In an ultra-competitive industry such as retail—where margins are already squeezed constantly by pricing wars, the recent pandemic, and other factors—retailers should be vigilant when it comes to tracking down fraud within their own workforce. Employees have an intimate understanding of a retailers’ security procedures and how to circumvent them, and their inside knowledge extends beyond the register to backrooms along with warehouses and trucks where unprotected merchandise flows freely. Regardless of deterrents such as alert systems and CCTV, these inside jobs make detecting internal fraud extremely difficult, but there are proven ways to detect and dissuade.
To intercept these attempts, many retailers are looking to data to identify suspicious activity by employees. Data cannot be manipulated and by having the right advanced analytics solution like prescriptive analytics, retailers can detect activity that indicates fraud or non-compliance. The following examples are five ways employee fraud and the data behaviors that give them away can be identified.
Sliding occurs when a cashier scans an item at the register while (often purposely) obstructing/covering the barcode, allowing the shopper to leave the store without having paid for the item. Proving this type of fraud is difficult, whether via CCTV recordings or in person, even when a missed scan can be confirmed.
Data can help. One way to identify sliding is to analyze per-minute or hourly scan rates for individual cashiers, cashier type, and store. By leveraging an analytics solution, retailers can cluster cashiers and stores together to determine “benchmarks” for KPIs like scan rates for similar transactions. Cashiers whose scan rates or time between scans drop below their cluster’s benchmark, especially during “high-risk” time periods—lunch hours, holiday rushes, supervisor breaks or vacations—are flagged as potential sliders. The solution sends asset protection teams an alert combined with specific CCTV footage of the suspect activity to empower easier confirmation of malintent of the event.
Unauthorized Manager PIN Usage
Many retailers require a supervisor to enter a personal identification number (PIN) to unlock various activities that are susceptible to fraud. Unfortunately, a PIN can easily be abused if a cashier memorizes it or a manager shares it to save time. With these PINs being used extensively each day, confirming authorized use is often an impossible task.
The most advanced analytics solutions can integrate data from multiple applications or vendors, allowing visibility into separate data sets within a single interface. To detect an unauthorized manager PIN usage, deploying a “pattern,” or algorithm, that cross-analyzes each PIN use with payroll data sends an alert any time a PIN is used when its owner was not scheduled to work. If managers carry mobile devices with location services, the analytics solution would check the manager’s proximity to any register where their PIN was entered, alerting asset protection if the manager is elsewhere.
At most retailers, customers can enter a phone number at checkout to earn loyalty rewards. Cashiers can exploit this service by entering their own phone numbers and stealing customers’ rewards. Unless customers are particularly diligent about tracking their loyalty points, this behavior typically goes unnoticed.
The benchmarking and clustering capabilities of advanced analytics would find evidence of loyalty fraud within retailer data by analyzing their own associates’ loyalty accounts for excessive earning and spending of points. If employee accounts begin accumulating and/or spending points at abnormal rates, they are flagged and considered highly suspicious. Customer accounts with unexplained surges in point spending on known theft targets like electronics, fuel, or gift cards may have been hacked and require further investigation.
A similar example of fraud involves an employee “fishing” for high-point loyalty accounts and using the stolen information to redeem the rewards for themselves. The same analytics solutions would identify either a surge in point spending on the compromised account or a number of account lookup requests (the employee may be using the account’s phone number to access the points) that is outside the “norm.”
Price Switching and Sweethearting
A favorite of organized retail crime (ORC), this method often occurs in departments that sell most items by weight or quantity like meat or produce. With price tags printed on site, employees can easily replace tags for low-cost items (chicken parts for $1.99/lb) on premium products (beef tenderloin for $21/lb). Even if caught in an inventory report, linking these behaviors to fraud versus a simple demand swing is difficult. In a similar approach called “sweethearting,” cashiers may scan a low-cost UPC (such as chewing gum at 25 cents) instead of an acquaintance’s pricier product (a premium cosmetic at $89).
An advanced analytics solution can easily detect these false sales patterns by identifying misalignment between the inventories of items with different prices and quantities. From there, it can determine which register processed most of the lower-priced items or who was working in the department of origin at the time the misplaced price stickers were printed. The best solutions can also pull CCTV footage taken at the time of suspicious scanning or printing and hand it to the right person to investigate. This helps retailers expedite their investigations and enables faster and more accurate intervention.
E-commerce Customer Service Fraud
It happens all the time—packages vanishing in transit, never reaching the customer. Retailers often replace lost products for free, and some also send customers gift cards or discounts for the trouble (“customer satisfaction funds”). Retailers have caught customer service representatives (CSRs) sending themselves or acquaintances the replacement orders, sometimes as part of a larger ORC ring. Such incidents can rapidly mount costs in a very short time, making it critical to identify and stop quickly.
Data feeds can reveal this activity before losses mount including:
- Replacement destinations. Replacement orders shipped to the area around a call center, especially if they match addresses on file for current employees are more likely to be fraudulent.
- Frequency of replacement. Advanced analytics solutions can establish and compare benchmarks for behaviors like order replacement for all CSRs against individual CSRs, identifying above-average orders.
Modern retail asset protection requires powerful tools to identify and eliminate internal and external fraud among all the 42 categories of Total Retail Loss (a term coined by RILA and Prof. Adrian Beck to define the modern scope of retail loss) resolving cases before losses mount with a high rate of accuracy. Investing in an advanced analytics solution like prescriptive analytics can give retailers a competitive edge to spot the most elusive types of fraud and protect their bottom lines. https://www.youtube.com/watch?v=KTPpVO6So7w