Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Retailers, FBI Launch Crime Database

National repository will let stores, law enforcement agencies share information about retail crimes

U.S. retail companies and the FBI yesterday started the engines on a new database designed to help retailers protect themselves from theft in stores and online.

In response to the recent "alarming" rise in organized retail crime, the National Retail Federation and the Retail Industry Leaders Association, working with the FBI, said they have launched the Law Enforcement Retail Partnership Network (LERPnet), a secure national database that will allow retailers to share theft and crime report information over the Web.

According to NRF's 2006 Organized Retail Crime survey, 81 percent of retailers said they have been victims of organized retail crime. Nearly half (48%) of those polled also had seen an increase in organized retail crime activity in their stores.

"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees, and raises the price of consumer goods," said Joseph LaRocca, NRF vice president of loss prevention. "With this system, retailers are banding together with law enforcement to send a clear message to criminals: We will not tolerate your behavior and we will stop you."

The founders expect LERPnet "to become the national standard for sharing retail crime information in a secure and confidential manner." The database, which took two years to build, will help retailers and regional law enforcement agencies to overcome the boundaries that sometimes prevent them from stopping thieves sooner, the groups said.

LERPnet's founders offered a hypothetical scenario to explain the problem. "Retailer A is burglarized of 40 laptops. Later that afternoon, the same criminals enter a neighboring state along the same highway corridor and steal dozens of notebook computers from Retailer B. Retailer C, along the same highway but in a different county, is victimized that evening.

"Under the current system, the incidents are reported separately to local police officers. Law enforcement in different counties and states often does not know about similar nearby incidents, because those crimes did not occur in their jurisdiction. If a pattern is ever recognized, it is often too late: The thieves have sold the items to a fence operator or have sold them on an online auction site."

With LERPnet, retailers will be able to communicate with other companies and law enforcement about crimes occurring in their stores. Companies can report the theft and include information about suspects, getaway vehicles, and identification numbers of stolen products. In their report, retailers can also include photos and video footage to assist in the detention and prosecution of criminals.

"Immediately, retailers and law enforcement should be able to connect the dots" to link related incidents, the groups said. Retailers and law enforcement officials will also be able to research or compare crimes in neighboring cities, counties, and states, they said.

"LERPnet should make it easier for the law enforcement community to track organized retail crime groups and their string of criminal conduct," said FBI Supervisory Special Agent Brian Nadeau, program manager for the FBI's Organized Retail Theft program. "This database will create a stronger partnership between retailers and law enforcement to tackle a growing problem and disrupt criminal organizations."

"The primary benefit of participating in [LERPnet] is that we now have the opportunity to more quickly identify trends and/or losses that we wouldn’t normally see," said Bill Titus, vice president of loss prevention at Sears Holdings. "Not only can retailers identify the potential losses much quicker, but it gives us a much stronger case when it comes to prosecuting organized theft rings."

The system, programmed by ABC Virtual of West Des Moines, Iowa, uses a secure Web interface for data entry, viewing, and queries of incidents, the founders said. It uses three levels of authentication, including RSA Security Inc. (Nasdaq: EMC)'s SecureID, to ensure that it can only be accessed by authorized retail or law enforcement staff. Data can be imported from virtually any database, and LERPnet already links to case management software programs used by investigators.

LEPRnet allows retailers to receive email alerts of retail crimes in their area, search through reported incidents, or flag and monitor the sale of merchandise available on online auction sites, officials said.

Retailers can enter all types of information about themselves and their attackers in the database -- including what types of security systems or surveillance they use -- but they can limit access that other users may have to that information, officials said. For example, a retailer can suppress its name and its background information, or it can choose to only allow access by law enforcement or other retailers that have similar merchandise.

"Dozens" of retailers and law enforcement officials have already been trained on the system, and "dozens" more are waiting for training now, the founders said. Law enforcement agencies don't have access to the database yet -- they will get access through the Law Enforcement Online (LEO) system later this year, officials said.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.