Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Retailers, FBI Launch Crime Database

National repository will let stores, law enforcement agencies share information about retail crimes

U.S. retail companies and the FBI yesterday started the engines on a new database designed to help retailers protect themselves from theft in stores and online.

In response to the recent "alarming" rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, working with the FBI, said they have launched the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share theft and crime report information over the Web.

According to NRF's 2006 Organized Retail Crime survey, 81 percent of retailers said they have been victims of organized retail crime. Nearly half (48%) of those polled also had seen an increase in organized retail crime activity in their stores.

"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees, and raises the price of consumer goods," said Joseph LaRocca, NRF vice president of loss prevention. "With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you."

The founders expect LERPnet "to become the national standard for sharing retail crime information in a secure and confidential manner." The database, which took two years to build, will help retailers and regional law enforcement agencies to overcome the boundaries that sometimes prevent them from stopping thieves sooner, the groups said.

LERPnet's founders offered a hypothetical scenario to explain the problem. "Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.

"Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents, because those crimes did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: The thieves have sold the items to a fence operator or have sold them on an online auction site."

With LERPnet, retailers will be able to communicate with other companies and law enforcement about crimes occurring in their stores. Companies can report the theft and include information about suspects, getaway vehicles, and identification numbers of stolen products. In their report, retailers can also include photos and video footage to assist in the detention and prosecution of criminals.

"Immediately, retailers and law enforcement should be able to connect the dots" to link related incidents, the groups said. Retailers and law enforcement officials will also be able to research or compare crimes in neighboring cities, counties, and states, they said.

"LERPnet should make it easier for the law enforcement community to track organized retail crime groups and their string of criminal conduct," said FBI Supervisory Special Agent Brian Nadeau, program manager for the FBI's Organized Retail Theft program. "This database will create a stronger partnership between retailers and law enforcement to tackle a growing problem and disrupt criminal organizations."

"The primary benefit of participating in [LERPnet] is that we now have the opportunity to more quickly identify trends and/or losses that we wouldn’t normally see," said Bill Titus, vice president of loss prevention at Sears Holdings. "Not only can retailers identify the potential losses much quicker, but it gives us a much stronger case when it comes to prosecuting organized theft rings."

The system, programmed by ABC Virtual of West Des Moines, Iowa, uses a secure Web interface for data entry, viewing, and queries of incidents, the founders said. It uses three levels of authentication, including RSA Security Inc. (Nasdaq: EMC)'s SecureID, to ensure that it can only be accessed by authorized retail or law enforcement staff. Data can be imported from virtually any database, and LERPnet already links to case management software programs used by investigators.

LEPRnet allows retailers to receive email alerts of retail crimes in their area, search through reported incidents, or flag and monitor the sale of merchandise available on online auction sites, officials said.

Retailers can enter all types of information about themselves and their attackers in the database -- including what types of security systems or surveillance they use -- but they can limit access that other users may have to that information, officials said. For example, a retailer can suppress its name and its background information, or it can choose to only allow access by law enforcement or other retailers that have similar merchandise.

"Dozens" of retailers and law enforcement officials have already been trained on the system, and "dozens" more are waiting for training now, the founders said. Law enforcement agencies don't have access to the database yet -- they will get access through the Law Enforcement Online (LEO) system later this year, officials said.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.
PUBLISHED: 2021-05-14
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".
PUBLISHED: 2021-05-14
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".
PUBLISHED: 2021-05-14
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
PUBLISHED: 2021-05-14
Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.