The cost of retail crime is up by nearly a fifth. It’s changing, but it’s not going away.
The world of retail is fraught with challenges, not least the rising cost of crime hitting margins and brand credibility. According to the latest British Retail Consortium research, criminal activity cost retailers £603m during the financial year 2013/14, up 18% on 2012/13. The BRC defines retail crime as any crime affecting a retail business - customer theft, employee theft, robbery, burglary, criminal damage and fraud.
Released on January 20, the BRC report found customer theft in store accounted for 81% of all retail crime during 2013/14. While the number of customer thefts is down 3.9% per 100 stores, higher-value items are being stolen, causing the average cost per theft to rocket 36% from £177 to £241, the highest level for a decade.
Footwear chain Office hit the headlines last May when the personal data and passwords of more than 1 million customers were left exposed after an encrypted database, due to be decommissioned, was hacked. While no payment details were stolen, Office was warned to address its data protection issues by the Information Commissioner’s Office.
Retail crime cost footwear retailer Charles Clinkard £52,000 in 2014, £20,000 of which was the result of theft by an employee in its Warehouse. “We prosecute as it sends out a strong message,” says Charles Clinkard, the eponymous founder.
“A full police investigation ended with him only getting an 18-month suspended sentence and tagged as it was his first offence.”
Customer thefts at the company’s 33 stores are minimal, says Clinkard, annually representing less than £1,000 per store. “We are reactive to any problem after each six-monthly stock take. I accept we should be more proactive, but as it is such a low-risk area for us it would not be cost-effective.”
The main thefts by shoppers have been of handbags, which Charles Clinkard now keeps chained up in stores.
Coventry-based retail security systems specialist Myriad, for example, designs eye-loop cables which attach to the handbag handle and connect to an alarm box. A single handbag eye loop costs £35, or £390 for 24.
Myriad, which has installed in-store systems for Next, House of Fraser and John Lewis, offers garment guards that clip onto clothing and connect to an alarm system. These range from £155 for a key-operated garment guard protecting 16 garments to £1,000 to kit out a whole department store, usually focusing on the high-value items. Costs decrease as the volume increases.
Despite robust in-store security, Karen Millen’s biggest crime-prevention measure is its personal service, which European retail director Becky Bateman believes is a significant deterrent to thieves.
Retail fraud - covering credit and debit card fraud, account credit fraud, refund fraud and voucher or gift card fraud - rose 12% in 2013/14. While the BRC cannot make a comparison between the growth of online and in-store crime, it has seen a significant year-on-year increase in fraud, mostly committed online, rising in greater volume than more traditional offences like shoplifting. Cyber attacks were up for most retailers questioned, from denial-of-service (DoS) attacks, which overload servers causing them to crash, to site scraping, which extracts confidential data.
Although he recognises online fraud is a risk, Clinkard believes good practice has protected his website. “We monitor repeat activity over a very short period and only ship to the billing or work address with a valid phone number on the first transaction. The customer is required to call or email to confirm the address.
“The biggest loss we had was £1,200 on seven pairs of Timberland boots in 2012. Each purchase was an individual transaction on a different card, but to the same address. We use Sage Pay to do a complete check of the transaction. Sage provides a 3rd man score (3rd man is a third party which performs a fraud prevention check to score the transaction either low, medium or high risk) and if the score is high all details are thoroughly checked again.”
Sage enables retailers to accept payment online, in store and over the phone, as well as conducting regular checks with banks for lost and stolen cards. “We transmit the card details to the bank where they are checked against lost and stolen lists,” explains Sage Pay head of strategy and product management Chris Wade. “We also send information to specialist third parties who can advise on whether a transaction looks fraudulent. We then report back to the merchant before they ship the goods.”
Sage Pay’s ‘Code 10’ functionality allows a retailer that is suspicious a customer may be using a stolen card in store to request voice authorisation to complete the transaction. The bank or card issuer contacts the till the customer is attempting to purchase on to ask a series of yes or no questions.
To understand the damage that can occur if bricks-and-mortar retailers don’t take such measures look no further than US value retailer Target, which suffered a serious dent to its reputation when more than 40 million debit and credit card details were stolen after a hack in December 2013.
A month later, credit card data from 1.1 million customers was compromised when systems were infiltrated at US luxury department store group Neiman Marcus.
Online retailers can seek protect from authentication services like MasterCard SecureCode and Verified by Visa. Around 60% of all UK Visa ecommerce transactions are authenticated by Verified by Visa, which uses real-time scoring to assess the likelihood of fraud. If a card is known to be faked or cloned, it is blocked. The head of risk strategy and policy at Visa Europe, Paul Eagles, says the introduction of contactless payments has had no impact on overall fraud rates.
Womenswear retailer Jacques Vert Group utilises payment authentication service 3D Secure across its seven brand websites, in addition to a payment service provider fraud prevention programme. “We are also compliant to the Payment Card Industry Data Security Standard, set up to help businesses process card payments securely and reduce card fraud,” says head of IT David van Eck.
Home shopping company Shop Direct is working with the Trade Scheme, run by UK transactional data provider Transactis, which collates customer shopping data from participating retailers. This information is then used by claim handlers in ‘goods lost in transit’ cases, when customers demand compensation for clothing they claim was never delivered. The data identifies if they have made similar claims in the past.
Intellectual property theft is another pitfall retailers need to watch out for. Since January the Police Intellectual Property Crime Unit has suspended more than 2,000 websites selling fake luxury goods including Burberry, Longchamp and Abercrombie & Fitch. Brands approach the police with evidence of a copyright infringement and, if the PIPCU verifies a breach has occurred, UK domain registries like Nominet will suspend the domain name, closing down the site.
Intellectual property issues are a key concern for Karen Millen, which strives to do everything it can to prevent imitations. “We have close relationships with partners such as eBay to identify and block any infringements of our brand,” says Bateman.
With the rise in ecommerce, criminals have found new ways to defraud retailers, including returning fake goods. Anna Brown, senior associate in the trademark department of legal firm Gill Jennings & Every, knows of a well-known luxury handbag company which had counterfeit bags returned instead of real bags. The fraudsters then kept the refund and the genuine merchandise. “The brand’s staff refunded these goods, as they had not been educated to spot fakes. This meant they were losing the genuine sale, refunding money they had never been paid, and their reputation was damaged by the faulty counterfeits.”
Registering the intellectual property of a design offers 25 years of protection, so the retailer or brand only has to show a counterfeit product creates the same overall impression as the original. The counterfeiter is then ordered by a court to stop selling the fake, pay legal costs and damages. Designers can also register the copyright of a unique pattern, allowing them to sue for infringement if the design is copied.
Protecting words or images, trademarks can last indefinitely as long as they are renewed every 10 years. “By registering your trademark in the countries of interest you can stop others from registering an identical or similar trademark,” Brown advises.
In-store theft, cloned cards, employee fraud, data hacking and copyright infringement are just some of the hazards faced by retailers large and small.
It is therefore ever more important to remain vigilant as not just profit, but also brand reputation, are at stake.
In Numbers: UK Retail Crime
Direct cost of retail crime in 2013/14, up 18% on 2012/13
Of all retail crime (by volume) in 2013/14 was theft by customers
Average value of customer theft, a rise of 36% - the highest level for a decade
Of shop theft is carried out by organised gangs
Of all retail crime (by value) in 2013/14 was done by employees
Increase of retail fraud in 2013/14
- The majority of retailers reported an increase in cyber attacks during 2013/14