Risking it on retail

October 2011 Conferences & Events, Retail (Industry)

Retail is a tough, competitive game, made all that harder by the rampant criminal element in South Africa. And while the focus on retailers must be on the efficient movement of low-margin products in and out of their stores, they also need to spend more time and money on protecting themselves and customers from criminal syndicates and opportunist thieves. Ignoring the customer impact of violent crime has an impact on sales in a competitive environment as the public will automatically migrate to stores they feel are more secure, especially those who have experienced the trauma of an armed robbery.

At the same time, retailers need to protect themselves against the legal liabilities of ignoring the Occupational Health and Safety Act, as well as false claims of injury by customers. Retail Risk is aimed at dealing with these and more issues in an intensive one-day conference.

This year’s conference offered delegates a full day of information as well as a range of exhibitions covering a range of technologies and solutions aimed at the retail environment. Exhibitors included, Suprema (Neametrics), CCTV in Focus, GPT, Cash Connect, Security Viewer and ATEC.

We were also privileged to have a keynote presentation by Lieutenant General Petros, the SAPS Provincial Commissioner of Gauteng, focused on the partnership between SAPS and the business environment (see ‘Collaboration is crucial’). The day was chaired by former SAIS chairman Francois Marias, who also introduced the delegates to the new Child Survivors of Crime Charity (www.csoc.co.za), which, together with the SAPS Widows and Orphans Fund, were the two beneficiaries of the event.

Below is a short summary of the day’s events.

Effective risk analysis

Starting the day off, Willem Visser, group asset protection manager at AVI, discussed exactly how to conduct a risk analysis.

Willem Visser
Willem Visser

We have all heard people, either internal staff or consultants talking about a risk analysis, and we often rely on other people to handle these tasks without knowing what they really measure and how they measure it. While there is no one rule that prescribes how a person or company is to conduct a risk analysis, Visser took the audience through a journey, complete with spreadsheets, to demonstrate the process.

Visser explained that risk varies from industry to industry and business to business, but all businesses face some forms of risk and these need to be identified and mitigated to allow the smooth running of business operations. The goal of a risk analysis is to get all the players on the same page, understanding the risks the business faces and the reasons behind the chosen mitigation strategies.

His advice is that companies engage in a process of identifying all risks and rating them as to the likelihood of them happening and the impact if or when they occur. The impact may be financial, physical, legal etc. Then it is time to examine the current controls in place to deal with each problem and their effectiveness.

From this information, the residual risk rating is calculated which will simplify the next steps to be taken and the urgency with which problems must be dealt with. Along with this, the person responsible for implementing the mitigating measures and a target date for their implementation must be added. The business must also decide how these risks are going to be monitored in future.

Visser stated that risk management is not a once-off exercise, but an ongoing process. Once the first analysis is done, the maintenance and upkeep of the mitigation processes is just as important, as is identifying new risks as they arise.

A return on your security investment

Charles Lowings, retail control manager at Spar Stores was up next. Lowings gave the delegates insight into how a security solution can be extended to offer more than simple video footage. In fact, he said that your security service provider must be able to use technology to reduce shrinkage and to prevent crime, not merely provide footage after the fact.

Charles Lowings
Charles Lowings

Technology plays an important task in reducing crime if it is implemented correctly. The task of finding the correct technology, however, is difficult as retailers are faced with an abundance of suppliers to purchase their equipment from and each claims their solution is best. Lowings offered three rules to consider when buying equipment:

1. It must reduce losses or prevent crime at a competitive price.

2. Is must be practical for the intended function.

3. Retailers must know what the return on investment will be and how long it will take to achieve this.

The technology he focused on, that has proven effective for Spar, includes CCTV, alarms systems and cash acceptance systems.

Among other things, CCTV systems must be able to provide video auditing on tills and scales, delivering effective data mining solutions that detect and identify suspicious activity. To efficiently deal with alarms, remote monitoring services should also be enabled to provide effective oversight to alarms, guarding and cash movement. Surveillance systems must also be set up in a manner that will allow for the accurate identification of suspects. He added that automatic number plate recognition (ANPR) is the best and most cost effective method to prevent crime in shopping centres.

He went on to discuss the effective implementation of alarm systems to ensure they work as desired and also deliver the required returns.

Cash acceptance technology is the future of retail operations, resulting in less cash in the tills at any one time and a faster cashing up process with a lower potential for mistakes and theft. It also makes it safer for staff and customers, and far less profitable for criminals to stage an armed robbery.

Lowings summed up by noting that the correct use of technology is not a nice-to-have, but will result in a safer shopping environment for customers and increased profits to the retail industry.

Health and safety is your concern

Errol Peace, director of BTC Training and chairman of the SAIS was up next with a keen insight into the legislation companies in the retail sector need to be aware of. He said that there are 214 different types of legislation for businesses to consider. “Ultimately, you need to ask yourself the question: ‘Do I want to work harder or smarter?’ For this reason you need to look at incidents in the workplace from an OHS (Occupational Health and Safety) standpoint.”

The challenges that exist, according to Peace, include:

• Having to develop staff more efficiently.

• Time restraints.

• Increasing productivity.

• Combating rising costs.

• Shortage of skilled employees.

Errol Peace
Errol Peace

“Legal compliance to the OHS Act is part of the risk/security function in a company and this is addressed from a legal liability perspective (outlined in a number of Acts) and the legal requirements (do’s and don’ts in the OHS Act),” said Peace.

With regard to legal liability, the following apply:

1) Constitution.

2) Common Law compliance.

3) Statutory Law.

4) OHS Act.

5) Labour Relations Act.

6) Basic Conditions of Employment.

7) Compensation of Injuries & Disease Act.

8) Corporate governance and King Report.

9) Metro bylaws and building bylaws.

The CEO of the company is responsible, according to the OHS Act section 16 (1) for the safety of his employees. “Every chief executive officer shall as far as is reasonably practicable, ensure that the duties of his employer, as contemplated in this Act, are properly discharged.”

Compliance will result in reduced costs, maintaining company reputation, continuity/sustainability of the business, a motivated workforce and competent employees. Training is deemed critical to success and covers a number of aspects. Successful training will result in the employees being able to identify and address hazards in the workplace, resulting in a healthy and productive environment.

It is essential to keep your health and safety programme simple in order to get buy-in from your employees. Remember that good training is an investment, not a cost.

Technology beyond security

Continuing from Peace’s presentation, Kevin Monk, technical director at the Bidvest Magnum Group then posed the question: “Are we really doing things right?” He said that CCTV installers need to submit the following documents prior to an installation:

* Notification of construction work (after contract award).

* Appointment of contractor by client.

* Legal appointments.

* 37 (2) Agreement between client and contractor (after contract award).

* COID number of company (Workmen Compensation number) and copy of Letter of Good Standing.

* Contact details of all appointed persons.

* Contact details of company’s Head Office and contact person.

* Nature of your work at client’s site.

* Your client’s contracts manager.

* All sub-contractor’s details (appointments as per Section 16).

* Number of persons working for you (contractor and sub contractors).

* Starting and completion date on site.

* Baseline risk assessments and safe written work procedure.

* Procedure for disposal of waste.

* Fall protection plan (if applicable to contractor).

* Health risk assessments.

* Company’s three year statistics (number of employees, type of incidents).

* Method statements must be comprehensive.

* Risk assessments to include the methodology.

* Training matrix.

Kevin Monk
Kevin Monk

In addition, if you are using an integrator, you must employ a stringent vetting policy and deal only with reliable and certified integrators who preferably have a national footprint. The recordings from the CCTV system can be of significant importance in preventing accidents occurring. Conversely, if a correctly trained employee has an unfortunate accident due to ignoring the instructions provided, the evidence from the CCTV cameras can be critical when defending your company against potential legal action.

It is also important that CCTV systems are correctly maintained. Maintenance is perceived as a grudge purchase. To get the maximum benefit out of a maintenance contract you should build the cost into the tender price. There are a number of things one should include in a maintenance contract:

* List the facilities covered by the contract.

* List the normal hours and days on which work will be required.

* Describe the required emergency response time in case of system failure.

* Compile a detailed list of all equipment to be serviced under the contract.

* Define what spare parts will be maintained and immediately available for emergency installation in case a strategic component in the system fails.

* Insist on regular maintenance meetings.

CCTV is a business asset and a criminal’s liability

Up next, criminal attorney Juan Kotze and Spar Risk Manager Keith Alexander presented a variety of eye-opening CCTV surveillance footage demonstrating non-violent and violent acts of deliberate theft from a number of Spar stores. This provided the backdrop to the importance of taking control away from the criminal element and placing it back into the hands of law-abiding citizens and businesses.

Juan Kotze
Juan Kotze

Keith Alexander
Keith Alexander

In 2000, the CEOs of the major retail stores got together to form the Consumer Goods Risk Initiative to create a safer environment for shoppers. It was acknowledged that violent crime is the biggest risk to society. Apart from the moral and ethical implications of in-store violent robberies, imagine the negative effect a robbery has on a business. Customers are, naturally, not keen on revisiting your store if there is a risk of crime.

Both Alexander and Kotze pointed out that CCTV surveillance has a huge role to play in the identification, apprehension and prosecution of criminals. “However,” Kotze cautioned, “if the footage is not high resolution, there is little chance that we will be able to make a positive identification of the perpetrators. Although the costs are higher to ensure better resolution, the benefits down the line are immeasurable. Factors to consider here, in addition to camera quality, are camera position and ambient lighting.”

Research shows that syndicates often leave a member behind in the store after an incident to uncover what evidence police might have found and whether any identification has been made. “Good CCTV footage can be used to differentiate between innocent bystanders and criminal elements,” said Alexander. “Businesses can assist the cash-strapped legal system by sponsoring suitable equipment for viewing of footage in the courtrooms.”

[The Safe City Initiative in Pietermaritzburg is a good example of public-private cooperation. – Ed.]

Insider fraud in the retail environment

Steven Powell, director of attorneys Edward Nathan Sonnenberg was the next presenter. He gave the Retail Risk delegates insight into the threats the retail industry faces from insider fraud. His goal was to explain insider fraud theory, provide an overview of the fraud landscape in this sector and provide a few case studies highlighting how easy it is for white-collar criminals to steal from their employers.

Steven Powell
Steven Powell

Powell provided a ‘fraud recipe’ that is applicable in almost all cases of insider crime. This triangle has three sides:

1. Pressure: The financial pressure many people find themselves under in the recession provides one driver that pushes them to commit fraud. Bad habits, such as gambling or narcotic addictions also play a role in this regard.

2. Opportunity: With people already feeling the financial pressure, when an opportunity to commit fraud arises it acts as another driver pushing them to take the plunge. Powell says theft often starts small and grows as the thieves gain confidence after not being caught.

3. Rationalisation: With the other two drivers in place, it becomes easier for the perpetrators to rationalise their criminal activities. Many of them view their theft as ‘borrowing’, telling themselves they will repay the money when their ship comes in; others see it as their right since they believe they should be paid more or promoted.

He then went on to describe how thieves manipulate the system to transfer funds to their own accounts – and how easy it sometimes can be. His case studies gave clear examples on the risk of electronic funds transfer and compromised passwords. In this instance, the crime methodology seemed too simple to be taken seriously, but it was anything but amusing. In one case R2 million was stolen in one year, and in another R4,2 million was misappropriated with R1,7 million being stolen in one morning alone.

He ended by highlighting what the companies in question should have noticed about the thieves and their activities that may have allowed them to prevent or at least discover their operations earlier.

Profits go up in smoke

Luché Joubert, manager legal counsel for British American Tobacco South Africa (BATSA) then addressed the increasing proliferation of counterfeit cigarettes and the effect this is having on profitability. There are three different areas to be addressed here:

* The supply, distribution and sale of tobacco products on which applicable taxes in the country of consumption are not paid (includes smuggled genuine product from outside the borders and undeclared local production)

* The supply, distribution and sale of tobacco products that do not comply with the local tobacco legislation. Elements to look out for are Health Warnings, SA diamond stamp, maximum tar/nicotine readings

* The manufacture, supply, distribution and sale of counterfeit tobacco products. This is the making of a copy of another trademark holder’s brand without their knowledge with the intent to defraud customers or consumers.

Luché Joubert
Luché Joubert

As police pressure on these criminals increases, the sale of these products has moved from more traditional sources to non-traditional outlets such as mobile addresses, empty plots, storage facilities, rented properties etc. The balance then moves from an organised formal sector to a non-organised informal sector.

Joubert pointed out that Gauteng is a good consolidation point for entry and distribution of illegal goods. In 2010, six billion sticks (300 million packets) were sold illegally, accounting for 25% of total cigarette sales. This resulted in a revenue loss of R3,4 billion. He then discussed the steps that BATSA is taking to combat this fraud:

* Collecting market information and passing it on to law enforcement agencies for investigation.

* Supporting law enforcement related to illicit trade in cigarettes.

* Supplying information to traders to guard against illicit cigarette products.

* Engaging authorities to address shortfalls in the laws relating to the combating of illicit trade in cigarettes.

* Raising awareness of the threat of illicit cigarettes at consumer and trade levels.

* Structuring portfolio of products to offer consumers lawful product at a reasonable price.

Knowledge is profit

Connie Grobler, technology specialist, identity and security management at Novell SA was next, speaking on the role of identity management in retail. She said that, no matter what is in the warehouse or on the shelves, the most valuable piece of information within every company is its information. In retail this could be discounts or rebates or personal information about staff.

Connie Grobler
Connie Grobler

Every company therefore needs to put the controls in place to protect their information and make it as near impossible for a malicious party to access it. However, for information to be useful, someone must be able to access it. This conundrum impacts all organisations.

Grobler added that internal users are the weakest security link and criminal syndicates are exploiting this internal weakness access to a degree never seen before.

Added to this are the myriad laws and regulations that stipulate how data should be managed. The Protection of Personal Information and Consumer Protection Acts are very relevant in South Africa at the moment, as are Occupational Health and Safety laws. For companies with international parents, additional regulations apply, such as Sarbanes-Oxley, Basel II, HIPAA, PCI-DSS and others.

Identity management will assist in this regard by controlling who signs on, opens applications and accesses data. While the topic is too complex to cover in a short summary – and even in a presentation – Grobler says a good starting point is simple synchronisation. The automated provisioning and deprovisioning of accounts and permissions improves the accuracy of data held about individuals, by ensuring that they have access only to what their role requires and by providing an audit trail. The automation of these processes significantly reduces operating costs as they relate to user management, and it ensures prompt and consistent application of permissions (or revocation) for an individual or a large number of users, frequently without IT interaction.

Grobler ended by highlighting three key concepts of identity management:

1. Authentication: Verifying who a person is.

2. Authorisation: Determining what a person can do.

3. Accounting: Auditing, tracking, recording and documenting what a person did.

Data mining cuts shrink

Another presenter who focused on the benefits of business intelligence to prevent retail fraud was Newco director, Bryan McDermott. McDermott started by highlighting the billions lost each year globally due to shrinkage, as well as the most popular items to thieves. As many of the other presenters, he noted that the largest source of shrinkage was internal, from a small number of staff members that can’t keep their criminal inclinations in check.

Bryan McDermott
Bryan McDermott

Retail losses are not only due to theft however, as McDermott noted that of the billions South African retail operations lose each year due to retail out-of-stock situations. By using business analytics applications, companies are able to transform their retail devices into ‘multifaceted, real-time intelligence systems’ that improve operations and profitability.

Traditional business intelligence applications require a substantial amount of computing power, however, McDermott recommends an offsite (or cloud-based) service that analyses retail operations’ data to detect any activity out of the norm. This can include POS (point of sale) anomalies as well as those occurring at weighing areas or kiosks.

With retail business analytics, retailers can deal with employee shrink at the POS through automated focus on potential fraudulent sales reducing activities such as returns, markdowns, voids, no-sales, credit card fraud, discounts, and coupons. It also improves the efficiencies of electronic article surveillance (EAS) systems by automatically focusing on the causes of alarms, the location and tracking of empty boxes and defeated tags, and diagnostic alerts to increase system uptime.

Best of all, it increases overall sales by automating analysis of store customer traffic to sales. This sales conversion rate, along with the ability to track labour expenses to store traffic, can help optimise scheduling of store personnel to both reduce costs and improve overall sales.

Delegate reviews

I must congratulate you and your team on the excellent event being arranged and thank you very much for the opportunity to have been invited to attend a seminar of such significance.

Unfortunately, my colleague and myself were recalled just after 12:45, to attend an urgent management meeting w.r.t. our responsibilities at the Government Security Regulator in Pretoria and had to leave during the mind boggling presentation of Mr Juan Kotze from SPAR.

The information shared by all of your presenters definitely extended our scope to security challenges in the retail industry.

Lt Colonel HJ van Heerden

On behalf of the FNB representatives, I would just like to congratulate the organisers of the Retail Risk conference on a job well done.

The topics and speakers were relevant and current. The conference was aimed at retail risk, however a lot of the information was applicable to other industries such as banking. I believe it is a challenge to compose a conference such as the Retail Risk conference, and still make it relevant to multiple industries and on this the conference was a great success.

Thank you for an enjoyable, yet worthwhile conference day.

Elize Buys, Intelligence Analyst, Branch Banking, FNB



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The expanding scope of electronic locks
Technews Publishing ASSA ABLOY South Africa Access Control & Identity Management
Electronic locks are a growing market, extending from single doors to fully integrated security solutions, including the ability to manage everything from a mobile app.

Read more...
From the editor's desk: A new start
Technews Publishing News
      Welcome to the first issue of the Smart Access & Identity handbook, Smart Access & Identity 2023. While this is the first issue, it’s also a continuation of Hi-Tech Security Solutions’ long-standing ...

Read more...
The state of the biometrics market
neaMetrics Technews Publishing Suprema Hikvision South Africa IDEMIA Access Control & Identity Management Integrated Solutions
Now that the pandemic is over (hopefully), will we see the same confidence in biometrics for access and identification or will the world be reverting to touch-based systems, including cards and fobs (or mobiles).

Read more...
Migrating to mobile
Technews Publishing neaMetrics Suprema Editor's Choice
The ability to use mobile phones as access control credentials has been with us for a long time, yet only 32% of companies use them, and many only for specific use cases.

Read more...
The future of touchless biometrics
Technews Publishing Fulcrum Biometrics Access Control & Identity Management Integrated Solutions
Facial biometrics is the main talking point today, helped along by COVID, but is it the best touchless solution available? Rob Griggs from Fulcrum Biometrics Southern Africa recommends other touchless alternatives.

Read more...
The problem with biometrics
Technews Publishing Editor's Choice Access Control & Identity Management Integrated Solutions
We have come to rely heavily on biometrics for many aspects of access and identity management, especially in identity management where selfie authentication is accepted with confidence. Are we doing it right? Roger Grimes has his own take on the matter.

Read more...
AI presents people and companies with benefits and risks
Technews Publishing Editor's Choice
AI has changed and will still change the security landscape dramatically, but defenders and criminals can use its capabilities effectively.

Read more...
More than saying hello
Technews Publishing TOA Electronics XtraVision Access Control & Identity Management
Are we seeing an increase in market demand for video intercoms, and more user control through management functionality on mobile apps?

Read more...
Demystifying OSDP
Technews Publishing Editor's Choice
Open Supervised Device Protocol (OSDP) is more versatile and, importantly, a more secure protocol for access control systems than the old Wiegand installations the industry has adopted for decades.

Read more...
What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Read more...