Identity Resolution Daily

By Johnny Norris, Director UK Markets

[Note: Today’s post is from our offices ‘across the pond’ in the UK.]

News this week from ComputerworldUK tells us that large merchants have seen an increase of over 10% over twelve months in fraud through their online businesses. Notably, a considerable piece of this issue has to do with the use of multiple identities (33% of large retailers saw this) and the difficult problem of internal theft.

One of the issues facing multi-channel or Internet retailers is that online fraud is often quite different from store based problems. It’s seen by perpetrators as anonymous, and it is considerably easier to appear to hide identity. Combine this with the ability to ‘pass on’ goods via online auction sites and retailers are facing attack from external and internal sources (often combined). According to the CyberSource research, many retailers are willing to invest in technology to tackle the issue, but most solutions are based on exception and don’t always tackle the huge identity issue.

But, there is good news! Traditionally, store based retailers in the UK have not collected much in the way of customer or returns data (certainly as compared to US retailers), but the online/multi-channel boom is changing that. Retailers now face the issue of what information to store and how to deal with the deluge of it. Fraud analysts haven’t increased in number, so retailers must find a way to harvest ALL their information sources (whether it be employee or customer data) and provide their fraud/security teams with prioritized, high quality information on those using multiple identities, or even working in an organized way. Organized Retail Crime (ORC) wasn’t mentioned in the article, but this is a key area and often the way it can be detected is to identify links or relationships between customers or customers and employees.

Identity resolution technology (AKA entity resolution and analysis technology) that can identify the use of multiple identities and detect fraudulent relationships (or ORC) is now in existence, but not many companies offer the full range of elements. Importantly, this technology can be used to look at the problem of e-fencing via online auction sites as well. Looking for the subtle matches between stock that has gone missing and, say, an online vendor with details a lot like an employee may be a critical step in stemming this fast growing fraud problem.

Can retailers accept a 10% year on year rise in fraud? We think they shouldn’t have to.

Share This

Fox Business: High Shrink Takes a Toll on the Bottomline of Retail Enterprises

“Aberdeen, a Harte-Hanks Company (NYSE: HHS: 13.90, +0.17, +1.23%), surveyed 680 retail enterprises in October 2007 and found that on an average, 60% of retailers surveyed recorded year-over-year shrink or write-off of at least 1.75% of their total inventory (as a percent of sales), further compounding existing theft and fraud-related complexities in retail. Another alarming trend is that almost a third of retailers (30%) have reported between 2% to 6% invalid transactions (unauthorized and fraudulent customer transactions as a percentage of total transactions). This indicates that retailers may be faced with high transaction fraud incidence due to organized retail crime, data loss, and dishonest employees. . . . Cash asset protection, real-time video and transaction data intelligence, and access control are some of the pillars that enable retailers across different sub-segments to build an agile and responsive loss prevention environment.”

Yahoo! News: New ID rules may complicate air travel

“Millions of air travelers may find going through airport security much more complicated this spring, as the Bush administration heads toward a showdown with state governments over post-Sept. 11 rules for new driver’s licenses. By May, the dispute could leave millions of people unable to use their licenses to board planes, but privacy advocates called that a hollow threat by federal officials.”

PogoWasRight.org: De: Citizen’s rights activists intend to prevent EU plans to record passengers’ flight details

“German Arbeitskreis Vorratsdatenspeicherung (Work Group on Data Retention) has announced a constitutional appeal if the German government agrees to back plans by the EU Commission to retain Passenger Name Records for 13 years.”

WashingtonTechnology: Web extra: States face Real ID privacy dilemma

“‘If you centralize it, it would be easier to manage in terms of security and privacy,’ said Harold Kocken, business solution manager of BearingPoint’s national motor vehicle solutions group. ‘There would be fewer people with the possibility of interfering with the database.’ . . . The verification grant program will expand a pilot project run by the National Association for Public Health Statistics and Information Systems. Named the Electronic Verification of Vital Events, it is operating with three states that can originate queries and nine states that can respond to the queries. Using the system, operators type information for verification, such as someone’s full name and date of birth, and the system automatically processes the query to determine if there is a match with the original birth certificate. The response is either ‘match’ or ‘no match.’ It attaches notes about suspected misspellings and near matches.”

Share This

[Post from Infoglide Software] When Technology Turns Tradition on its Head

“The rapid march of technology drives rapid change and, in some ways, the use of technology begins to undermine people’s habits that have endured for years and years.”

The State: Gift card scams rile industry

“But gift cards sold on Web sites can be fraudulent, said Evan Schuman, editor of New Jersey-based Storefrontbacktalk.com, a blog focusing on retail technology and e-commerce. ‘Retailers love them, consumers love them and the bad guys love them,’ he said of gift cards. Although no independent organization tracks gift-card fraud, various sources estimate that between 2 percent and 30 percent of all cards sold on secondary sites are tainted with illegal activity. Plastic Jungle, which allows shoppers to buy, sell and trade gift cards, decided to tackle security concerns head on, said CEO and founder Tina Henson.”

FCW.com: Bush administration ready to release revised Real ID regs

“The Bush administration will release Jan. 11 a revised set of minimum federal standards that states must meet when issuing driver’s licenses and identification cards as mandated by the Real ID Act of 2005, said Homeland Security Secretary Michael Chertoff.”

azcentral.com: Shoppers face strict return policies

“Shoppers should expect some headaches when returning gifts after Christmas, according to consumer education Web site ConsumerWorld.org. ‘Stores’ return policy remains strict and complicated,’ said Edward Dworsky, founder of the resource guide.”

beye.com - Business Intelligence Network: Improving Business Intelligence: The Six Sigma Way

“Six Sigma business intelligence (BI) is a customer-focused, measurement-based approach to improving business intelligence. . . . Six Sigma means putting the customer first and striving for a product that is near perfection. Six Sigma principles have been used in the business world for years and have produced significant and frequently amazing results.”

Pittsburgh Post-Gazette: Study finds racial profiling of shoppers is real, but it goes unreported

“The results of the survey indicated that they don’t like it but they tend to let it go. Despite feeling angry, shocked, sad or embarrassed, 82 percent of those who said they had been racially profiled while shopping told the survey takers they never reported the experience to anyone other than their family and friends. About half still made a purchase at the store, said Dr. Gabbidon, who collaborated on the research with George Higgins from the University of Louisville.”

Share This

BusinessWeek: Shoplifters Get Smarter

“Such theft has grown steadily in recent years, merchants and law enforcement officials say. ‘We have witnessed a steady increase in organized retail crime,’ says David Hill, a Montgomery County (Md.) police detective. ‘These groups operate with the training of a paramilitary.’”

blip.tv: ETech 2007 - Jeff Jonas

Jeff Jonas of IBM presents at the Emerging Technology Conference on what IBM calls entity analytics (otherwise known as identity resolution). Gartner recently began calling this category entity resolution and analysis.

silicon.com: Data sharing ‘could sap public confidence’

“Sir David Varney, the Prime Minister’s adviser on public-service transformation, said the nature of the data to be shared between government departments was still under discussion. Varney said: ‘There has to be a lot of careful thought about what data needs to be shared. If names, addresses and national insurance numbers were shared, people would benefit from a more personalised service.’”

YouTube: Buy Your Stuff Back on eBay!

KBTV’s report on buying stolen items on eBay.

Share This

[Post from Infoglide Software] The Internet: Treat or Trick?

“E-fencing will get you about $.70 on the dollar, and it’s less risky because there is a certain degree of anonymity. Bottom line, it’s become a big problem for the retail industry. So much so that retailers are taking it to the Hill. Several retail execs recently testified before the House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security about the problems of [organized retail crime] (ORC) and e-fencing.”

CarInsurance.com: Arrests Made in Crash Scam; Police Swoop in Insurance Fraud Inquiry

“The probe centres on a large number of claims made in the Merseyside area two years ago by people connected to a large communications company. . . . Allianz Insurance fraud manager Mihir Pandya said: ‘We have a policy of pro-actively managing fraud and have specific teams in place to identify and focus on organised fraud.’ . . . Chairman of the insurance fraud bureau John Beadle said: ‘This operation is a key example of the success that can be achieved when the public and private sectors are working collectively. We are sending a clear message to those criminals involved in ‘crash for cash’ scams that we are not a soft touch and they will be caught.’”

FOXNews.com: Bra Bandits Steal $4,000 Worth of Victoria’s Secret Items in Tennessee

“More than $4,000 worth of underwear was stolen from a Victoria’s Secret store in Murfreesboro and police are trying to determine if the theft is connected with a ring of thieves hitting stores in other states. . . . Police said the items could end up being sold online, or at a flea market or possibly sent out of the country.”

Business Intelligence Low Down: Top 10 Largest Databases in the World

“There are currently organizations around the world in the business of amassing collections of things, and their collections number into and above the trillions. In many cases these collections, or databases, consist of items we use every day.”

Southern Maryland Online: Md. Detective Calls for Internet Controls to Curb Retail Crime

“‘Sophisticated or not, what all of these thieves have in common is they are career criminals usually hired by bulk buyers or ringleaders with specific products in mind,’ [Officer David Hill, a retail crime specialist,] said. ‘They have ’shopping lists,’ if you will.’ The comments came during a hearing of the House Judiciary’s crime subcommittee focused on developing a response to organized retail crime, which leads to an estimated $30 billion in losses each year, according to the National Retail Federation. [Hill] recalled one college student who was arrested on Dec. 24, 2005, for stealing more than $40,000 in merchandise from 12 stores by swapping UPC codes. ‘By his own admission, the student made over $50,000 auctioning off stolen merchandize on eBay,’ Hill said.”

Share This

Do you remember before the Internet existed? When contact information was just address and phone number, not email and Skype? If you’re on the better side of 30, probably. Now can you imagine living without it? Probably not. The Internet and corresponding technologies have given us many benefits, made us more efficient, and even found some of us the loves of our lives.

But all is not well in the land of the www’s. In addition to making things easier for scam artists and child predators, the Internet has also made it easier for people to sell stolen goods. A whole new area of criminal activity, e-fencing, has emerged, where thieves and organized retail crime (ORC) rings can easily and anonymously get rid of purloined panties and Nike tennis shoes by selling them on online auction sites.

E-fencing is the second most profitable way for crooks to get rid of stolen merchandise. The most profitable is just to return the item to the store from which it was stolen. Sounds a bit risky but it happens all the time. And people do get away with it because the traditional systems for detecting retail returns fraud (exception based reporting and returns authorization systems) are not as sophisticated as they could be. Returning the stolen goods will get you about $1.08 on the dollar because you also get the tax returned. Not a bad profit. But you do have to show your face and risk being caught.

E-fencing will get you about $.70 on the dollar, and it’s less risky because there is a certain degree of anonymity. Bottom line, it’s become a big problem for the retail industry. So much so that retailers are taking it to the Hill. Several retail execs recently testified before the House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security about the problems of ORC and e-fencing.

As reported by Security Director News in “Retailers push legislators for stricter penalties to reduce ORC”:

Fencing use to be a face-to-face process, [Brad] Brekke, [vice president of assets protection for Target Corp], said, but with the emergence of online sites, such as auction site eBay and classified listing Craig’s List, has created a worldwide market for stolen goods. “Sellers are anonymous and buyers are unaware of the source of the product,” he said. “The enormous profits of the crime have fueled criminal activity that hurts our communities.” . . . “As the problem has grown, our industry has invested tens of millions of dollars to combat the problem,” he said. “But the Internet marketplace has dramatically transformed the fencing of stolen property.”

This issue has created some tension between the retailers and online auction sites. The retailers are demanding additional steps to combat the problem such as identifying high-volume sellers and adding serial numbers to product listings. And eBay, who had a representative at the subcommittee hearing, is insisting that they’re doing all that can be reasonably expected.

Hence the involvement by Congress:

[Karl] Langhorst, [director of loss prevention at Randalls/Tom Thumb Food and Pharmacy], said despite best efforts, retailers continue to suffer significant losses. He said there needs to be “strong federal legislation” developed that defines ORC and holds online auction sites accountable to the sale of stolen property. “It would be nice to have some regulations in place to limit this to begin with,” he said. “Then we’d have loss prevention instead of loss reaction.”

While we wait for Congress to make a move, we’ve been thinking that this is another problem that could benefit from an identity resolution solution. Identity resolution software could analyze data from retailers on recent large volume thefts and then search online auction sites for postings of corresponding goods. It could find similarities in item type, color, size, quantity, location of the theft, and location of the seller and return possible matches. This would allow loss prevention experts to contact the seller to get further information, which could also be fed into the system to help determine if the seller is the thief and how to find them if they are.

Maybe this technology stuff isn’t too bad after all.

Share This

[Post from Infoglide Software] What Happens in Vegas . . .

“Identity resolution guru Jeff Jonas, distinguished engineer and chief scientist, Entity Analytic Solutions, IBM, is back in the news again. The Washington Post recently featured him in an article on how technology developed for casinos is being applied to solve other problems like terrorist threats and money laundering. Who knew that Las Vegas was not only a great place to see the Rock Paper Scissors national championship or to (allegedly) commit a hotel room sports memorabilia theft but is also a hub of technology R&D?”

CQ.com: Growth of Terrorist Watch Lists Questioned

“The center was created in December 2003 to consolidate all the different terrorist watch lists maintained by various federal agencies into one master list, which would be used across the government. The center succeeded — almost. It weaved the numerous agency watch lists into two master lists. However, the center needs to do more fine tuning to make the lists more useful, eliminate duplicative names, redress misidentified individuals and pare down a growing inventory, according to witnesses at the hearing on Wednesday.”

PogoWasRight.org: Visa fines bank after losses in TJX breach

“Visa USA issued $880,000 in penalties against a bank that processed transactions for TJX Cos., after an investigation of a computer hacking incident at the retailer.”

The New York Times: Real ID That Spitzer Now Embraces Has Been Widely Criticized

“Mr. Spitzer’s new position, announced on Saturday in Washington, places New York among a handful of states agreeing to implement a federal identification system that has faced intense opposition from civil libertarians, immigration advocates and many lawmakers. Concerns focus on privacy protection and the costs to states that implement the Real ID program. One criticism that has been raised is that the personal information will be entered in databases that will be shared by every state, raising questions about how the data will be secured and how safe its storage will be.”

Jeff Jonas: Feature/Function Innovation: Inventing Left-Hand Columns

“Innovation does not mean listening to what a user is asking for and building it. Heck, the way I see it, by the time a user starts asking for something, they are most likely asking everyone for the same thing.”

Share This

Hartford Business: Retailers Want Less Data Liability

“The storing of credit card data for a lengthy period of time has been questioned by the National Retail Federation as it argues that storing the data is inviting a security breach. In a letter to the Payment Card Industry earlier this month, NRF Chief Information Officer David Hogan wrote that all retailers want to eliminate credit card fraud.”

PogoWasRight.org: Government data sharing ‘lacks privacy protection’

“Most implementations of government data sharing lack adequate privacy protection for citizens, a member of the data privacy and advisory council at the US Department of Homeland Security has warned. . . . Without sufficient identity management to protect privacy, data could be misused.”

RetailNet: Citi Trend Falls on Shrinkage Problems

“At the 2007 Wachovia Consumer Growth Conference on Thursday, [Citi Trends] chief executive Edward R. Anderson said the company’s shrinkage problem largely stems from internal theft rather than shoplifting. . . . At the end of the second quarter when the company first disclosed the problem, shrinkage accounted for about 2.3% of sales. Anderson said the company expects shrinkage to be about 2% of sales in both the third and fourth quarters, before any improvement is seen. The company is working toward a shrinkage rate of less than 1.5% of sales.”

The Washington Post: From Casinos to Counterterrorism

“The casino industry, like the national security industry, is seeking information to answer a fundamental question: Who are you? ‘It’s, are you a good guy or a bad guy? A threat or a non-threat?’ explained Derk Boss, the vice president for surveillance for the Stratosphere hotel and casino, whose crew operates under what he calls the IOU system: Identify, Observe and Understand.”

Share This

The always insightful Loss Prevention Magazine in its September-October issue features a survey by ECR Europe that should be read by not just Loss Prevention (LP) pros, but also the CFOs of every retail company.

Lessons from Low-Shrink Retailers - Nine Ways to Save $18 Billion deserves attention because in researching the loss prevention strategies of five retailers with much lower than industry average rate of loss, they unintentionally unearthed an operational plan that could save the retail industry billions of dollars in shrinkage.

Writes Adrian Beck and Colin Peacock:

“When you look at the average rate of loss for these companies [Target Corporation, Limited Brands, Best Buy, CVS/pharmacy, and The Gap] as a whole (0.9%), compared with the industry average (1.59%), then it is perhaps easy to see why they were consistently selected by the panel of experts. Indeed, together their improved shrinkage performance is worth as much as $1.1 billion a year, and if the entire sector could achieve similar results, then shrinkage could be reduced by as much as $18 billion.”

Eighteen billion dollars is a lot of stolen baby formula and Nike shoes.

How did these companies reduce retail fraud?

The five companies that participated in the survey had these nine common traits:

1. Establishing senior management commitment
2. Ensuring organizational ownership
3. Embedding Loss Prevention
4. Providing strong leadership and developing a team
5. Using barometer management
6. Innovating and experimenting
7. Talking shrink
8. Prioritizing procedural control
9. Empowering store staff

For a full explanation of these ways to shrink shrinkage, please read the article in its entirety.

Interesting, (to us, at least) four of these nine traits can benefit from an identity resolution solution that can rescue retailers from Loss Prevention Magazine calls the “data desert.”

Writes Beck and Peacock:

“…until relatively recently [the five retail companies] have largely operated in a data desert, often making decisions based upon gut instinct and guess work rather than solid data and informed analysis. Indeed, in the absence of reliable and timely data, the industry has tended to focus almost exclusively on the most overt form of shrinkage—external theft—to the detriment of other key problems, such as internal theft and process failures.”

Here’s how identity resolution can help.

Providing strong leadership and developing a team

For pre-employment screening and tapping into external databases to identity current staff with public records of dishonesty, identity resolution solutions easily glide across multiple data sources (e.g., lists of known shoplifters, bad check writers, vendors, returns, perpetrators of organized retail crime, and LERPnet) and finding linkages that indicate fraud.

For more, see Employee Screening: An Ounce of Prevention is Worth a Pound of Lobsters

Using barometer management

Beck and Peacock say it best:

“The need to be led by numbers and not by intuition was a clear message. How this was achieved varied between the companies, but all had invested heavily in ensuring that they could not only monitor the rate and extent of shrinkage at a highly granular level (almost always SKU level), but also that they could analyze data to seek out trends and deviant behavior, usually through some form of data-mining technology or software.” [Emphasis added.]

Innovating and experimenting

Loss Prevention is not a static field. A previously good employee suddenly turns bad. Criminals innovate and adapt to current LP strategy. These scenarios and thousands of others require real-time access to data and a flexible architecture that works with many different platforms, systems and even sister stores in other locations. A good identity resolution solution can help answer all these questions in real-time:

• How many returns has an individual really made?
  • Has John Smith made 3? And Joey Smythe 4 more?
• Are you about to hire someone who has been caught shoplifting in one of your stores? Are they working there right now?
  • Or a sister company’s store?
• Which employees are returning merchandise without identifying themselves?
• Who is purchasing at discount and returning for full price?
• Does a multiple-return item match a missing shipment?
• Are restocking fees affecting high-value customers?
• Is a ship-to address similar to a previously fraudulent address?
• Which customers have multiple identities? And why?
• Do any of those identities correlate to an employee or vendor?
• How can you trigger higher quality investigations?
• How can LP know all about a suspect they’re really dealing with?
• Is there a relationship between an incident victim and an employee eyewitness?
• Does John Smith deserve a red carpet?
• Or a red flag?

For more, see Identity Focused Retailing.

Prioritizing procedural control

Finally, for halting deviance and enforcing compliance in procedure, identity resolution solutions can make automated decisions and impact business processes in real-time, limiting the need for human intervention.

Share This

When ABC needs a political expert, they call in George Stephanopoulos. For health questions, CNN always seeks out Sanjay Gupta. When we need a Loss Prevention (LP) expert, Jeff Stein always helps out. And when working on a story about retail crime, the world’s news outlets employ University of Florida professor Richard Hollinger.

Dr. Hollinger is the author of Crime, Deviance and the Computer, Theft by Employees and Dishonesty in the Workplace: A Manager’s Guide to Preventing Employee Theft and every year he conducts the National Retail Federation’s annual National Retail Security Survey. The research his team has provided for the last eight years helps set LP strategy nationwide. For example, this year’s survey found that employees were responsible for 47 percent of retail theft, up from last year’s high of 41 percent. And when Dr. Hollinger is quoted in the New York Times saying, ”We have never seen employee-theft numbers quite this high” — LP pros began to concentrate more on internal theft.

You could almost call Dr. Hollinger the Alan Greenspan of retail theft — one sentence from him and markets and people begin to move.

On the retail balancing act between security and customer privacy, Dr. Hollinger was quoted in Business Week, saying

“To keep shrinkage low with metal detectors and security might be a draconian environment, like going to the airport vs. going to the mall, which encourages shopping with its fountains and music.”

And Laura Landro of the Wall Street Journal sought him out for commentary when she was apprehended by Kmart Loss Prevention pros.

Back in 2004, his research pointed out the rise in return fraud and his consulting work with The Limited lead to a Washington Post story, where he was among the first to alert retailers to the fact that the Internet is being used for much more than just sending Evites to friends. The WAPO story reported that

“In recent years, scammers have used the Internet to launder the money — people steal merchandise, return it for credit slips at stores, then turn those credit slips into cash by selling them at a discount on eBay or other online auction sites.”

$30 billion, or 1.7 percent of sales, went out the door and online due to retail fraud in 2003 and Dr. Hollinger estimated that that about half of that loss may have been related to bad returns.

His solution? Technology — and for that reason he is an Identity Resolution Daily favorite. Here, he tells WAPO

“Over the decades, retailers realized they were leaving the door wide open for fraud and a number of the major ones realized that . . . there has to be some technological solution to this.”

There is a technological solution, Dr. Hollinger, and we’d love to come to Florida to tell you a bit about how identity resolution can help out with return fraud, Organized Retail Crime (ORC) and other forms of retail fraud.

Share This