Retailers, FBI Launch Crime DatabaseRetailers, FBI Launch Crime Database
National repository will let stores, law enforcement agencies share information about retail crimes
April 10, 2007
U.S. retail companies and the FBI yesterday started the engines on a new database designed to help retailers protect themselves from theft in stores and online.
In response to the recent "alarming" rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, working with the FBI, said they have launched the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share theft and crime report information over the Web.
According to NRF's 2006 Organized Retail Crime survey, 81 percent of retailers said they have been victims of organized retail crime. Nearly half (48%) of those polled also had seen an increase in organized retail crime activity in their stores.
"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees, and raises the price of consumer goods," said Joseph LaRocca, NRF vice president of loss prevention. "With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you."
The founders expect LERPnet "to become the national standard for sharing retail crime information in a secure and confidential manner." The database, which took two years to build, will help retailers and regional law enforcement agencies to overcome the boundaries that sometimes prevent them from stopping thieves sooner, the groups said.
LERPnet's founders offered a hypothetical scenario to explain the problem. "Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.
"Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents, because those crimes did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: The thieves have sold the items to a fence operator or have sold them on an online auction site."
With LERPnet, retailers will be able to communicate with other companies and law enforcement about crimes occurring in their stores. Companies can report the theft and include information about suspects, getaway vehicles, and identification numbers of stolen products. In their report, retailers can also include photos and video footage to assist in the detention and prosecution of criminals.
"Immediately, retailers and law enforcement should be able to connect the dots" to link related incidents, the groups said. Retailers and law enforcement officials will also be able to research or compare crimes in neighboring cities, counties, and states, they said.
"LERPnet should make it easier for the law enforcement community to track organized retail crime groups and their string of criminal conduct," said FBI Supervisory Special Agent Brian Nadeau, program manager for the FBI's Organized Retail Theft program. "This database will create a stronger partnership between retailers and law enforcement to tackle a growing problem and disrupt criminal organizations."
"The primary benefit of participating in [LERPnet] is that we now have the opportunity to more quickly identify trends and/or losses that we wouldn’t normally see," said Bill Titus, vice president of loss prevention at Sears Holdings. "Not only can retailers identify the potential losses much quicker, but it gives us a much stronger case when it comes to prosecuting organized theft rings."
The system, programmed by ABC Virtual of West Des Moines, Iowa, uses a secure Web interface for data entry, viewing, and queries of incidents, the founders said. It uses three levels of authentication, including RSA Security Inc. (Nasdaq: EMC)'s SecureID, to ensure that it can only be accessed by authorized retail or law enforcement staff. Data can be imported from virtually any database, and LERPnet already links to case management software programs used by investigators.
LEPRnet allows retailers to receive email alerts of retail crimes in their area, search through reported incidents, or flag and monitor the sale of merchandise available on online auction sites, officials said.
Retailers can enter all types of information about themselves and their attackers in the database -- including what types of security systems or surveillance they use -- but they can limit access that other users may have to that information, officials said. For example, a retailer can suppress its name and its background information, or it can choose to only allow access by law enforcement or other retailers that have similar merchandise.
"Dozens" of retailers and law enforcement officials have already been trained on the system, and "dozens" more are waiting for training now, the founders said. Law enforcement agencies don't have access to the database yet -- they will get access through the Law Enforcement Online (LEO) system later this year, officials said.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks