In Retail, Can A Shrink Shrink Shrink?

Written by Evan Schuman
August 27th, 2004

Opinion: In retail technology today, security is a chief concern, and CIOs are exploring any and all options?including a psychological approach for weeding out would-be thieves.

In retail IT circles today, no issue generates as much concern?if not outright panic?as does security.

You name it, we’re scared of it. That’s true when the topic is hackers trying to break in and steal credit card info, terrorists wanting to poison the apples, gun-toting bandits with their eyes on cash-register cash or the always-popular disgruntled employee wanting to steal their way to a nice, self-directed bonus.

Every time IT comes up with a technological defense against shoplifting or fraud, thieves come up with counters. More often than not, they are embarrassingly simple and obvious counters. An experiment with unit-level RFID discovered that a small, strategically placed piece of tape thwarts the anti-theft apparatus.

The most frightening of these threats is the most frequent: employees helping themselves or their friends to the merchandise. Unicru, a software vendor that creates human resources software, claims that it can attack the employee fraud problem by helping to identify likely thieves before they get onto the payroll.

David Scarborough is Unicru’s chief scientist, and he’s also a psychologist by training. Conceding that it’s a difficult puzzle to solve?because the kind of person who is likely to steal tends to be a person who is comfortable with deception and is often quite good at it?he nonetheless argues that it is possible.

It’s generally accepted that at least half of all retail shrink is based on employee theft. To steal in plain view takes a person who is comfortable with taking risks, although the thief doesn’t see it as truly risky. “They don’t think in terms of risk,” Scarborough said. “They think in terms of probabilities.”

The typical criminal employee thinks that he or she has a carefully planned scheme, so getting caught is considered impossible or at least not likely. Therefore, the threat of getting caught isn’t a deterrent. It’s similar to a popular argument against the death penalty, which is that capital punishment would discourage certain people from committing capital crimes.

The people it would discourage?legislators, attorneys, executives?are people who wouldn’t be inclined to commit capital crimes anyway. The people who would be inclined to kill for money never think they’ll get caught, so the severity of the penalty doesn’t influence them.

Scarborough asks potential employees lots of seemingly innocuous questions about how they would react in various situations. The applicant who is comfortable with a lot of risks gets looked at more closely.

Another hint: the desire to conform to community standards. If everyone in town is cheating on their tax return, it’s a lot easier to justify cheating on yours. Despite generations of mothers asking, “If Johnny Smith jumped off the Empire State Building, would you do it, too?”…. there’s a safe feeling to doing what everyone else is doing.

In an applicant questionnaire, this can be addressed as easily as asking applicants whether they believe that most people are honest. If they say they believe everyone around them is dishonest, they get an even closer look.

Scarborough stresses that his questionnaires?which can house 100 to 300 questions for an applicant to fill out in one sitting?are designed for the audience being tested. Often, answers that would rank poorly for a customer-service applicant might rank well for a senior manager. Persuasive abilities, for example, are great for executives, but are not as desirable in someone who is supposed to be listening to customers all day.

The psychologist tells of one executive who complained that the test was worthless because he personally took it and failed. Scarborough countered that the test was not intended to evaluate someone at his level. (He’s good. I would have been too tempted to have told the exec that the test was fine, but that he shouldn’t tell too many people that he failed. If nothing else, it would have driven the exec crazy.)

The tests also throw in some truth-detecting questions, such as asking them whether the following is true: “I have never gotten angry with anyone.”

Sometimes, Scarborough said, retail job applicants don’t even read the questions, they simply start answering everything randomly. Why? Those applicants may not truly want the job, but need to apply for the job to satisfy a regulation, such as for unemployment benefits or a parole requirement.

This all dances around the core question: Can retailers truly use test questions to eliminate or sharply reduce the number of thieves on the payroll? Can they indeed reduce shrinkage with a shrink?

Although there certainly are exceptions, most retail employees do not start as thieves looking for a victim. For many, it’s the chore of inventory and handling cash registers that puts temptations in front of them. Couple that with a low salary and little if any feeling of ownership, and you have theft waiting to happen.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.