Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Retailers, FBI Launch Crime Database

National repository will let stores, law enforcement agencies share information about retail crimes

U.S. retail companies and the FBI yesterday started the engines on a new database designed to help retailers protect themselves from theft in stores and online.

In response to the recent "alarming" rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, working with the FBI, said they have launched the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share theft and crime report information over the Web.

According to NRF's 2006 Organized Retail Crime survey, 81 percent of retailers said they have been victims of organized retail crime. Nearly half (48%) of those polled also had seen an increase in organized retail crime activity in their stores.

"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees, and raises the price of consumer goods," said Joseph LaRocca, NRF vice president of loss prevention. "With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you."

The founders expect LERPnet "to become the national standard for sharing retail crime information in a secure and confidential manner." The database, which took two years to build, will help retailers and regional law enforcement agencies to overcome the boundaries that sometimes prevent them from stopping thieves sooner, the groups said.

LERPnet's founders offered a hypothetical scenario to explain the problem. "Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.

"Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents, because those crimes did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: The thieves have sold the items to a fence operator or have sold them on an online auction site."

With LERPnet, retailers will be able to communicate with other companies and law enforcement about crimes occurring in their stores. Companies can report the theft and include information about suspects, getaway vehicles, and identification numbers of stolen products. In their report, retailers can also include photos and video footage to assist in the detention and prosecution of criminals.

"Immediately, retailers and law enforcement should be able to connect the dots" to link related incidents, the groups said. Retailers and law enforcement officials will also be able to research or compare crimes in neighboring cities, counties, and states, they said.

"LERPnet should make it easier for the law enforcement community to track organized retail crime groups and their string of criminal conduct," said FBI Supervisory Special Agent Brian Nadeau, program manager for the FBI's Organized Retail Theft program. "This database will create a stronger partnership between retailers and law enforcement to tackle a growing problem and disrupt criminal organizations."

"The primary benefit of participating in [LERPnet] is that we now have the opportunity to more quickly identify trends and/or losses that we wouldn’t normally see," said Bill Titus, vice president of loss prevention at Sears Holdings. "Not only can retailers identify the potential losses much quicker, but it gives us a much stronger case when it comes to prosecuting organized theft rings."

The system, programmed by ABC Virtual of West Des Moines, Iowa, uses a secure Web interface for data entry, viewing, and queries of incidents, the founders said. It uses three levels of authentication, including RSA Security Inc. (Nasdaq: EMC)'s SecureID, to ensure that it can only be accessed by authorized retail or law enforcement staff. Data can be imported from virtually any database, and LERPnet already links to case management software programs used by investigators.

LEPRnet allows retailers to receive email alerts of retail crimes in their area, search through reported incidents, or flag and monitor the sale of merchandise available on online auction sites, officials said.

Retailers can enter all types of information about themselves and their attackers in the database -- including what types of security systems or surveillance they use -- but they can limit access that other users may have to that information, officials said. For example, a retailer can suppress its name and its background information, or it can choose to only allow access by law enforcement or other retailers that have similar merchandise.

"Dozens" of retailers and law enforcement officials have already been trained on the system, and "dozens" more are waiting for training now, the founders said. Law enforcement agencies don't have access to the database yet -- they will get access through the Law Enforcement Online (LEO) system later this year, officials said.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.