Fraud and Theft in Wireless Retail: Key Risks and Their Solutions
Part 2: External Fraud and Theft
In Part 1 of this two-part whitepaper, we addressed the five key methods of employee fraud and theft in the wireless retail sector. We found that these practices are commonplace and pose a huge risk to telecom retail operators — but also that there are many solutions and preventive measures that can be adopted.
In addition to the risks from those within your team, every wireless store operator must consider external sources of fraud and theft. Just like internal methods, there are a host of different ways that customers, fake customers, opportunists, and highly sophisticated crime rings could steal from you. Furthermore, today’s COVID protocols of mandatory mask-wearing have thrown the security sector into turmoil.
However, systems for the prevention and detection of external fraud and theft are also getting increasingly sophisticated. It’s no longer just a question of installing a camera in the corner of the store and hoping it will either deter or identify thieves.
Over the following pages, we’ll take a look at the four major areas of external fraud and theft and some of the ways they are being tackled.
Opportunistic “grab and go” theft
• Store associate distracted
• Reduce real devices in-store
With telecom retail stores carrying such high-value, sought-after products, there will always be some opportunists that come into the store and take what they can, as quickly as possible.
Jared Ellis, Sales Engineering Lead at iQmetrix and former Senior IT Leader at Spring Mobile, outlined a common scenario. He said, “You get customers that come in, act like they’re going to make a transaction and get the store associate to go out back for a specific item, then grab an item from the store and make a run for it. Some retailers have live demo devices that are actual phones, so the thief would cut the lock cables and run out of the door.”
What’s more, COVID guidelines requiring the wearing of masks have made it much easier for these kinds of thieves to operate. Katrina Hull-Young, Loss Prevention Manager at Cellular Sales and formerly of Go Wireless, said, “It makes it really difficult. If you take COVID out of the picture, it’s much easier to notice somebody who is out of place, who comes into a store with a mask on, their hood up — a well-trained associate should notice that right way. But COVID has thrown a wrench into any retail operation’s security plans with regards to shoplifting, grab and go, smash and grab. All the signs we’ve been trained to look for have gone out of the window because everybody is coming in with masks now.”
A primary solution for this is to dramatically reduce, even eliminate, the number of real devices on the store floor.
Ellis said, “Most companies use dummy devices in their stores, so even if they look like a real phone and can do some demos, they may not have the ability to attach to wireless services, it’s just connected to WiFi for demo purposes. But I don’t believe Apple creates these dummy iPhones, so if it’s an iPhone, it’s likely a real device. However, there are other things you can do, such as have a GPS tracking device in the phone, robust cables that you can’t cut through, or alarms that go off when the device is pulled away from its dock.”
You need to set up systems to make your store less appealing for opportunistic thieves, to make it not a target for those who would capitalize on those opportunities.
—Katrina Hull-Young, Loss Prevention Manager, Cellular Sales
Robbery and burglary
• High-value, desirable products
• Security cameras — real or dummy
The next level is robbery of a store — often involving armed perpetrators-or burglary, usually in the form of a break — in. The latter tends to be after store hours, whereas a robbery involves holding up a store while one or more associate is present, either during opening hours or while an employee is still at the store after closing.
Robbery and burglary are major problems in the wireless retail sector, said Hull-Young, because of the sheer value of the goods in any given location.
She said, “Every time there is a new device launch, we become the target of more and more burglaries and break-ins. It’s always going to be a problem and I don’t see this going away any time soon. I think this will increase as each new device is launched, with new features that are wanted by the thieves and those they sell to.”
The risk of robbery and burglary varies by geographical location, and level of urbanization. Jared Ellis has firsthand experience of this. He said, “In my last role, we found there were certain areas — in California, some parts of Texas, Florida, New York City, and so on — where armed robbery was a big deal. We had one store where within six months they had two armed robberies at gunpoint, and another two with knives, all in the first six months of operation. This is the worst-case scenario. It can be extremely traumatic for staff and customers, and it’s not worth employees risking their lives.”
Security cameras are a good preventative measure for high-robbery-risk areas, and some retailers have silent panic buttons under the counter, that will alert a security company with an automatic alert to the police. Ellis said, “If it’s a really high-target area, you could be paying a security company a lot of money each month to be monitoring your premises at all times and if anything is up, they’ll call the cops.”
For those who want to prevent robberies and break-ins but don’t have the budget for a full security system, dummy cameras that aren’t hooked up can help deter thieves.
A neat trick is to have one of the phones in the store’s safe be a real or dummy device with a GPS tracker installed, hidden inside the box, usually underneath the packaging. Ellis explained, “The minute it’s lifted out of the safe, it’s sitting on a special device, so when that breaks contact, the GPS is activated and it alerts the security company and the cops. The thief with the haul of phones can be tracked down just a few blocks away, or much further. Everybody at the store who has access to the safe knows they’re not allowed to touch that one, but when you’re being held up at gunpoint and told to empty the safe, you give them everything, including the tracked phone.”
In some situations, the security measures being installed can sound like something out of a heist movie like Ocean’s Eleven. These tend to be the stores at an even higher risk, such as experience stores of major brands that sell a variety of very high-value electronic products.
Ellis said, “We had one major brand where we had steel enclosures built to protect their inventory. Not just the safe, but the room that their safe was in, had steel doors, steel walls, steel ceilings. Because people would try to access the store by breaking into next door and trying to chip their way through the walls, or from the ceiling.”
For a wireless store operator, it can be a real challenge to figure out how much to spend on security measures, and what the return on that investment will be.
With your security budget, it’s all about risk vs reward. How much am I losing, how much do I think I could lose, how much should I spend?
—Jared Ellis, Sales Engineering Lead, iQmetrix
A telecom retail operator should consider allotting risk points to their stores depending on the area that they are located in and the risk of robbery, and weight the security budget and measures accordingly. Ellis said, “If they’re in a low-risk area, you’re throwing money away by investing in expensive security measures, whereas for high-risk stores, it’s worth spending money on these precautions.
” Unfortunately, there’s no single lock-and-leave approach to store security. Will Crawford, Risk and Incident Manager at Cellular Sales, said security and prevention measures have to continually change to keep up with the crimes being carried out.
“At Cellular Sales, we have a variety of different systems and protocols in place that are constantly evolving,” Crawford told iQmetrix. “We look for trends and adapt them appropriately to each location and geographic market where these incidents are occurring. It’s constantly in flux, just like crime is. And you need to leave geographic assessment in the hands of market leadership who are in and out of stores in those areas on a daily basis, to determine which stores are at a higher risk.”
• Criminals posing as corporate staff
• Employee badges with unique IDs
Wireless stores across North America have been a major target of organized crime syndicates, due to the high value of the goods and their desirability, especially overseas. But how do these mysterious crime rings operate?
Ellis said, “One of the things sophisticated crime rings will do is target wireless stores and have a member come into the store, posing as IT staff from corporate. They will claim to need to check something on the computer, and they’ll say they are doing a security check, which makes the store associate or manager trust them. They get access to the computer, they’re already signed in under the associate’s log-in, so now they can access account information. They’ll do things like place an order on a real customer’s account, such as for a high-end phone, and arrange for it to be shipped somewhere else. That real customer doesn’t know about it until they start seeing higher payments on their monthly bill, and only if they’re looking at it closely enough, by which time the phone is long gone. Taking that further, the crime ring can set up a business account, for which it’s not unusual to buy several expensive phones at once.
“Another thing they’ll do is, when they’re in your system, they’ll install a login software that enables them to log into the system again remotely, out of office hours, when they can spend unlimited amounts of time doing whatever they want. They don’t even need to do that in person, they can just send you a link and if you click that link, they can install the malware.”
Crime rings can also avoid having to do any of this hard work by simply recruiting a store employee to steal physical inventory on their behalf, for a cut of the profit or a set fee. This is where organized crime overlaps with the employee inventory theft discussed in Part 1 of this two part whitepaper.
Hull-Young of Cellular Sales said, “Generally this will start with the employee being approached by an outside source with the intent of getting their hands on devices. There will be a lot of communication between the organized crime member, or a mule as they’re often referred to, and the employee involved. If the fraudster is coming into the store for a nefarious reason, the employee will help them make it quick, and often they’re only in the store a few minutes. In other instances, the employee may steal a product and deliver it to them in a separate location.”
It can be extremely profitable, and low risk, for crime rings to steal and resell smartphones. Nathaniel Morris, Head of Technology, Enterprise Accounts at iQmetrix and former Senior Director of IT at Cellular Sales, explained, “It can be easier for mobs to trade in iPhones than in guns or drugs. There are lower penalties if they’re caught, and if you’re running an iPhone over the border or into South America, you can sell it on for double its US dollar value, or more. iPhones are a huge status symbol in other countries, and not as easily available. We would follow some criminals and transactions start in one state and move further and further south.”
When it comes to keeping your store POS logins safe, Ellis said, “It’s a good idea to have an employee badge with a code that every real IT person has to show, for the store associate or manager to look up and verify they are who they say they are. In my previous role, we took this a step further and had posted phone numbers of all the IT people, which associates had to call if someone came in claiming to be from IT. We also didn’t allow for IT people to ask associates to stay logged in and use their account – the associate had to log out and the IT person had to log in with their own account. Plus you need a retail management system that logs everybody out automatically every night, say at midnight, so at least someone can’t be doing this all night.”
Training your managers and associates to be on the lookout for red flags is also essential, whether it’s a suspicious customer or a suspicious transaction, such as cash payments and multiple phone purchases. Hull-Young explained, “Organized crime often hits you when you don’t expect it. So you have to rely on the training you’re given, the signs to look out for and the tools you have. We won’t reveal what tools we use, but they’re available to our employees and we’ve had a lot of success in catching and preventing this kind of crime when the tools are used appropriately.”
Credit card and financing fraud
• Stolen credit cards
• No manual credit card number entry
Credit card fraud is a lot more than a customer simply coming in with a stolen credit card and making a purchase. Jared Ellis has a great example. He said, “A customer will come in and buy something on their credit card, but then claim to their credit card company ‘I didn’t buy that, that’s a fraudulent transaction on my credit card.’ That happened a lot more when people had to enter credit card numbers manually.”
Another risk factor is the financing programs that are available to customers, where they can purchase a product without spending the money upfront. Kris Rogers, Client Experience Manager at iQmetrix, said, “Most carriers offer some kind of financing program, and a lot of credit muling is also being applied to those programs.”
This is a practice carried out by identity thieves, who will come into the store with a fully formed false identity, stolen from another unwitting person. Katrina Hull-Young explained, “They have everything. They’ll come into the store with your name, your address, your date of birth, your social security number, mailing address, identification that matches all that information, they’ll have a credit card with your name imprinted on it, which checks out when it’s swiped, and they’ll have other personal information that can get around other application checks. It is really hard to understand how they are obtaining all of this. And a sophisticated identity thief will have five or six of these fully formed identities and will go around and hit up five or six stores in one area in a single day.”
Identity thieves are like a disease. They start, and they just don’t stop. They go from store to store to store until they get success.
—Will Crawford, Risk and Incident Manager, Cellular Sale
When it comes to customers claiming they never made a purchase, it’s all about the card reader, said Ellis. “You’re only protected as a retailer if the card was read by a card reader in your store. Make sure that nobody is manually entering credit card numbers. If it was read by a card reader, as the retailer you have proof that the card was there. Then the credit card company will protect the retailer from this claim. If you manually entered the card, there’s no proof that the customer was there with the card and you’re on the hook as the retailer.”
Also, make sure your store associates are validating every credit card transaction with a driver’s license, and checking it closely. Ellis added, “Be especially suspicious of people coming in with multiple cards and getting you to try each one. This can be a valid request, but it never hurts to validate with photo ID. Train your reps to do this, and not to feel awkward asking for the ID.”
With financing programs, make sure your RMS integration has a robust application process and protocols in place. “With each financing program they’re a little different, but as long as you follow protocols, that will eliminate most of the problem,” Rogers advised. “At iQmetrix, we’ve found that our systems eliminate 75% of financing program fraud.”
It’s also essential to teach store associates to look out for identity thieves and ensure they are trained in spotting red-flag signs. Will Crawford said, “We have tools and techniques to rely on, and communication pathways between store associates and our team, to prevent identity thieves going from store to store.”
Conclusion: The fraud-prevention philosophy
Considering the extent of the crimes being perpetrated both internally and externally, and the value of the products at stake, crime-related losses to telecom retailers can be huge. An individual incident could number into six-figure dollar amounts, and the annual total losses can be hard to fathom. However, using the solutions, tools, and techniques outlined in both parts of this whitepaper, many of these losses can be prevented.
None of these solutions is a perfect answer. But if you’re talking about 10% of employees defrauding you, and valuable products being stolen from you, with those kinds of losses, any solution is a big help.
—Jared Ellis, Sales Engineering Lead, iQmetrix
What’s also important to remember is that while you’ll never eliminate fraud and theft, you can make it extremely hard to perpetrate, and taking that approach is your best chance of success.
Ellis concluded, “There’s a generally perceived wisdom that there’s a large percentage of the population who will never steal or commit fraud. There’s another percentage, hopefully a small one, who will always find ways to steal or commit fraud. No matter what you do, they’ll find a way. Finally, there’s this middle group of people who don’t want to commit fraud, but maybe they’re in some desperate need or an opportunity is staring them in the face. If it’s that easy and there are zero controls, they’re going to be tempted, and they’ll probably do it. It’s that group of people you want to target, to prevent from making that mistake. You do this by eliminating the easy opportunities, taking away the low-hanging fruit, by having good controls and security measures in place.”