of only three layers: boss, boosters, and fence.</p><p><strong>The boss.</strong> The boss keeps the organization afloat. He or she cultivates orders, determines which merchandise to steal, and selects boosters and fences to source and sell products. The boss keeps out of day-to-day theft activity, so as not to jeopardize the cell's existence. </p><p><strong>Boosters.</strong> Boosters are shoplifters. The term derives from shoplifting techniques used in the past in which "booster boxes" were designed to act as vessels to conceal and transport merchandise out of a store. Boosters are the plague of retailers; often working in teams, they adjust well to preventive measures and understand how traditional surveillance works. A good booster can clean out a retailer of prime high-dollar merchandise in a matter of minutes, then return to do it again once shelves are restocked. Boosters also burglarize and steal from retail warehouse facilities, distribution hubs, transit shipments, and storage facilities.</p><p>Boosters can be broken down into three categories. A level one booster is often a drug addict who receives, on average, 20 cents for every dollar's worth of stolen items. A level one booster steals merchandise valued at between $650 and $1,000 per day and, usually, earns only enough to support a drug habit.</p><p>Level two boosters work in groups of two or three and travel in wider areas to steal. They may cross state lines to look for jurisdictions with lax shoplifting laws, then bring back the goods to their home base to fence. These boosters usually make 25 cents on the dollar.</p><p>Level three boosters may be recruited by the ORC cells for full-time shoplifting. They typically travel the country for weeks or months at a time, stealing to fill specific orders. These boosters are usually not addicts and see their work as a career position. Level three boosters receive the greatest compensation for theft, more than 25 cents on the dollar, the exact amount depending on factors such as length of relationship, geography, items stolen, and supply and demand.</p><p><strong>Fence.</strong> The fence is the retail arm of the ORC operation. After merchandise is stripped of evidence that it originated from a brick-and-mortar retailer and  sometimes repackaged, it is offered to outlets for sale. Today, legitimate sites, such as Amazon, eBay, Craigslist, and Back Page, have unintentionally become vehicles for fences, with stolen goods sold to unsuspecting customers. However, these online outlets are now working to identify and close off fencing operations. For example, eBay has a substantial ORC task force in place. The company has hired investigators and implemented processes that track illicit transactions. The company also works closely with retailers to connect the criminal dots along the retail pipeline.</p><p>Fences have also found great success in setting up their own brick-and-mortar retail stores selling stolen goods. Other favorite venues for fences are flea markets, pawn shops, and smaller mom-and-pop retailers.</p><p>Generally, fences follow a simple strategy. The boss gets orders and determines items that are popular for resale. Based on this information, the boss conducts research to pinpoint where the items are sold, sending boosters into whatever retail store is necessary to fulfill the orders. The boss then has the stolen merchandise delivered to the fence. The fence either prepares the items for sale to specific buyers or sells them on the open market. </p><h4>Challenges</h4><p>Jerry Biggs, director of the Organized Retail Crime Division at Walgreens, says that ORC groups that are stealing, cleaning, and reselling merchandise back into the retail pipeline are a huge financial challenge for his company.</p><p>The scale of the problem makes it difficult to combat. Some boosters are able to hit a retail outlet and in minutes leave with hundreds of dollars in merchandise. They are back at it the next day. Biggs cites one particular case involving Walgreens, in which the fence sold and shipped out $65,000 in merchandise weekly. When apprehended, he had racked up approximately $900,000 in stolen goods for the year. Moreover, this was not the work of a large ORC operation, but rather a mid-tier one. He corroborated that drug use is a factor—90 percent of the level one and two boosters arrested in his company's cases are stealing to support addiction.</p><p>Silveira agrees about the challenge posed by ORC. "Sometimes our stolen merchandise ends up back in the retail pipeline. When a $25 item is stolen and the fence has minimal dollars invested in the product, the margins are substantial," he says. </p><p> ORC operations also threaten retailers who are not national in scope. But for these smaller retailers, including regional chains, it can be difficult to marshal the resources to fight and overcome ORC activity, as they typically do not have the budget, manpower, or tools that larger retailers possess.</p><p>Mark Gaudette, CPP, director of loss prevention for Big Y Foods, headquartered in Springfield, Massachusetts, says the problem of ORC runs deep for his regional chain. In Gaudette's view, one of the challenges is in communicating the scope of ORC as a grassroots operation to law enforcement officials. Gaudette struggles to educate law enforcement that "we are not dealing with the average shoplifter," he says. </p><p>Since Big Y is a 64-store chain, it deals with more than 60 different law enforcement agencies in multiple states, 15 district attorneys' offices, and 30 regional state attorneys' offices. Boosters often sell through fences in multijurisdictional areas, which complicates prosecutions. "The challenge is getting these agencies to move on taking down fencing operations, as it requires an enormous amount of investigative surveillance and financial resources that they just don't have," Gaudette says. </p><p>The solution? "Formulate a grassroots response," he advises. "We have dedicated one of our store detectives as our court representative to file, present evidence, and testify on all of our ORC cases. We have developed retail asset protection groups regionally to share ORC evidence and activity information, such as photographs, video, and [bulletins], that help smaller retailers get convictions and become more aware of trending data in real time. It is useful to know what the other retailers in the area are experiencing in order to best protect our products and businesses." </p><p>In addition, Gaudette says that federal lawmakers in Washington have refused to give law enforcement agencies more tools needed to fight retail theft. Thus, advocacy for such tools must continue. "It is a situation we must all stay vigilant on, and force the issue that ORC is not just a petty crime," he says. </p><h4>Initiatives</h4><p>According to retired Walmart loss prevention executive Richard A. Wells, his company undertook the first retail initiative to attack ORC in the early 1990s. Wells was charged with developing a team to tackle the early onset of organized crime hitting his company's stores, and he established an investigative task force in June 1992. It consisted of two investigators.</p><p>In 1994, the task force cracked its first major ORC case. Crime teams in Texas, Oklahoma, and Kentucky were charged, and $26,000 in stolen merchandise from multiple retailers was recovered. The case was successfully prosecuted. In 1995, Walmart realized its first million-dollar bust. In 1996, the company developed its own advanced criminal investigative school, which was designed to teach loss prevention management, including better execution of surveillance and evidence-gathering to increase the success of ORC prosecutions.</p><p>In 2001, the search for solutions in the fight against ORC led to the creation of a think tank of sorts—the Loss Prevention Research Council (LPRC). Founded by a group of retailers, including Target, Walmart, CVS, and Home Depot, the LPRC has conducted more than 40  projects, including beta testing for loss prevention technologies, researching shoplifting dynamics, and providing testimony for proposed legislation. </p><p>Under Director Read Hayes, research scientist at the University of Florida in Gainesville, the LPRC recently created an ORC working group. Led by Publix's John Hawthorne, the group will examine and take stock of the ORC landscape and coordinate with other ORC working groups around the industry to help bring data and new solutions to the forefront. </p><p>"The retail industry needs to know the real numbers relating to internal and external shrink, and how ORC affects the external loss category.  We then need to find solutions that work at eradicating ORC activity," Hayes says.</p><h4>Cooperation</h4><p>Large retailers such as Safeway, Walmart, Target, CVS, and Walgreens all have specialized ORC teams, dedicated to the identification, investigation, and prosecution of ORC cells. The teams also work at educating law enforcement and government officials on the ORC operations and how best to eradicate the problem.</p><p>"We have identified hotspots where ORC activity is ongoing, and we have aggressively addressed this challenge by developing a strong ORC team comprising former law enforcement officers and retail investigators who are working across the retail dynamic making cases and shutting down these illegal operations," says Silveira. </p><p>In addition to these specialized teams, multistore joint task forces and other joint initiatives have also been set up to combat ORC. These joint-effort operations have resulted in some of the most successful outcomes in cases against ORC, according to Kathleen Smith, vice president of loss prevention for Safeway, who also sits on the ASIS Retail Loss Prevention Council. In Smith's view, ORC eradication starts with a strong internal team that also partners with other retailers. </p><p>One such task force—composed of retailers like Albertsons, CVS, Rite Aid, Target, Von's, Walgreens, and Walmart—successfully fought ORC operations in Long Beach, California, in a mission titled "Operation Spring Cleaning," which culminated in March 2013. More than 100 loss prevention agents were involved in this sting, as well as numerous law enforcement personnel. The effort led to 71 arrests and netted merchandise stolen from 43 retail companies, including cosmetics, groceries, clothing, and alcohol.</p><p>Another recent case, "Operation Thin Man," executed in Colorado Springs, Colorado, was a joint initiative involving the security divisions of Safeway, Target, Home Depot, and eBay. The operation was an example of the complex web of agencies sometimes needed to bring ORC criminals to justice. Federal agencies, including the U.S. Postal Inspection Service and the Bureau of Alcohol, Tobacco, Firearms and Explosives, were part of the operation. Other participants included the Colorado Springs Metro Drug Task Force, Colorado Springs Police Department, El Paso County (Colorado) Sheriff's Department, Fountain (Colorado) Police Department, and the attorney's office for the Fourth Judicial District.</p><p>"We are getting better at identifying the ORC cases, and law enforcement is getting better at understanding how ORC works," says Smith. </p><h4>Tools</h4><p>Besides joint initiatives, retailers are also focused on technological tools in their fight against organized crime. While these tools help deter theft in general, the technologies are being developed primarily to ebb the tide of ORC damage.   </p><p>More traditional tools, such as electronic article surveillance and employee greeters, are being supplemented by new innovations, such as enhanced CCTV with identity validation, shopping cart lockdown devices, and units that keep track of items on the shelf. Other tools limit the number of items a shopper can take at once. These can be as simple as a ratcheted device that dispenses one item at a time, or a device that requires a store associate to dispense additional units. These were designed to deter shelf sweeping—taking a whole shelf full of merchandise in one fell swoop. </p><p>At T-Mobile, for example, the loss prevention division has engaged with multiple vendors to develop an identity validation video tool, aimed at shortening the time it takes to close cases on organized retail criminals. The tool essentially combines video analytics with facial recognition; T-Mobile uses the 3VR video analytics platform with facial recognition video technology. The video expedites the prosecutorial process by identifying criminals stealing from T-Mobile locations across the entire country. According to T-Mobile, the tool has helped reduce theft and has saved the company money. </p><p>Silveira says he looks for tools that will help his stores keep high-loss goods without compromising sales. "It is critically important to balance sales and loss protection," he says. "We are tasked to mitigate loss without impacting sales. This is something my team focuses on when looking at new solutions."</p><h4>Future Efforts</h4><p>Although these tools, efforts, and initiatives have been effective in individual situations, overall ORC continues to cost retailers billions. Will it ever be possible to significantly limit the damage?</p><p>The answer is complicated. First, retailers need to understand that this problem is not limited to just their bottom line, but instead affects all retailers. A booster stymied at one chain will simply move on to another. Thus, joining forces with other companies is essential to mitigating ORC on a national level. This collective effort also requires greater focus on quantifying the ORC problem and breaking down its true financial impact on retail.</p><p>Efforts to educate and assist law enforcement, as well as state and federal lawmakers, on why ORC is not merely your grandfather's shoplifters must continue. "Most states have strong laws on shoplifting and felony theft as it applies to organized crime," Biggs says. "Strengthening existing shoplifting laws in all states, and seeing that they are properly enforced, is key." </p><p>Deterrence must also improve. Eliminating the opportunity for boosters to steal is critical. If theft is mitigated, the flow of goods for resale dries up.</p><p>Consumers should take heed when buying products from a nontraditional retailer. If the item is packaged as new, is unopened, and sells for less than one would pay at a traditional retailer, there's a good chance that the consumer is funding ORC activity. Moreover, cosmetics and unexpired goods sold at flea markets have most certainly been bought from an ORC network. No producer of retail products offloads such goods at a discount to small operators.</p><p>"Too many people turn a blind eye for a good deal, fully knowing that the items they are buying at discount have to have a backstory. We need to put an end to the pipelining of ORC goods by refusing to support their illegal activity," Biggs says. </p><p>Of course, as retailers strengthen their defenses, ORC groups will modify their techniques to keep their illegal activity afloat. However, in the war against ORC, retailers gain the upper hand by continuing to join forces and staying focused on prosecutions. There is much more work to do, but ORC cells are being put on notice by the retailers focused on eradicating them.</p><p>"We know who you are, and we are onto you," Biggs says. "It may not be today, but soon we will be knocking on your door."  </p><p>Keith Aubele, CPP, is a former director of loss prevention for Walmart and former global vice president of loss prevention for Home Depot. He is the founder & CEO of Retail Loss Prevention Group, Inc., based in Bentonville, Arkansas, and is a member of ASIS.</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465