In February, the Loss Prevention Research Council conducted its first Integrate event, which focused on analyzing retail theft and robbery, with the aim of identifying opportunities to supplement or modify current practices with various technologies.
For the event, we simulated a robbery at the LPRC, located at the University of Florida Innovate Hub. The LPRC has over 220 LP and security technologies deployed, which allowed us to use actors to simulate retail conditions with relatively high fidelity—this included technologies currently deployed in retail environments, as well as technologies that may play an important role in the industry. Most importantly, we focused on identifying opportunities to technically integrate and incorporate these technologies into retail LP programs.
The Structure of a Retail Incident
We structured the Integrate event around the simulated incident, including events that happened before (“Left of Bang”), during (“At Bang”), and after the incident (“Right of Bang”). Left, at, and right of bang come from the Bang model of retail crime incident analysis; in some ways like the “Bowtie” model.Figure 1 below shows an integrated “Bang and Bowtie” model that includes the journey to and from a crime.
At the LPRC, we often refer to the Five Zones of Influence, which helps us analyze the progression of crime. This was developed by our director, Dr. Read Hayes, and includes:
Zone 1: The precise location of a target, such as a person, cash, merchandise, or other asset
Zone 2: The general location of a target, such as a department, aisle or counter
Zone 3: The overall interior and entry to a location
Zone 4: The parking lot entry, parking lot, and store curtilage
Zone 5: The broader community in which a store is located as well as the cyber domain
For a crime to occur within a physical store location, the offender travels into and through all five zones of influence, and then travels through the zones of influence when they exit the location. These areas are called the “Zones of Influence” because these are where retailers have some influence—in other words, there are things retailers can do to prevent, prepare for, mitigate, and respond to incidents that happen within store and supply chain locations. Finally, this model can help retailers review the sequence of events before and after incidents and refine their LP programs to address acute (serious individual incidents) and chronic (recurrent) problems.
However, there are serious limits with the “Bang and Bowtie” model. The most important limit is that many retail crimes are not “one off” events; in fact, many are linked in one way or another. For example, crimes and loss events may involve the same person or group of offenders, location, modus operandi, target, and time of day. These are a few ways incidents may be linked, but they all have implications for security programs. These common factors suggest key threats or vulnerabilities form a pattern; if we can interrupt these patterns, we may be able to achieve the greatest reductions in crime and loss.
For example, if incidents repeatedly involve a location or subset of locations, we should ask what process is generating this pattern. Are there vulnerabilities that are common across these locations, or are there threats that are common across these locations? Patterns suggest that incidents are not random, and non-random processes can be interrupted.
Furthermore, this cyclical or patterned nature of retail crime is why it is important for retailers to be engaged in the broader LP community. One retailer’s “right of bang” is another retailer’s “left of bang.” In other words, each offense often precedes the next, and each offense includes information retailers can use to prepare for, prevent, mitigate, and respond to subsequent crimes. This is depicted in the image of the “Cyclical Bang and Bowtie” model in Figure 2 on page 57.
The Structure of the Simulated Robbery and Integrate Event
The full day Integrate event was structured around the simulated robbery. An introductory session reviewed the key concepts, video of the simulated incident, and the day’s agenda. Then participants broke up into three smaller groups to ensure everyone could have in-depth discussions. All three groups completed three sessions. These sessions included a video of a segment of the simulated incident (i.e., before, during, or after the incident), and presentations by the LPRC research scientists, including James Martin, M.S.; Justin J. Smith, PhD; and Chasey Atkinson, M.S. These presentations introduced many concepts that would be discussed throughout the session. Finally, most sessions were devoted to longer, retailer-led discussions focused on the sequence of events during the incident, and how retailers could target specific parts of the process to prepare for, prevent, mitigate, respond to, or investigate the incident.
Left of Bang Session
During the simulated incident, the suspects started at another business where they stole a garbage bag filled with merchandise; after which, the fictional suspects drove to our building.
For the “Left of Bang” session, James Martin and the retailers focused on how retailers can assess risk (developing risk models), gather information about local active offenders (open-source investigations), generate alerts when known offenders enter the premises, and how sensors and other solutions can be deployed before incidents to collect information that will be needed after an incident.
The discussions revealed many of the retailers are taking various approaches to assessing risks around their stores; and the discussions also revealed many of the retailers are working to improve their risk models. Unfortunately, when it comes to retailers’ data about loss and crime, many solely rely on their own data. In other words, the retailers are unable to learn from other retailers’ loss and incident data. The LPRC is recruiting participating retailers for the American Retail Crime Shrink and Security (ARCSS) project, which will allow us to estimate risks across the country using retailers’ data and then share the results with the community. This will allow retailers to understand the risk landscape while maintaining the confidentiality and anonymity of the retailers that contribute data.
Retailers are also utilizing intelligence-building tools to investigate retail crimes (open-source intelligence and signals intelligence tools). However, the presentation and discussion revealed there are many opportunities for retailers to use this information in a more proactive, and less reactive, manner. Unfortunately, unless retailers have a way to detect a known threat quickly and efficiently (such as with license plate and automobile recognition systems, signals intelligence systems to monitor communications, or feature matching), it will be difficult to use a lot of this information for “Left of Bang” or preventive purposes.
Some retailers are using these technologies to identify when offenders (especially violent ones or known threats) are on the premises, but others are only using these technologies for reactive, investigative purposes. Most importantly, many of the retailers indicated they do not use these technologies at all, making it more difficult to detect known offenders, including those who tend to become violent. Since the retail community is so focused on protecting employees and guests from violence, the ability to detect known violent offenders was one of the most attractive features of the technologies among participating retailers.
At Bang Session
Next, the suspects entered our building and our mock store lab, where they began shoplifting; this later turned into robbery when the suspects pushed one employee and brandished a (nonfunctional) firearm at another.
During the “At Bang” session, Justin Smith worked with retailers to discuss product protection strategies, policies, and procedures that could deter theft, disrupt offenders, and minimize harm. This included de-escalation and escalation aversion tactics, as well as technologies like self-service locking cases, body-worn cameras to deter offenders, two-way radios and headsets to communicate about threats, and other devices. Furthermore, the group focused on technologies that enable intelligence and information gathering about offenses and offenders during an incident.
One of the most common problems retailers face in the “At Bang” segment of incidents involves technological integration. For example, many sensors generate signals; however, these signals should then generate some kind of alert or trigger a specific response—this response may include other technologies, or it may involve personnel. During the discussion, many retailers acknowledged that audible alerts can be used to signal someone might need help or that a crime might be occurring. This gives employees greater situational awareness to help guests; however, it also gives employees a heads up that someone might be engaging in a crime. Retailers may need to instruct employees that, when approaching potential offenders, they should not escalate the situation by entering the individual’s personal space or do other things that might lead the individual to become aggressive. In other words, audible alerts should be used to encourage retail employees to engage guests in an enthusiastic but guarded manner.
Finally, other technologies can be integrated with camera systems—for example, the smart shelves in the labs sent a signal to the video management system to capture video of a shelf sweep. Capturing this kind of video can be useful in later investigations and prosecutions. Similarly, when the retailers saw the video that was captured from the labs, there was discussion about the video and audio that was collected by body-worn cameras. It was clear that many of the retailers lack audio for their incidents, and many were excited to have clear images of offenders’ faces, but they also were intrigued by the prospect of using audio evidence when presenting cases to law enforcement and prosecutors.
Right of Bang
Finally, the suspects exited the store and drove away; however, mobile guardian platforms captured information that was provided to law enforcement, and the suspects were quickly apprehended in a nearby parking lot.
During this session, Chasey Atkinson and the retailers discussed post-incident strategies, for example, this group focused on the role of mass notification; security operation centers (SOCs); intelligence sharing; product identification and GPS tracking; vehicle identification; and other surveillance technologies.
While there are often discussions about the LP industry being too reactive, some of us were surprised by how little many retailers do in response to incidents. At the LPRC labs, we have hundreds of technologies, and many retailers currently use several of these technologies in their stores and other locations. Many of these technologies generate data, information, or intelligence that can be used to respond to and investigate losses and crimes.
Unfortunately, in many cases, the technologies are not integrated so that retailers can build intelligence; furthermore, in the case of serious incidents, many retailers do not have programs to efficiently and effectively manage the response and recovery. For example, during the “Right of Bang” session we discussed the role of SOCs in retail. It was clear some retailers are doing amazing things with their SOC, however, many others do not have an SOC. In fact, the 2022 National Retail Security Survey revealed that less than 40 percent of retailers have a security operations center to respond to and recover from critical incidents.
Similarly, intelligence sharing is common, but many of the most widespread practices are incredibly inefficient and involve old technologies such as email. For example, some retailers noted having outdated camera systems which sometimes made it difficult to share imagery. Many law enforcement attendees voiced concerns about retailers’ camera systems and poor image quality. Of course, most of the retailers have serious limits on what information can be shared and how, yet another major barrier to retailer collaboration.
My impression was that some of the participating retailers were not ready to react. This is a major problem because, crimes are often connected, being unable to react may mean retailers can’t be proactive. To be proactive, retailers must capture data about their existing problems so they can analyze it. Only then can they develop a proactive strategy addressing the most common causes of the most common problems.
Where Do We Go From Here?
Post-event, we surveyed participants, and received an incredibly positive review of the event. In fact, among those who completed the debrief survey, 100 percent said they would participate in another event like Integrate. Of course, any time I see 100 percent of survey participants answer in the same way, I worry about the validity of the survey. Nevertheless, we have had formal and informal interviews and discussions with participants about the event, and all of these indicate the event was incredibly informative and helpful.
Of course, there is always room for improvement. The biggest criticism of the event was that we did not have enough time for in-depth discussions during the sessions. Some of the retail participants also noted they would have liked detailed demonstrations of many of the technologies during the event. The LPRC interpreted all of this positively, because it meant that despite everything we covered, the participants still wanted more. Finally, our internal review of the event revealed we spent relatively little time discussing the role of people and processes, or how these factors influence the effective use of technology.
There are plenty of possibilities for these types of events, and we are always interested in hearing from our retail members about what they would like to see. However, there are a few directions we might take with future events. On one hand, the LPRC would like to hold additional, smaller events where we work directly with retailers and their solution providers to identify opportunities to integrate technologies. For example, if a retailer uses specific solution providers, then we need to provide a space where they can share what they do and then identify opportunities to integrate their solutions. The LPRC has participated in events like this in the past, and they have been incredibly fruitful.
The LPRC wants to hold future events offering participants the opportunity to focus on one aspect of an incident. For example, it might be helpful to spend a full day on the “Left of Bang” segment, and to focus on specific solution categories, such as the role of intelligence sharing in developing a truly proactive program. Alternatively, it will be helpful to have similar events that focus solely on the role of people and processes in preparing for, preventing, mitigating, and responding to incidents and losses.
One thing is clear: the LPRC’s first Integrate event was a success, so it is unlikely that it will be the last of its kind. In fact, the LPRC is planning additional events where we will use the simulated robbery and focus on the role of people and processes. Of course, the LPRC would love to hear our members’ feedback and ideas for future events.