What is the future of crime and security in the retail industry? That was the key question posed at the British Retail Consortium’s ‘Charting the Future’ conference, in partnership with Aon. Held in London on the 25th September 2018, delegates and key specialists from across the retail sector came together to discuss crime and security trends, and how retailers can best prepare and respond.
Has the retail industry thought enough about what rapid changes such as the increased use of technology and changing consumer behaviour mean when it comes to dealing with crime in 10-15 years’ time? Not so, said James Martin, Crime and Security Advisor for the BRC who, in opening the conference, told delegates that the industry needs to do more to understand how these changes will affect retailers’ approach to crime: “We all know that prevention is better than cure and it’s certainly cheaper. If we can start to design in the crime now, we don’t have to think about spending fortunes to try and design it out in the future once these systems are up and running.”
The digital revolution
As digitisation transforms the retail business model – in 2006, 3% of shopping was online, while today it's about 18%1 – it is bringing both threats and opportunities to retailers. In particular it is driving a change in consumer behaviour said Rachel Lund, BRC’s Head of Retail Insights and Analytics: “The role of the online home assistant – Amazon’s Alexa for example – is likely to grow as consumers use algorithms to help them run their lives, with smart homes connected to these devices in future for automatic ordering. There will be a drive to integrate the retail business into smart home devices.” Consumers are also becoming more comfortable in sharing their data, added Lund, which is both a threat to retailers – from a security and regulatory perspective – and an opportunity to use that data to refine their offering.
As digitisation transforms the retail business model – in 2006, 3% of shopping was online, while today it's about 18% – it is bringing both threats and opportunities to retailers. In particular it is driving a change in consumer behaviour said Rachel Lund, BRC’s Head of Retail Insights and Analytics: “The role of the online home assistant – Amazon’s Alexa for example – is likely to grow as consumers use algorithms to help them run their lives, with smart homes connected to these devices in future for automatic ordering. There will be a drive to integrate the retail business into smart home devices.”
The changing nature of crime
For the physical ‘in-store experience’, this digitisation and changing consumer behaviour means that it is important to understand that retail is no longer a linear process for the customer. “It was easy to see the progress of an individual as they enter the store; as they select their goods; as they progress to the checkout; and as they pay. It was very easy to see where security needed to be introduced. It was predictable and was much easier to spot people with malicious intent. That world has now gone,” said Dr. Emmeline Taylor, a Criminologist at the City University of London. In turn, she added, retailers are having to become more comfortable with relinquishing control to their customers at the most important stage – the point of payment. “We’re giving customers that autonomy and we need to be able to trust them but also trust the systems that are in place to ensure an honest transaction.”
On-line retail operations are also just as susceptible to crime as cyber criminals take advantage of the growth of digitisation, not just by targeting retailers but also by targeting their suppliers.
Understanding the motivation
Crime is often not a rational crime either. In research focused on armed robbers, Taylor discovered money was not always the objective. “The average take from a robbery is around £500 which leads me to think that the average armed robber is still not that rational…which means security strategy needs to be attuned to offender motivation to really understand their perspective.” One motivation is around status with one offender calling armed robbery, “an A class crime…the more violent the crime is, the more respect you get.” So we’ve got a bigger problem than just locks and bolts and cameras said Taylor. “If these individuals are not as rational as we’re presuming, then there needs to be a more complex security strategy in place and one that plays on the morality of these individuals.”
Self-service shops are also uncovering new types of offenders said Taylor, ranging from individuals who first steal goods by accident, to the ‘switchers’ who swap labels for cheaper goods. “They don’t see themselves as criminals, they’re just playing the game and because they paid something they still think they’re being honest.” Add in the ‘compensators’ who, by doing their own checkout, think they should be compensated for doing the work for the supermarket and the frustrated consumers who fully intended to pay but were unable to scan an item properly, and the retail security challenge grows.
Countering the cyber threat
On-line retail operations are also just as susceptible to crime as cyber criminals take advantage of the growth of digitisation, not just by targeting retailers but also by targeting their suppliers. US retailer Target Corporation for example suffered a widely-reported loss in 2013 when the credit and debit card details of 70 million customers were compromised following the breach of a supplier’s systems. It’s why businesses need to take a more holistic approach to building a cyber resilient organisation, said Christopher Scott – Cyber Risk and Resilience Specialist at Aon: “Who are the key suppliers that could cause the greatest amount of danger in terms of the data you supply to them and what is your reliance on them from a business interruption perspective? Reflect that risk in your terms of business with them whether that’s in limits of liability, additional assurance around their cyber security posture and even rights of audit on their cyber security.”
“businesses need to take a more holistic approach to building a cyber resilient organisation”
Meeting the challenge
There are however a lot of basic things that retailers can do to deal with the cyber threat such as ensuring cyber security training for employees. But there was broad consensus during the panel discussion that, in combatting all crime whether physical or online, the retail industry would benefit from sharing more information in the future and working less in silos. This could include sharing the latest methodologies retailers see from cyber criminals more effectively. And closer co-operation with police forces to help catch criminals would also be beneficial, with the development of a shared language between retailers seen as key in helping pull evidence together for the police to use, particularly as they work to target organised gangs.
The growing incidence of extremist inspired violence is also a concern. A round table discussion focused on the threat and concluded that while individual stores are unlikely to be a target, an attack in the area can significantly impact footfall affecting short and long-term profitability. Minimally staffed shops – again enabled by technology and changing consumer behaviour – could also throw up new vulnerabilities: does less staffing increase the opportunity for store theft, for example? It might take greater use of emerging technology such as body cameras and risk necklaces to help keep employees safe.
A place for AI
The round table discussions concluded with a look at what artificial intelligence means for retail security. Machine learning is already analysing vast amounts of data and it was agreed there is a place for automation in the protection against certain risks and threats. Is there however a moral hazard in terms of creating systems that are easy to use and navigate for consumers, who can then forget they also need to be responsible for their own data?
To find out more contact Chris Scott
1 ONS, BRC calculations, BDO reshaping retail