Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Retailers, FBI Launch Crime Database

National repository will let stores, law enforcement agencies share information about retail crimes

U.S. retail companies and the FBI yesterday started the engines on a new database designed to help retailers protect themselves from theft in stores and online.

In response to the recent "alarming" rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, working with the FBI, said they have launched the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share theft and crime report information over the Web.

According to NRF's 2006 Organized Retail Crime survey, 81 percent of retailers said they have been victims of organized retail crime. Nearly half (48%) of those polled also had seen an increase in organized retail crime activity in their stores.

"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees, and raises the price of consumer goods," said Joseph LaRocca, NRF vice president of loss prevention. "With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you."

The founders expect LERPnet "to become the national standard for sharing retail crime information in a secure and confidential manner." The database, which took two years to build, will help retailers and regional law enforcement agencies to overcome the boundaries that sometimes prevent them from stopping thieves sooner, the groups said.

LERPnet's founders offered a hypothetical scenario to explain the problem. "Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.

"Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents, because those crimes did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: The thieves have sold the items to a fence operator or have sold them on an online auction site."

With LERPnet, retailers will be able to communicate with other companies and law enforcement about crimes occurring in their stores. Companies can report the theft and include information about suspects, getaway vehicles, and identification numbers of stolen products. In their report, retailers can also include photos and video footage to assist in the detention and prosecution of criminals.

"Immediately, retailers and law enforcement should be able to connect the dots" to link related incidents, the groups said. Retailers and law enforcement officials will also be able to research or compare crimes in neighboring cities, counties, and states, they said.

"LERPnet should make it easier for the law enforcement community to track organized retail crime groups and their string of criminal conduct," said FBI Supervisory Special Agent Brian Nadeau, program manager for the FBI's Organized Retail Theft program. "This database will create a stronger partnership between retailers and law enforcement to tackle a growing problem and disrupt criminal organizations."

"The primary benefit of participating in [LERPnet] is that we now have the opportunity to more quickly identify trends and/or losses that we wouldn’t normally see," said Bill Titus, vice president of loss prevention at Sears Holdings. "Not only can retailers identify the potential losses much quicker, but it gives us a much stronger case when it comes to prosecuting organized theft rings."

The system, programmed by ABC Virtual of West Des Moines, Iowa, uses a secure Web interface for data entry, viewing, and queries of incidents, the founders said. It uses three levels of authentication, including RSA Security Inc. (Nasdaq: EMC)'s SecureID, to ensure that it can only be accessed by authorized retail or law enforcement staff. Data can be imported from virtually any database, and LERPnet already links to case management software programs used by investigators.

LEPRnet allows retailers to receive email alerts of retail crimes in their area, search through reported incidents, or flag and monitor the sale of merchandise available on online auction sites, officials said.

Retailers can enter all types of information about themselves and their attackers in the database -- including what types of security systems or surveillance they use -- but they can limit access that other users may have to that information, officials said. For example, a retailer can suppress its name and its background information, or it can choose to only allow access by law enforcement or other retailers that have similar merchandise.

"Dozens" of retailers and law enforcement officials have already been trained on the system, and "dozens" more are waiting for training now, the founders said. Law enforcement agencies don't have access to the database yet -- they will get access through the Law Enforcement Online (LEO) system later this year, officials said.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.