Detecting internal theft at JCPenney has leap-frogged into the 21st century. Just five years ago, attempting to identify possible fraudulent refunds meant that every month, we would take a week’s worth of refund media, separate it by register, and try to find a correlation between the media to the individual detail tape from the register. We also distributed feedback letters to customers receiving cash refunds in an attempt to verify that the refunds were authentic transactions. This process was time consuming, random, costly, and constantly inconclusive…like looking for a needle in a haystack.
Today, our world has changed.
JCPenney is one of America’s largest department store chains. We employ more than 200,000 associates and operate nearly 1,100 department stores throughout the U.S., Puerto Rico, and Mexico. Maintaining an effective loss prevention program using processes such as this companywide was next to impossible. To be more effective, we needed to make vast improvements in our programs by becoming more automated.
We all dreamed of a system that could show us the “red flags” rather than having us search for them. We wanted a tool that would alert the loss prevention personnel to associates making unusual sales transaction adjustments that fall out of the norm from other associates in the same department or store. Our dream came true. At JCPenney, we call it the Loss Prevention Database.
From Paper Sorting to Point-and-Click
The Loss Prevention Database was conceived in 1996. The idea grew out of an existing, but limited, exception-reporting system called Platinum, which was already collecting some point-of- sale data. Together, the loss prevention and audit departments brainstormed the idea of adapting Platinum information into a Web-based LP exception-reporting system. Our goal was to integrate store server-based register transaction information into a process that would automate our company’s test-and-check program being performed in the stores. Over several months, associates from LP, audit, and information technology collaborated and hammered out what information the system would retrieve and how it would go about retrieving it.
While many retailers look to outside companies for loss prevention programs and solutions, we were able to develop this project internally through our own IT department. This meant we didn’t need to spend time educating our information systems team on the JCPenney method of business operations, because they already understood how it works. However, we did need to explain to them how a thief thinks and how the captured information we were requesting from the system would point to them. Developing the project in-house also helped us keep costs down.
Logistically, it was also easier to get together regularly to discuss issues and revisions. Everyone on the development team was centrally located, in many cases, in the same building. This reduced production time, possibly by more than 25 percent. Seeing the benefits of the database catching the criminals was very gratifying to everyone on the team, because we all worked for JCPenney. We were all contributing to the company’s success.
Initiating the Database
Even before we officially launched the new system, it proved its value by finding several instances of internal fraud. We actually found one case while performing quality and assurance on the system, when we observed an associate ringing their own transactions with unauthorized discounts.
Another incident occurred while we were conducting a training session with store LP managers. We identified an associate processing a fraudulent cash refund for $20,000. Forty people in the room witnessed the identification and all said at once, “WOW!” It was incredibly exciting, because these were the LP professionals who would be using the database. They were able to see how effectively it worked immediately.
Before we rolled out the system in 1998, we faced a challenge in training 1,100 stores on how to operate a brand new program. We also needed to train all loss prevention associates in the home office, regional, and district offices. We accomplished the training using a three-pronged approach. We produced a CD-ROM training video to distribute to the stores; we held several hands-on training sessions in approximately twenty-three districts; and we conducted seven training sessions using the company’s internal direct broadcast satellite system.
Keeping Pace with the Criminals
Once we activated the database and began working with it, we saw opportunities to make enhancements. Thankfully, we had designed it for easy upgrades.
Shortly after the initial rollout, JCPenney began offering customers our new gift card. Gift card fraud took off almost immediately. Associates would typically either add value to a gift card and not pay for the added value, or they would process a fraudulent return and add value to the gift card.
Ironically, when they used the stolen gift card, they usually asked for their associate discount when purchasing merchandise. That was their downfall. By using their associate discount, we tied them to the fraudulent gift card. In less than a year, we updated the database to catch these types of gift card transactions.
During the upgrade, we also added terminal variance charting. This enhancement allowed us to “chart” registers when we suffered short cash. The new report listed the associates that worked on the registers who were short in the past 90 days. We were then able to target those associates who were consistently on the short registers. In the past, charting of variances was performed manually. We had to look at individual register detail tapes in an attempt to identify the associates ringing on the register.
At this same time, we created remote access, which allowed loss prevention personnel to use the database to review any store in the company from a central location. This was a critical improvement.
What was most gratifying about the database was that we were able to hit the ground running. From the start, it was pointing to the right people. The associates who were “flagged” by the system were the associates committing fraud. Before we had the database, we were always trying to find out if we had a problem. The system was now telling us not only when we had a problem, but who was responsible.
Loss Prevention Analysts
Prior to 2001, the responsibility of monitoring the database fell on the store loss prevention managers and, in some cases, the store managers. In 2001, we centralized these responsibilities in 600 of our smaller stores without loss prevention staffing. We created a loss prevention analyst position to monitor a group of assigned stores remotely from the home office. Each analyst oversees approximately 60 to 70 stores, reviewing four to five stores per day. They support these stores by working with them when instances of possible theft arise. Since September 2001, the analysts have identified 583 internal theft cases for an admitted loss of $1.5 million in these 600 smaller stores. In the past, most of these cases may not have been identified.
Crunching the Numbers
The database allows us to view any complete transaction, in any store, at any time during the past 90 days. The database is flexible and can be changed to suit the report specifications by using adjustable parameters. We can change those parameters and sort the reports in a variety of ways, allowing us to review the results more easily.
There are a variety of theft methods we review regularly. In most cases, associates who take money from the register usually post some kind of sales transaction adjustment to the register to cover their tracks. We review these transactions to search for possible patterns of theft. These transaction reviews include
- Cash refunds,
- Charge credits,
- Voids,
- Terminal variances,
- Sales corrections,
- Discounts, and
- Gift cards.
- The following are examples of these transactions and how the database may reveal the possible fraud.
Cash Refund. We give a cash refund for customers with a valid JCPenney receipt indicating a cash transaction. All other returns become either a charge credit (returns with an appropriate receipt) or a gift card return (returns without a receipt). The database flags associates who perform more cash refunds than the store average andidentifies cash refunds without a receipt. In either case, the exceptions are indicating the possibility of an associate taking cash from the register using a fraudulent cash refund to conceal the theft.
Charge Credits. We give a return (credit) on a charge card for customers with a valid JCPenney receipt indicating a charge purchase. The database lists all charge card numbers that have received a specific number of credits (3, 4, etc.) for a specific amount ($250, $500, etc.). Associates who fictitiously credit their own personal charge accounts (or an acquaintance) will be identified by this report.
Voided Sales. An associate has the ability to void a transaction that is incorrectly performed. A fraudulent void can be created if the associate voids a legitimate sale whether for the purpose of stealing the funds or by not charging the customer. The database identifies those associates who complete voids higher than the store average. Also, the database identifies excessive amounts of time between the void and the original sales transaction. The longer the time between the transaction, the more likely it is a fraud.
Terminal Variances. The database will identify registers that are short or long by a specified dollar amount. The database can also chart the registers to a listing of all associates who worked on that register for a specific day. Using this report, we can identify the specific associate (primary suspect) who worked on the majority of days when thevariances are excessive.
Sales Corrections. Office associates have the ability to adjust previous transactions from the sales floor for correction purposes. This access opens up the possibility of creating fraudulent transactions from the office. The database lists all the corrections processed in the office for ourreview.
Discount. Another form of fraud is under-ringing merchandise with unauthorized discounts. The database analyzes all the discounts available to the associates and compares associates totals to the store average.
Gift Cards. Gift cards are sold to customers or used in the form of a return. As previously mentioned, gift card fraud can come in two methods, sales or returns. The database identifies those associates who process more gift card returns than the store average and also provides the capability to review any gift cards history for the last 90 days. We can also track the gift cards usage and correlate the gift card back to a sales or refund register transaction.
When we built the reports in the database, we built in variable parameters needed to provide the exceptions. We included a store average multiplier, which grades the number of risky transactions (cash refunds, credits, etc.) against the stores’ totals. For example, we can ask the database to show associates three times greater than the store average and it will list them at the top of the report.
We even have one report that simply lists all associates who have rung transactions for themselves , meaning the associate completing the transaction used his or her own associate discount number. We call this report the exception associate discount report. As ridiculous as it may seem, we have identified many frauds where associates rang their own transactions with unauthorized discounts and, in addition, still used their associate discount.
Once substantial evidence is found on a particular associate, the district loss prevention manager (DLPM) decides what course of action to take. The DLPM may decide to monitor the associate in order to obtain further evidence when needed. Or, the DLPM may choose to interview the associate based on information gathered from the eports. Termination and prosecution is pursued on all confirmed internal theft cases.
What Will the Future Bring?
While JCPenney’s shrinkage rate is generally at or below the retail industry average, we are always looking for ways to reduce that number even further. The Loss Prevention Database is helping us do that.
Down the road, we will certainly make enhancements to keep up with the changes in our business. As the company changes, the system will have to change through upgrades and adding new processes and programs to provide the best information possible.
We are currently planning on providing our loss prevention analysts with access to digital video from store security cameras. This will help us act more quickly and decisively on cases. For example, we will be able to review video centrally on suspected transactions that have been identified by the analyst and immediately determine whether or not the transaction was fraudulent.
We are also planning on expanding the responsibilities of our loss prevention analysts to the rest of our stores. This will allow us to become even more cost efficient and provide all of our stores with the best service we can offer.
In the end, the system performs exactly the way it was designed. It provides the information we need far more efficiently and effectively, cutting the time spent looking for problems.
The Loss Prevention Database is, by far, the biggest achievement in our department in the last decade. In the past, it was as though we were fishing with a stick and some string. Now we are waiting for the fish to jump into the boat. Fishing has never been better!