Joe, a would-be thief, couldn’t believe his luck. Here was a store willing to hand him a brand new state-of-the-art smartphone with no credit check and a few dollars down. And just two doors away was another retail store—this one advertising that it paid top dollar for smartphones.
The criminal wheels in his mind turned. “Easiest money I’ll ever make,” he thought.
But in the real-world version of this scenario—and it did happen—“Joe” was rebuffed when he tried to turn his rent-to-own cell phone into quick cash. Rent-A-Center had registered the phone’s unique identifiers on a blacklist of sorts, so the companion retailer knew not to process the transaction. This was phase one of a security strategy that Rent-A-Center’s asset protection team devised to protect its rented mobile devices. In short order, the device protection plan the department employed reduced losses by over 50 percent and saved Rent-A-Center millions of dollars.
The Rent-to-Own Model
The primary loss prevention challenge faced by Rent-A-Center is obvious—and built in to its founding business model. Started as Mr. T’s TV Rental in the 1960s, the concept was the brainchild of Ernie Talley, who wanted to give hardworking customers who lacked cash and credit a way to rent merchandise with an option to own it. The company’s rent-to-own model gives people who lack cash and credit immediate access to top brands and products. “We’re not retail; we’re rent-to-own, so our transactions start where most end,” explained Brian Peacock, CCIP, director of asset protection for Rent-A-Center’s US operations. “When you make your first weekly payment of $30, you can be walking out with a $2,000 TV with no credit check.” It’s a model where some measure of loss is clearly unavoidable—and where the ability to control the amount of loss is critical to business success.
From its founding as Rent-A-Center (RAC) in 1986, the company has grown from sixteen stores to approximately 2,600 stores in the United States, Mexico, Canada, and Puerto Rico; employs nearly 21,000 people; and is a leader in an industry that is nearing $7 billion annually. The company earned its reputation by helping people furnish their homes with rent-to-own furniture, appliances, and electronics, but has expanded into computers and mobile devices. It’s in this category that the company started to see problematic losses. “When we entered the mobile space, there was a much higher risk of transaction fraud, and the mobile category saw high losses,” said Peacock.
Not every customer chooses to follow the rent-to-own agreement to its conclusion. Some individuals, for example, decide that they can’t afford it, and others decide they want to upgrade. These cases are no problem for RAC; customers simply bring the item back for a return or an exchange. However, in some cases, customers stop making payments, which typically sparks the company’s recovery process.
“It depends on what state and what jurisdiction the transaction was in, but typically we would pursue it through our legal department,” explained Peacock. “So as long as we did our work on the front end, we could file against the customer—for a felony in some jurisdictions—or pursue a civil case.”
Although RAC was doing an effective job at recovery, the expense of getting products back from delinquent customers was significant, especially with its mobile category. “In our general model there is already risk, and we realized that we were going to have to figure out a new approach for smartphones, to prevent people from renting a phone and then selling it to an unsuspecting customer on Craigslist or eBay.”
An Idea Takes Shape
Rent-A-Center’s million-dollar device protection solution originated five years ago in the loss prevention department, which is now branded as asset protection. The LP team was mulling over ways it could protect its rent-to-own computers. One of the ideas was to secure computers with software that could be remotely activated, essentially rendering them “bricks.” The idea to apply a software solution to inventory hit a snag, however, when Aaron’s—using a similar product— was accused of accessing the cameras on customers’ computers. (Issues in the case are still being litigated. In May, the Ninth Circuit Court of Appeals ruled against retailer claims that insurance providers had a duty to defend it in underlying lawsuits.)
The case drew quite a bit of attention in the press and caused RAC to rethink its plan to lock rental laptops. “We had put the idea on pause until we started with mobile and smartphones—at that point we knew we were going to have to figure something out to protect our assets,” said Peacock.
Through leveraging his retail connections, Peacock turned to Recipero, a data aggregator focused on depriving thieves of a safe and ready market for misappropriated mobile devices. The company collects data from a variety of sources, such as theft reports, carrier contracts, and device ownership data, and shares that with law enforcement, insurers, and retailers—with the goal of helping stakeholders identify instances of fraud, for example in the event that a person sells his or her device and then files an insurance claim, or if a person is attempting to sell a leased device.
By leveraging the power of blacklists under its Stop Loss program, Rent-A-Center was able to make an immediate impact on the losses due to fraudulent resale of rented mobile devices. “We got that initial strategy up and running quickly, and we immediately saw a positive impact,” said Peacock.
That included the real-world case of “Joe.” When he took his just-rented smartphone to a neighboring GameStop, the device showed up on a “don’t purchase” list, and the retailer turned him away. Thwarted, he returned to the RAC store two doors away and returned the phone.
On the backend, RAC gets daily reports with information on which device, when, and where such attempts took place. Within twenty-four hours a notification is sent to operations so that a call can be placed to the customer that had possession of the device and make him or her aware that RAC had knowledge of the attempted transaction.
Old Strategy, New Twist
The idea of curtailing a crime by denying thieves the ability to benefit from the goods they steal is an old one. Recipero’s website highlights a quote from a book on crime reduction dating back to 1800—“Deprive a thief of a safe and ready market for his goods; and he is undone.”
Benefit denial is one of the core principles of a situational crime prevention approach to security, which is built on the theory that an effective way to deter crime is to make attempts more difficult, more risky, and less rewarding. The strategy’s potential to cut crime is clear—if goods aren’t useable or won’t work unless purchased, then there is no reason for someone to steal them. For revenge or out of spite, perhaps, but that’s about it.
The strategy has a history in loss prevention, such as the development in the 1980s of ink or dye tags to protect store apparel. In that use case, illicit removal was designed to ruin the garment, thus reducing the ability for a thief to use it or convert it to cash, according to Read Hayes, PhD, CPP, director of the Loss Prevention Research Council. More contemporary benefit-denial techniques include car stereos that don’t function if the faceplate is removed and special hotel hangers with small hooks or ball tops that require special racks. “In this low-tech example, benefit denial does not make stealing hangers riskier or more difficult; rather it makes it less rewarding unless the thief steals the rack as well or sells the hangers to other hotels,” according to Hayes.
While “benefit denial is not the total product protection answer for all assets in all places,” Hayes suggests that it is a good fit for today’s retailers, who are under pressure to enhance relationships with shoppers by providing open or self-serve merchandise access. “Benefit-denial technologies hold the promise of much more open selling of even high-value items,” according to Hayes.
This concept—to deny the illicit use of smartphones—was at the foundation of Rent-A-Center’s winning asset protection strategy.
Peacock and his team knew that the technology existed to lock cell phones and began to investigate how they could make it work for them. It was a thought exercise that the asset protection team was practiced at conducting. “We’re not the typical retailer, so the typical loss strategy won’t work for us in 80 to 90 percent of cases,” explained Peacock. “So we’re very used to thinking about how we can take an existing security solution and create a modified version that fits our business.”
In the last few years, the RAC asset protection team has used its unique business model to drive a slate of innovative technology solutions, including use of remote CCTV and business analytics to conduct remote in-stock audits to boost sales. The AP team also has several new projects in development, including the use of ID scanning technology combined with feature-matching biometrics to create a digital identity for customers. These profiles will use multifactor authentication to assist with detecting internal and/or external fraud while approving or declining rent-to-own applications.
While phone-locking technology already existed for corporate devices, the AP team had to do some legwork in order to find a technology partner who could provide technology that would prevent phones from working even after a factory restore and resetting of the device. RAC’s new partner, an endpoint security company called Absolute, began working on the next step—development of the software local stores would install on each smartphone before it was rented.
The whole asset protection project was implemented remarkably fast. In July 2014, RAC launched smartphones in all of its stores. In November, the asset protection team partnered with the largest smartphone data company to register the international mobile equipment identity (IMEI) numbers of all RAC smartphones to protect them from being sold or traded at other major retailers. In April 2015, the RAC asset protection team launched its Device Protection Program (DPP)—the technology-based solution to lock a device in the event it is lost, stolen, or has an expired contract.
Rollout and Results
Webinars for every store manager in the country, led by AP and supported by RAC’s mobile training group, was key to a successful roll out of the DPP. Adoption was aided by the fact that the LP program opened up a lucrative product category many stores had shied away from. “They absolutely loved it and couldn’t wait to get it,” said Peacock. “Part of their bonus is based on store profitability, and stores were anxious to rent more smartphones.”
Additionally, the asset protection team, in coordination with the sales and mobile training groups, created a resource manual for store personnel that walked them through the steps of the program, potential scenarios that could arise, and instructions for helping customers understand the program. The manual detailed specific instructions on issues, such as how to install the DPP software onto phones (using a micro USB provided to stores) and how to respond to customers who report that their phones are locked. Written scripts take staff through the correct way to interact with customers in a range of locked-phone scenarios, in the event someone bought a stolen phone or is past due on a payment, for example.
At the heart of the DPP is RAC’s ability to lock a phone once the software is installed on a smartphone and it is rented. Locking scenarios include:
- If a smartphone customer is seven-plus days late on his or her payment, AP receives a notice from internal reports and automatically locks the device. The individual is only able to make emergency calls and receive calls, and a message appears—“This phone has been disabled because the lease agreement has expired. Please contact or visit your Rent-A-Center store to arrange payment or return the device.” Once payment is received, the customer is provided an unlock code to regain full use of their smartphone. “On the front end, we let customers know about the technology and that the phone will lock if they go seven days past due,” explained Peacock. “And we let them know that once a phone is paid out, we can remotely remove the software.”
- If an RAC customer attempts to sell a smartphone to a retail partner, a notification is sent to AP, who then disables the phone until it is recovered or a district manager authorizes the phone to stay on rent.
- When a customer reports a lost or stolen phone to RAC, AP disables the phone until it is recovered. That capability—that RAC can use the software to help retrieve a stolen device for customers—has been used as a selling point to customers. In this way, the locking software isn’t strictly viewed as a way to enforce payment.
- When a store charges off a phone as “Skip/Stolen” or “Inventory Shortage,” AP disables the phone until it is recovered.
Once underway, the team anxiously awaited results from the DPP. One area of concern, which didn’t materialize, was that locking phones would cause a significant increase in returns. Instead, when faced with a locked device, most customers simply paid up. “People can’t imagine living without their phones, and we had a dramatic increase in payments,” said Peacock.
From a technical perspective, Peacock said the phone-locking process has been smooth. However, with 180,000 locks placed on smartphones last year, AP is working with the RAC IT team to automate additional aspects of the process.
Perhaps the most important benefit, however, is the fact that most customers don’t put the locking software to the test. When a smartphone has the device protection application installed, it’s 50 percent less likely to go seven or more days past due compared to devices without the program installed, RAC data show. The 50 percent reduction in past dues equated to a 50 percent reduction in losses for the company. When devices do go past due, more than 60 percent of customers either make a payment or return the device within 72 hours of being locked.
Investigations have also benefited from the ability to pull the phone number from the SIM card within the device. This capability has assisted in the successful resolution of numerous internal and external investigations, according to Peacock, for example cross referencing a stolen phone’s number, identifying a suspect, and calling the number to conduct an impromptu interview.
From deterring theft, reducing loss, and improving collections, RAC’s AP team calculated millions in savings within the first twelve months of the DPP. With those results, it’s no surprise that Peacock, who has spent twenty years in the loss prevention industry, called it “one of the most innovative and rewarding projects I’ve worked on.”
Peacock added that the endeavor was a true team effort, including key players in operations and product service, technical support, and the promotion and sales strategy divisions. RAC was also careful to work with its vendor to develop technology that would have no ability to track devices, locate individuals, take screenshots, or do anything similar that might cause privacy concerns. “Our reach was limited to our goal to secure our assets until recovered or a payment is collected,” said Peacock.
As for advice for his industry peers, Peacock said he’s seen the value of making things simple and had to know that after the first webinar introducing the DPP that the stores would get it and love it. “My new motto is if it needs instructions, then it is probably too difficult to execute,” said Peacock.
Somewhat related, Peacock said the project taught him the benefit of taking responsibilities and pressures off stores by creating an enterprise solution that transfers work load to a central office, in this case the RAC Field Support Center. “Our program had a high success rate because we did not depend on 2,400 store managers to identify devices that needed to be locked. We took care of that for them,” said Peacock. The Field Support Center also supplied a centralized tool to quickly provide information about locked phones, including the passcode needed to unlock devices, he added.
Peacock understands that the millions saved in year one is likely the program’s high watermark. As awareness grows among scofflaws and deadbeats, fewer are likely to rent phones with the intention to steal. But while savings from the DPP on smartphones levels out, the RAC asset protection team is already taking aim at its next target—laptop computers and tablets and, eventually, game systems and televisions. “The technology isn’t quite there yet, but the opportunity is definitely there,” said Peacock, anxiously looking forward to his AP team’s next million-dollar victory.