3 key learnings from NRF PROTECT 2024

How retail security professionals stay ahead of risk
Director, Social Media & Digital Communications

Retail risk, cybersecurity and law enforcement professionals convened June 4-6 at the Long Beach Convention Center for the retail security risk event of the year: NRF PROTECT. Leaders discussed the convergence of risk that the industry is facing today and looked ahead at the partnerships required to prepare for emerging threats tomorrow and beyond.

From call-center and gift card fraud to phishing, organized retail crime and more, staying ahead of tomorrow’s fraudsters requires sophisticated tech, team collaboration and a futures mindset.

Plan to prevent phishing and other attacks

The rise in sophistication of crimes from threat actors cannot be understated. Today’s hackers are committed, persistent, non-conforming and curious, said Ted Harrington, executive partner at Independent Security Evaluators. Roadblocks don’t stop hackers but instead make them curious for a new route.

Retail teams can help stop these bad actors with adequate training on common hacker terms and tactics, and also by following their gut, says Stephanie “Snow” Carruthers, chief people hacker at IBM, X-Force.

Prevention tactics start long before an incident occurs. They can include:

  • Anticipating customer and employee activity: identifying habits, using multifactor authentication and password managers for storing passwords, and hiding social media accounts
  • Training employees in techniques like identifying typo squatting in phishing emails
  • Developing a process for reporting malicious activity immediately
  • Making consequences clear — 26% of fraudsters said they would not commit return fraud if they knew they’d be banned from returning to that store, said Stephen Dubeck, corporate security and ecommerce fraud prevention manager at Petco Health and Wellness Co.

Take tech seriously

Emerging technology is helping retailers protect their stores, and a more protected store has the potential to create experiences that lead to greater brand affinity. Machine learning and artificial intelligence has put us in the “fifth industrial revolution,” said Tom Meehan, president of CONTROLTEK. You never want to be the first company that’s challenged — and you don’t want to be the last to adopt vital technology. Crime actors are using artificial intelligence to assist in interstate crimes and it’s imperative that cyber experts adopt the latest security tools.

Tech that can decode the intention of individuals is already in the works. FaceFirst’s “ethical face matching platform” tool combines human decision-making and assisted AI that could identify a previous shoplifter who is known to have violent tendencies, said Dara Riordan, president and COO of FaceFirst. Tools like this help remove human error and offer multiple layers of data for storing and tracking trends that help create robust profiles on threat individuals.

As with any new technological integration, retailers must consider whether there is more risk with the technology or without, and consider the legal and reputational challenges.

Craft a future where knowledge and storytelling represent power

Retail security leaders rely on the collection of data and production of information to make informed decisions. The right data collected leads to the dissemination of information that creates institutional knowledge.

Moving cohesively requires bringing in all stakeholders, even those who may not have traditionally been involved in all levels of the process. “Don’t take as gospel the business logic of your organization,” said Shawn Harris, deputy CISO of Chipotle Mexican Grill. Harris emphasized the importance of challenging processes and getting many voices at the table to help prevent blind spots. General counsels, public relations teams and others can help not only show the impact but tell a story of how new security tools and strategies could impact team members and the public.

Because not all departments speak the same language, data can help guide a “holistic defense” that is unmistakable, said Mark Plesser, manager of EdgeSec and digital fraud at Dick’s Sporting Goods.

Combined with data, qualitative methods like storytelling also help illustrate the severity of loss. While discussing San Diego County’s model of organized retail theft prosecution, District Attorney Summer Stephan underlined the impact of sharing economic as well as emotional impacts of crime, such as how lack of safety creates an emotional toll on employees that ripple effects to the greater community.

Organized retail crime

Local stories on the impact of organized retail crime help paint a narrative that is impactful for policy as we get closer to new laws that address ORC. Take action now and share how organized retail crime is impacting your community by urging Congress to pass the Combating Organized Retail Crime Act.

Nikolas Badminton, chief futurist at futurist.com, recommends retailers enter an era of anticipation, scanning for signals of change to keep their eyes on emerging threats around the corner. Utilizing imagination, anticipation and empathy, Badminton said retailers can use “futures work” to anticipate developing crime related to globalization.

How would crime prevention be defined in a society where organized crime could include stealing energy, food and water? Looking for pockets of the future in our current challenges and watching for “what if” moments can help us create safer societies.

“As a skill, we need to deepen our empathy … an empathy for the people we are trying to fight,” Badminton said. “Futures work doesn’t start in the future. It actually starts today.”

Related content

Balancing the threats and opportunities of AI
Retail leaders speaking at NRF PROTECT.
How security leaders can effectively support the innovative use of artificial intelligence and protect against risks.
Read more
Cargo theft trends and lessons learned
Retail leaders speaking at NRF PROTECT.
Experts from Walmart, NRS and the FBI discuss the latest trends and actions for retailers to protect themselves.
Read more
Lessons from a decade of cybersecurity collaboration
Retail leaders speaking at NRF PROTECT.
Senior technology executives and founding members share insights from NRF’s IT Security Council.
Read more