Cyber Security Starts with Physical Security

This article originally appeared in Loss Prevention Magazine.

When you think of cyber security, what comes to mind? For most it’s software, hackers, and computers in general. According to the FBI, “A cyber incident is a past, ongoing, or threatened intrusion, disruption, or other event that impairs or is likely to impair the confidentiality, integrity, or availability of electronic information, information systems, services, or networks.”

However, a largely neglected part of cyber security is the human component. A significant majority of cyber incidents originate from within the companies themselves, with 80 percent of cyber incidents coming from human interaction. Forty percent of threats, whether they were inadvertent or malicious, come from employees alone. Therefore, it is important to not ignore the physical security practices we know protect brick-and-mortar stores from human theft and instead apply these concepts to cyber security.

Physical Security

It is well known that education and awareness are the first line of defense in physical security—and it’s the same for cyber security. For example, you control and audit keys in a brick-and-mortar store; the same must be done for passwords. You have policy and procedure to prevent people from sharing keys; the same is done for passwords.

This also applies to access, opportunity, and supervision (or the lack thereof). In a brick-and-mortar store, this could be locking the doors, setting the alarm, and storing cash in a safe. For cyber security, it means ensuring ports are blocked, using endpoint software, and locking the server room.

You may read or hear about the “death” of traditional security methods for cyber security. Most of those articles are followed by marketing messages from companies trying to sell their software. In reality, cyber security techniques and traditional security methods are very closely related.

These are the top five cyber security practices and their physical security counterparts:

  • Use a firewall = ensure your alarm is on
  • Document your cyber security policies = document your loss prevention policies
  • Plan for mobile devices = plan how to protect your mobile devices
  • Enforce safe password practices = enforce key controls and access standards
  • Back up all data on a regular schedule = retain and backup surveillance video according to policy

Many retailers are combining physical security functions with cyber security. Almost all big box retail organizations have a loss prevention professional who is directly responsible for asset protection technology and ensures everyone’s security priorities align with the company’s best interest. Today we have more Internet-connected devices, cameras, speakers, emergency-management systems, and video-management systems than ever before. Loss prevention has a ton of connected devices in the store, and it all must kept safe from hackers, just as a company’s computer network should be.

According to a 2018 report from the Dow Jones, cyber security firm Darktrace Ltd. reported that in 2017 a North American casino suffered a cyber attack via a digitally controlled fish tank. Webcams were instrumental in the massive denial of service attack that brought down Internet hosting giant Dyn Inc. in 2016. In January 2018, the US Department of Defense removed surveillance cameras manufactured by a Chinese company because of their concerns about security. The 2013 breach of Target Corp. was executed through an insecure air-conditioning system.

ORC and Cyber Crime

There is also a great deal of crossover in organized retail crime (ORC) and cyber crime. Today a shoplifter turns booster, then moves to fraud, then easily jumps right into cyber crime. The dark web and the Internet in general have a host of tutorials and manuals on how to commit cyber crime. For example, the darknet has groups like The Shadow Brokers (TSB), which allows people with little to no computer skills to purchase malicious software and instructions on how to deploy it. TSB even offers a subscription-like service to its members for access to new releases of the latest and greatest tools to commit the nefarious actions via computer. Put simply: anyone can search the web to learn how to become a hacker, or they can pay a subscription fee and have someone provide them all the tools.

Cyber crime is a global issue, certainly much larger than any individual retailer. If it hasn’t already, your company will have a cyber incident. Training and awareness are the keys to prevention. As loss prevention professionals, we must remain vigilant and take a balanced approach that focuses on prevention and response to a cyber incident. When an event occurs, you may be called to the table to do the criminal investigation. Forging those partnerships early will help when and if this occurs, and as an expert in physical security, you have a great deal of value to add to the investigation.

All the technology in the world won’t solve human behavior elements in cyber security or physical security. You are already a physical-security expert. You have valuable insight to help your information technology teams better protect the company. Using these examples of the similarities between cyber security and physical security, we can better learn how to use our existing skillsets in an increasingly digital security landscape.

Tom’s column is featured in every issue of Loss Prevention Magazine. To subscribe to the printed version of the magazine and enjoy other great content, visit

College Admissions Scammers: Scumbags or Science?

Scandal! Cheating! Pay to play! Bribery!

These words, which were once ominous and held such weight and gravity, are now in our faces seemingly every minute in curated news feeds. Does anyone feel shocked anymore when they see them? I may have been slightly shocked for a minute or two by these words in the story that just broke about the investigation into rigging college admissions and cheating on the SAT and ACT.

The FBI investigation into racketeering, among other crimes, has involved some folks who would typically not have their names found in stories like this. As of this writing, the story broke yesterday, and I’ve already read enough about it to have lost the initial shock. I have entered the numb stage I like to call “Meh.”

After all, can you really be shocked that people cheat and try to finagle a system to get what they want? Some of these people remind me of helicopter parents on steroids, like an Apache or a Blackhawk, ready to swoop in and do battle so little Suzy can get into an Ivy League school without actually putting in the effort.

Ten thousand dollars? A hundred and fifty thousand dollars? Pictures of my kid rowing in a racing boat? No problem! Whoosh, let the helicopter fly to the rescue! From my tone here, I may sound a little jaded. I have worked in loss prevention for a long time and have entered the cynical phase. I’ve come to understand that whenever a system has been put in place to regulate access to something people want, people will always find a way to get around these rules.

From the beginning of time, people (and animals) have stolen and taken shortcuts. Once an object gains intrinsic value, like Eve’s apple did once it was deemed forbidden, people will attempt to procure it by any means necessary. Has this been part of our evolution from primate to human being? Was this a way for primitive humans to save energy? It was probably a lot easier for Grog the caveman to wait until Gronk killed a gazelle, bash him on the head with a rock and steal the tasty gazelle, rather than spend the time and energy to hunt it himself.

We have spent eons perfecting our cheating ways. Just listen to any song by Loretta Lynn, and she’ll fill you in. If you’ve raised kids, you get the picture: it’s like they’re born with these innate abilities, or at least, they learn them quickly. According to Quartz, in a study on why children lie, the qualities we want our kids to have, like higher levels of executive functioning, are actually correlated with being a good liar. I’m not making excuses for this behavior. I’m just saying it doesn’t shock me.

Something I have struggled with over the years is how to not be jaded. It’s hard to spend years catching bad guys, observing behavior, doing interviews, and therefore being lied to, and not be a little cynical. When you work case after case and become invested in the time and effort you’ve put in, it’s easy to let it affect your view of the suspect.

I have to remember that we are all human and that humans have evolved to take the shortest route to what it is they want. Maybe it’s economy of scale, an evolutionary adaptation, or just laziness: whatever you want to call it, all humans engage in some form of lying, cheating or stealing.

During my career, I would catch myself feeling particularly fed up with this side of humanity, so I had to do things to give myself a break and restore some faith. I’d talk to other LP folks or to my husband, I’d volunteer or do a stretch assignment that took me out of that mindset and helped me hit the restart button.

Training and focusing on helping someone else can really help renew our belief in human beings as essentially good people.

We can’t let ourselves as loss prevention professionals become numb to what the person in front of us is going through. If you find yourself at that point, maybe it’s time for you to take a little time out. Watch some cat videos or read about people giving back—or go give back yourself.

I find the idea of scamming to get your kids into college reprehensible: it undermines all the hard work that legitimate candidates put in and takes a spot away from someone who deserves it. If you can’t get into USC or Stanford on your own merit, go someplace you actually can get into. Hopefully those involved are punished appropriately.

That said, even when the actress from Full House gets caught for (allegedly) committing fraud, it can be hard to stay positive about humanity. Just remember it might be due to human evolution, and then try to hit your own restart button. I know I find myself hitting “restart” a lot lately.

Stefanie is a regular contributor to the work of the International Association of Interviewers. To enjoy other great content from her and other contributors, please visit

Internet Hoaxes and What They Teach Us About Using Social Media to Monitor Potential Threats

This article originally appeared in Loss Prevention Magazine.

The “Momo” challenge is a good lesson for all of us. If it’s on the Internet it must be true, right? If it’s on the global news everywhere in the world it must be true, right? If my child’s school sends home a note with a warning about it, it must be true, right?

Not necessarily. According to The Atlantic, a few weeks ago a Twitter user posted a warning saying, “Warning! Please read, this is real,” with a screenshot of a Facebook post that read, “There is a thing called ‘Momo’ that’s instructing kids to kill themselves. INFORM EVERYONE YOU CAN.” The tweet was retweeted more than 22,000 times and it featured a screenshot of a scary face with the name Momo. It spread across the internet from local news to global news very quickly. Some users with hundreds of millions of followers put this out all over the internet.

Concerned parents all over the globe should not be worried about the Momo challenge; like many viral stories, it is a hoax that has been magnified by news stations and scared parents around the world. Why this hoax gained so much traction may be that it directly targets young children: the Momo challenge talks about children doing horrible things to themselves or people coming in to kill them. Last year there was a similar hoax from South America, claiming that Momo was targeting teens via WhatsApp.

There is no evidence to support that the Momo challenge exists. However, there are still some copycat videos, tons of news articles and several search results for the Momo challenge. This serves as a good reminder for all of us in retail loss prevention who use social media to monitor threats and events for our locations to follow a few basic steps to keep us safe.

Just because it’s in the news, even global news, doesn’t mean it’s true.

Thanks to the internet, today we can read international news just as easily as we can watch our local news television broadcast. However, this ease of access means that news sources must compete against many other sources for a smaller share of the audience’s attention, which leads to sensationalized news stories that always draw readers’ attention: local crime, accidents and disasters and missing children. Because stories about threats against children, like the Momo challenge, attract greater attention, more news sources are likely to cover them and share these stories more quickly, even without fact checking.

Because these news sources are competing for our attention, it is essential that we take one news report with a grain of salt — even better, compare it to other types of news sources. Broadcast news in particular, such as local and national TV news, tends to latch onto more sensationalized stories because they attract a lot of attention without using too much air time. More “traditional” news sources, such as newspapers, are usually more reputable, whether they are in print or online.

Look for evidence that supports what you read online.

In the past there have been major incidents, like active shooters, fires or other events, that gathered media attention, and there was almost always supporting video or photo evidence on social media.

I had personal experience with an active shooter incident from a couple of years ago. It was lunch time on the East Coast, and I received a notification from one of our many social media feeds. It read, “I see three people with guns in the building next to me.” Less than 30 seconds later an alert appeared about a 911 call of an active shooter on the West Coast. My team and I quickly started to analyze the information. We already had local TV news, police report data, 911 calls, live scanner feeds and active social media for the area saved. Within a few minutes we determined that it was a real event and that we had several stores within five miles of the threat. We also determined that the shooters had left the area and knew in what direction they were headed.

By consulting multiple sources of information, we were able to verify that the threat was real and take appropriate action in under 10 minutes to keep our field team informed and focused by providing them with real-time updates. We were even ahead of the local news by four minutes.

When your safety is not at stake, take your time.

When the threat is not immediate or risking human lives, we can take our time to verify the information. For the dozens of news sources that covered the Momo challenge, if only one of them had taken a few minutes to fact check the threat on the internet, the hoax would not have become as widespread as it did. A few moments of critical thinking can be just enough to stop a hoax from creating more panic.

The internet has changed all our lives, including our children’s. Keep in mind that everybody is a reporter, everyone has access to the same platforms to deliver information, and everyone has a high-definition camera and the computing power to create what before seemed impossible. The first reports are often wrong. Sometimes how you communicate and respond to an event is more important than the event itself. Arm your teams with good info and the rest will fall into place.

Tom’s column is featured in every issue of Loss Prevention Magazine. To subscribe to the printed version of the magazine and enjoy other great content, visit

Worldwide Adventures of a Certified Forensic Interviewer

When I haven’t spoken to someone for a while or am meeting someone new who learns about my background, they will often ask what’s it like working on the other side. My admission to this: sometimes, this job is awesome.

Are there frustrations? Absolutely! But here are a few of the perks: I get to meet new people, see awesome old (ish) friends, talk about things that are cutting edge and interesting, help people do their jobs better, and travel to some pretty cool places.

Last December, I went on an adventure to China, and from the perspective of a certified forensic interviewer (who loves to observe behavior), the main takeaway is that people are the same no matter where you go.

Another takeaway: when you don’t speak the native language, you will need to read behavior.

First off, China was fascinating. People ask me what the food, traffic, pollution, and so on were like. Where I traveled, the food was great (but I passed on the chicken feet), the traffic was awful, and yes, there was lots of pollution. China is a vast country and I only visited a few parts, so it’s hard for me to generalize an entire country based on my trip. It’d be like someone from China coming to New York and saying the entirety of the United States is just like New York. I barely scratched the surface.

We started our trip in Guangzhou on the southeast coast of China and ended in Shanghai on the eastern coast, with the objective to tour factories and discuss current and potential products. My first impression of Guangzhou was the sheer amount of active construction: it was almost like an angry toddler had thrown buildings down that continued to grow where they were. There was development everywhere!

Most places we went, the people we encountered were hospitable and helpful. The first factory we visited was clean and modern, and we were welcomed by the factory manager. I was surprised at the warmth of our reception; perhaps I was expecting a more closed-off attitude based on what I had read about the government controls and current business climate, but it was quite the opposite. I felt safe wherever we went, the high-speed transportation and roads were excellent, and I didn’t encounter a single rude person. It would be hard to say the same thing traveling in Chicago!

My main issue, if pressed to find one, would be that I did not understand the language. Most of the people we met spoke English very well; however, there were times that they spoke Chinese at length during business meetings and we were left at the mercy of an interpreter after the aside was finished. I’m pretty sure much was lost in translation.

During our visit, there were many, many times that Chinese was the main language being spoken and, it cannot be overstated, I was very glad for my prior training in observing behavior. With each conversation in Chinese, my frustration grew, and I began to listen and observe in a more heightened state because I needed to know something, anything, about what was being discussed. Here are a few key items I picked up on:

  • Filler words told me to observe and listen more closely. I picked up on a single word used over and over and that usage, combined with some more animated body language, indicated to me that the speaker was feeling some stress. Just like in interviewing, the timing of the behavior was important. This was during a phase of our negotiation that was becoming difficult, and when I heard the filler word repeated, along with some agitation, I knew we were bargaining from a position of power.
  • Eye contact, whether maintained or broken and depending on the timing, was also a strong indicator. Since I was not directly involved in the negotiation, only an observer, I found the Chinese speakers would look to me quite often to try and see how I was reacting. They weren’t sure why I was there, and I thought they might have been trying to get me to react to help them. Again, this led me to believe that they were feeling pressure and were looking for someone in the room to help them out. I tried to maintain a friendly but neutral expression during our talks. I also found the neurolinguistics to be similar to what I had seen before in the United States, with internal dialogue (looking downward, studying hands, phone, or papers) being the most common trait I saw on my brief trip. I do need to point out that some of my behavior could have very easily been causing theirs. Since I am naturally fairly direct and was making a lot of eye contact just out of habit, this may have been something they weren’t used to and could have caused them to alter their behavior. Not sure, but it’s a possibility.
  • Because they were speaking to one another in their own language, and assumed quite rightly that we didn’t speak Chinese, their conversation became much livelier than it would have if we spoke the same language. This actually led to the factory owners revealing much more about how they felt than they probably would have otherwise. They became emotional in their sidebar conversations, and I’d bet a million yuan that they wouldn’t have reacted that way if they thought one of us could understand the language!
  • On a similar note, there were a few times that we were told meeting attendees couldn’t speak English, yet at the end of our meeting they spoke quite fluently. This was probably due to a level of embarrassment at their ability to converse, but it’s important to keep in mind when having our own sidebar conversations. I compare it to my abilities with Spanish: I’m definitely not fluent and wouldn’t even say I can speak the language, but I’ve had enough classes that I can pick up a lot from others’ conversations. Just another thing to be aware of when talking about business in a group such as this.
  • I found it was easier to read body language when an interpreter or translator was being used. For me, the reason was that I could focus purely on the reaction to what was said and not worry about what was coming out of my mouth. It was like watching an interview in slow motion and therefore so much easier to read the reactions.

These are just a few days’ worth of observations and definitely not enough to come to any firm conclusions on an entire society’s behavioral cues. However, after my visit I feel strongly that it is possible to read body language everywhere you go: you just have to listen and keenly observe what’s going on around you.

All people have tells and physical reactions to conversation; sometimes it can be even more exaggerated depending on the circumstances and comfort level of that moment. You just need to stay focused on the other person, and you can learn a lot.

Stefanie is a regular contributor to the work of the International Association of Interviewers. To enjoy other great content from her and other contributors, please visit

Why Cashless Stores Aren’t Always Good News

On March 7 Philadelphia became the first major U.S. city to ban cashless stores. In our increasingly digital world, where nearly all businesses accept electronic forms of payment, it seems only logical to transition to a completely cashless system. So why did lawmakers ban businesses from refusing to accept cash?

In 2017, nearly 6 percent of the population of Philadelphia was “unbanked,” which are people who do not have a checking or savings account and only use cash. About 22 percent of the population was “underbanked,” which are those who have bank accounts but still use alternative financial services, such as check cashers. These statistics have remained virtually unchanged since 2015, according to surveys from the Federal Deposit Insurance Corp.

According to, supporters of this legislation, which goes into effect on July 1, argued that cashless stores effectively discriminated against poor consumers. A report from the Federal Reserve found that the unbanked and the underbanked are more likely to have low income, less education or be in a racial or ethnic minority group.

This population is not unique to Philadelphia: according to the Fed, about 5 percent of adults in the U.S. in 2017 were unbanked and 18 percent were underbanked. Though these numbers have decreased in recent years, that is still about 13 million unbanked Americans who would be unable to access cashless businesses.

Businesses, such as Sweetgreen, have gone cashless in recent years in order to improve efficiency and reduce the risk of robbery. The National Retail Federation opposes the ban on cashless stores, saying that merchants should decide which payments to accept (or deny).

The conversion to a completely cashless system would also have a significant impact on cash-in-transit companies, who would lose a large customer base that no longer needs armored couriers to securely transport their cash. This could also affect banks who depend on their commercial customers for business.

Along with the Philadelphia City Council, the New Jersey Legislature has also passed a measure to ban cashless stores. New York City, San Francisco, Chicago and Washington are considering similar bills.

Some countries around the world are completely cashless: In Sweden, only 15 percent of payments involve cash transactions, and in the U.K. credit and debit cards and other forms of contactless payments are the most common forms of payment.

CONTROLTEK Opens New Innovation Experience Center

To kick off 2019 with another commitment to progress and innovation in loss prevention and cash security, CONTROLTEK opened a new headquarters in Bridgewater, New Jersey. We also debuted a brand-new Innovation Experience Center where clients can view and test our latest security solutions and work closely with our experts.

The Innovation Experience Center displays the latest security solutions and how they are used in a retail or banking environment. Source: Studio Eagle

“The Innovation Experience Center is designed as a collaborative space that enables clients to connect directly with our experts to come up with new solutions to the ever-evolving threats of shrink,” said Steve Sell, CONTROLTEK’s vice president of global sales and marketing.

The open layout of the office allows for greater collaboration between employees, customers and partners. Source: Studio Eagle

The new headquarters also gives our team members an open space to create new asset protection and cash security solutions, with each other and with industry partners, in a collaborative environment.

“This new space is an investment into the company’s future,” said Rod Diplock, CONTROLTEK’s chief executive officer, “and into expanding our relationships within the loss prevention industry.”

The Innovation Experience Center is seamlessly integrated into the office environment. Source: Studio Eagle

CONTROLTEK’s new headquarters is located a short drive from New York City at 200 Crossing Blvd., Second Floor, Bridgewater, NJ 08807.

8 Cybersecurity Predictions for Retail in 2019 and Beyond

(This article originally appeared in Loss Prevention Magazine)

The last 24 months have been filled with news of breaches, attacks, and privacy concerns with no end in sight. Here are my 2019 cyber security predictions.

1. Both consumer and commercial IoT (Internet of things) devices will be a prime target for hackers. IoT devices (such as smart refrigerators and thermostats) can already be found everywhere and are becoming even more popular. Hundreds of millions of connected devices have little or no defense against hackers, making them easy targets. In a retail setting, IP cameras are one of the many devices that can be vulnerable to hacks. The surge of smart cars and medical equipment may be targeted as well.

IoT device makers have been slothful in securing their products. Such slow progress isn’t beneficial for the plethora of devices already deployed unsecured and are difficult to patch. Your smart TV from five years ago isn’t smart or safe anymore. Furthermore, weak, overused default passwords in the consumer setting pose a significant risk.

2. Automation and artificial intelligence (AI) will improve threat detection. AI is has become widely adopted in searching for and analyzing potential threats. Use cases will include endpoint, firewall, network traffic and exception reporting. However, there is a point of concern with AI: a great potential for humans to become complacent and fail to monitor threat detection as they would have before AI. On the flip side, hackers will use AI to forge more advanced automatic attacks. The battle of good and evil does not stop with AI.

3. GDPR is here, so expect more regulation related to data protection. In 2019, you should expect substantial monetary punishment for US companies that are not compliant with GDRP. I would also expect to see a much wider adoption of the best demonstrated practices in data protection standards globally. We should see a great deal of governmental regulation for data privacy in 2019.

4. Spear phishing will increase dramatically in 2019. A more targeted approach on corporations and government agencies from both state actors and hackers for profit. Spear phishing occurs when a social engineer creates fraudulent communications with a target, making it a point to appear legitimate and often claiming to be from a trusted or known source. Phishing is one of the more well-known tricks of social engineers, but it’s still one of the most successful.

5. We may see a rise in hacking as a service (HaaS) through the wider adoption of AI for both the good guys and bad alike. The need for more advanced methods of hacking is here in some cases. HaaS will be the solution for some bad actors.

6. Wider adoption of multi-factor authentication will occur. 2019 will likely be the year where multi-factor authentication becomes a standard practice in online transactions, banking transactions, and social networks. Many financial institutions have already instituted this as a default. I predict that you will see it as a requirement for many e-commerce transactions. Your Amazon order may need it in the future.

7. Ransomware attacks seemed to slow down in 2018. However, they still do occur and have an impact. Ransomware is a type of malicious software designed to block access to computer files by encryption. A hacker will demand a sum of money to be paid to get your files back. Ransomware is here to stay, and I expect it to remain a significant risk in 2019.

8. Cyber warfare becomes a real danger in 2019. Both state actors and terrorists should be a concern. Terrorist organizations will solicit hackers to help wage cyber warfare. Attacks on utility, infrastructure, transportation, and commercial entities should be expected. Some of our biggest fears regarding major cyber attack could come true in 2019.

Managing cybersecurity risks while balancing the appropriate prevention will continue to play a major role throughout all sectors. The need to have advanced response plans to a cyber incident come to the forefront in 2019. Our risk in retail is continually evolving. The rapid adoption of technology in retail is making it increasingly difficult for us to mitigate risk. We must remain vigilant and take a balanced approach that focuses on prevention and how we respond to a cyber event.

Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit

Security Theater: Feeling Safe at the Airport Does Not Make You Safe

(This article originally appeared in Loss Prevention Magazine)

Feeling safe and secure is a sentiment we all desire to obtain. We often reflect on investing in security systems and software for our personal settings. As for the nation and the world at large, security theater is an imperative option. However, it cannot be your whole program. Security theater has a lower cost than elaborate security methods. Nonetheless, it may divert parts of a budget for actually effective security measures. In this article, I will focus on security theater in airport settings.

So What is Security Theater?

Security theater offers precise security measures to make people feel more confident about their security. “Security theater is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to actually achieve it,” according to “Security Theater and Learning Theater,” an article for As terrorism continues to occur, fear and devastating traumas arise in airports. The truth is that it can happen anywhere at any time. People should consider security theater, so they can feel safer without exerting a lot of effort. ID cards, for example, are to be checked by the guards even if there isn’t a legitimate explanation to request verification.

A similar route was taken after the 9/11 incident occurred. The National Guard had soldiers stationed at US airports holding guns with no bullets. Instead, the guardsmen carried loaded magazines on their belts, according to the Associated Press. In addition, metal detectors were placed in numerous places of business, shopping centers, and lodging centers after the terrorist attacks in Mumbai. The metal detectors served as a deterrent without any plan of how to respond to an activation in some areas. Security theater offers some level of deterrence, yet no actual additional safety in these examples.

The practice of randomly searching bags through different systems, which is backed by huge funds, is also another example of security theater. In regard to airport security measures, programs such as Secure Flight, CAPPS (Computerized Assisted Passenger Prescreening System), TSA Precheck, and Clear are implemented and use screening profiles from airport passengers in the past. If a search is random, it offers a potential deterrent but nothing more.

Security theater will not keep people safe; it makes people feel safe. Due to the fear created by nonstop global terrorist attacks, this type of security practice has expanded outside the TSA (Transportation Security Agency). The TSA has shown to be 95 percent ineffective. It has failed to detect a threat in sixty-seven out of seventy tests conducted by the Homeland Security Office of Inspector General. A second round of tests showed little improvement.

The inclination for security theater originated from the interplay of both leaders and the public. When people develop a fear about their security status, leaders must do something to make the public feel safe, even though it will not necessarily make them safe.

Thus, many police departments have been using a show of force to imply that they are everywhere. The show of force happens when a heavily armed unit is placed in a specific area of a city, mall, or event, and rotated. While this is security theater, these units are fully equipped and ready to respond. The main difference is a show of force by the New York City Police Department Hercules unit has a real deterrent value because the unit is armed and mobile. The TSA on the other hand is not.

Infuse the Show with the Reality

To be clear, I believe everyone should use security theater to help mold the public perception and make people feel safe while offering a deterrence to deviance. The TSA uses real security measures that have an impact; however, my point is to remind all of us the importance of a balanced approach to security programs. Furthermore, the TSA has a mismanagement issue and leans more toward security theater because of its ease of implementation.

With all the measures related to security theater, its real purpose should be to infuse itself with actual security. People need to feel safer so that orderliness will be maintained, and they feel confident in whatever they do and wherever they go.

Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit

2019 Retail Predictions: From the Rebirth of Brick and Mortar to the Death of Iconic Brands

(This article originally appeared in Loss Prevention Magazine)

The retail industry had a phenomenal year. Retail has an exciting future. The doom-and-gloom reporting of the “death of retail” has subsided.

The retail apocalypse is officially over.

The evolution of retail is not.

In 2017, over 7,000 retail locations closed. Less than half that number occurred in 2018.

In 2018, retailers focused more on customer experience and innovation…and won.

Here are some of my 2019 retail predictions:

1. The rebirth and rebuilding of brands. We will see some retailers resurrect. Brands that closed or filed for bankruptcy several years ago, will resurface with a focus on smaller footprint stores and customer experience. Additionally, we will see the rebuilding of brands with new store layouts and new offerings.

We may also see the demise of some other giants and hope one day they are reborn as well. Look for the new and improved Toys “R” Us and Circuit City in 2019. There may be some big things coming for Lowe’s in 2019 as they tackle the professional construction market.

2. Brick and mortar is back. What some would call the biggest comeback ever is more of looking at it from a different perspective. People are shopping in stores again. Retailers need to adopt the unified commerce approach: if a customer is buying from the business, the channel doesn’t matter.

Smaller footprint stores are abuzz. Grocery and c-stores now move toward more self service with pay and go, self-checkout 2.0, and cashierless stores. Some online brands will open brick-and-mortar stores (The RealReal and UNTUCKit). Destination-based shopping will see more shared or combined spaces. Restaurants, coffee shops, and lounges will be peppered into traditional retail establishments (such as Target concept stores, Starbucks, and Nordstrom’s small footprint). As customers look for different experiences, this will continue to be the key to success for most businesses.

3. The elephant in the room. Amazon continues to grow and gain market share. Retailers will need to build their 2019 strategy around a competitive advantage. Amazon’s Alexa AI will move to more third-party applications supporting retail in 2019. Retailers need to avoid becoming distracted by Amazon and focus on the customer experience.

Location and easy returns are a real problem for Amazon. Also, scalability related to service plagues Amazon. It is discouraged to force innovation. Instead, one should use innovation to help support one’s customers experience.

4. Social media and retail get married. Social selling will be a real thing in 2019. Social commerce will potentially be the most disruptive thing in retail in 2019. Facebook will hit retail big in 2019 with its reach and data. As some leave Amazon, Facebook and Instagram will fill in the void.

5. Some big Amazon acquisitions are coming. We may see the company buy a large retailer with a network of stores. Amazon will also partner or acquire a social network to battle Facebook and Instagram on the social commerce wave.

6. The Internet of things will grow. Technology interaction in the stores will drive customer experience. Think of a more immersive shopping experience, with augmented reality and more interactive smartphone apps. The retailers themselves will also adopt at a higher rate as well as more wearables for instore associates, drones, and wider adoption of virtual reality.

2018 was the death of the retail apocalypse. Be ready for the social commerce’s disruptive wave. Retail will continue to evolve. Technology is not here to eliminate us; it’s here to make our jobs and lives easier. Focus all your programs on the customer experience and customers will shop. 2019 will be a great year for retail. Happy New Year.

Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit

Facial Recognition Might Save Lives but Has Technology Drawbacks

(This article originally appeared in Loss Prevention Magazine Online)

For some, facial recognition is only known in movies and television. To them, it is an imagined technology that allows one to identify someone using a computer to recognize a face. However, today, facial recognition is making a significant impact in multiple industries including healthcare, marketing, security, law enforcement, and even retail.

For most people, their contact with facial recognition technology is from their smartphone’s security features, how Facebook knows whom to tag in photos, or when passing through electronic passport gates. Nevertheless, whether we like it or not, our face is becoming a critical tool when accessing information and possessions.

In different sectors, facial recognition can be used to gather more information about consumer markets such as retail, gaming, and events. One of the applications facial recognition is increasingly used in is targeted marketing. Some businesses utilize facial recognition software to show ads based on the customers’ age and gender, showing the tech’s use in providing more relevant advertising. Some feel that this use is an invasion of privacy.

When it comes to security and safety, most understand and welcome facial recognition. Additionally, many airports around the world are using it to speed up the check-in process while also providing the added security.

The Secretive Use of Facial Recognition Software in Retail and Security Industries

In the US, if one is attending prominent establishments such as Madison Square Garden, it is more than likely that his or her face has been photographed. Depending on the location and when the picture was taken, your face will be analyzed and checked against varying databases. Mainly a database that checks an individual’s criminal background or lack thereof.

One may not realize it, but the same technology is most likely used all over the city, possibly across the country. Why are our pictures taken? Is that right? Is it a violation of our privacy? Many people share similar concerns, but since it was first developed in the 1960s, facial recognition has quickly risen to popularity as an essential security tool.

Initially, it was popular with the police for over a decade. In the last couple of years, however, facial recognition technology has also taken off with retailers as a way to stop shoplifting and organized retail crime (ORC). To the public, it was deemed as an essential security tool as it does help in quickly identifying wanted individuals and possible terrorists at public places.

The technology of facial recognition, when regulated, can indeed save many lives and is useful in multiple ways. Nonetheless, there is the fact that this technology is almost entirely unregulated. It is often used in places where millions of people gather and are subjected to the technology, unaware of what data is collected, who can access it, or how it’s used.

One high-ranking police executive who wished to remain anonymous said, “We use facial recognition daily, and it has helped us solve many crimes. We also have a human verify a potential match 100 percent of the time. It’s just one of the many tools we use. Several states use facial recognition in conjunction with driver license photos to solve crime.”

The Dangers of Facial Recognition Technology

Facial recognition is effective in strengthening security. However, as a technology, it is also susceptible to the same security concerns as other technology. While it is harder to compromise than voice or fingerprint recognition software, it also has its limitations. Facial recognition technology is not 100 percent accurate. Moreover, masks, glasses, long hair, and other obstructions can hinder its use.

Therefore, even though it is useful in easily and quickly recognizing faces, its efficiency depends on the software used and placement of cameras. Besides certain limitations in its function, a more serious issue regarding its use is its invasion of privacy. To be watched, have your face photographed, and maybe even entered into some database is an invasion of privacy.

Many people and organizations consider facial recognition to be a corporate invasion of privacy. Facial recognition apps can protect you from criminal suspects, but it cannot guarantee your protection against violation of privacy. Concerns about privacy are looming large, especially now in the internet age.

The concerns about facial recognition stem from how facial recognition apps, together with surveillance cameras, can very well track every move of an individual. When your data is gathered, combined, and then analyzed, a person’s activities and recent locations can easily be easily tracked and found. Facial recognition apps are not all bad. It is undeniable that they have practical uses, particularly in this age.

However, the misuse of these tools easily taints people’s perception about the technology, causing them to shy away from its use. The usage of face recognition continues widespread, but it is unsurprising how many people remain against it until it is properly regulated. It is my opinion that in the next three years as it becomes widely used at airports, borders, and transportation hubs, it will become acceptable to most. When the fingerprint reader was introduced years ago, the concerns were similar and have virtually gone away with that technology’s wider adoption. I think the same will occur with facial recognition.

Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit