Combat Theft & Fraud

In retail, restaurants, and grocery stores

Fraudsters and thieves are constantly finding new ways to steal. But there are some tried and true approaches your company can take to identify and eliminate these profit reducing activities.

Minimize “Sweethearting”
Sweethearting is the term used when an employee gives away merchandise without charging another party. Usually involving merchandise that they’re not authorized to give away. Although many retailers offer friends and family discounts for the employee, many times, employees feel that they are entitled to more. Sometimes, this behavior is not indicative of intentional employee fraud but of employees trying to establish and grow customer relationships. Employees taking notice of your best customers may incentivize them to give discounts to frequent shoppers. Although fraudulent, their intentions were not harmful but still affects your bottom line.

As with any form of theft or fraud, you must know it’s happening before you can fix it or set practices to avoid it. Most often, sweethearting is stopped by physical supervision of the cashier, the installation of software that detects the practice, and education. Surveillance cameras and security guards can check customer receipts against the goods purchased when the customer leaves the store is one method.
Education is an important first step. Make sure all employees understand your policies and their boundaries. Beyond education, loss prevention analytics enables store management to track which cashiers may be behaving fraudulently. Elongated scan gaps between scanned items is a potential indicator that the cashier may be giving an item away without scanning it.

Fight Digital Fraud
Patterns exist in online crime. Whether it's a series of Account Takeover (ATO) attacks over a week or an unusually high number of chargebacks to the same credit card, loss prevention analytics can provide retailers with the evidence and protection they need to stop the growing number of offenders. Sudden jumps in website traffic can be indicative of a larger problem. It could mean that there is increased activity looking for vulnerabilities in your online ordering or payment systems. You’ll want to find out why this is happening and look for patterns in site visitors.

Data analyses can reveal suspicious purchases and returns of high-value items, pointing to underlying patterns. Loss prevention analytics is a critical way to identify payment card fraud, issuing alerts for various suspicious transactions. For instance, comparing the name on the card to the person's name at the shipment destination could reveal that these orders might not always be a gift item sent to a favorite relative.

Inconsistencies appear when a routine customer suddenly makes high-value purchases that far exceed their average transaction. This purchase can indicate a stolen card. Alerts on anomalies like this can stop the transaction early and help retain customer trust. It may also indicate an employee fraud issue if their personal address matches the shipment address.

Combat Return Fraud and Abuse
The key to combating return fraud is to set reasonable, realistic policies, to tighten the loopholes and to separate those looking to take advantage from your loyal customers. In reviewing common return fraud and abuse schemes, most retailers will discover that their current return policies do very little to prevent them. While policies can be fine-tuned to deter fraudsters by requiring the customer’s ID, requiring a receipt, shortening the timeframe within which a return can be made, requiring the item’s original packaging to be intact, or only allowing store credit for returns can help. While these policy changes may deter fraudsters, they may also deter rule-abiding true customers from shopping as well. Loss Prevention teams should collaborate with Operations teams to develop policies that are customer friendly while still minimizing loopholes being exploited by fraudsters. Finding the balance is never easy but building a culture of collaboration will help to drive enterprise-wide awareness.
In addition to optimizing return policies, retailers who wish to fight fraud must also focus on the consumer’s return patterns to pinpoint the worst offenders and prevent future fraudulent return transactions from going through.

5 Indicators of Return Fraud in Customer History
• Purchases vs. Returns History
• Frequent Returns within a short amount of Time After Purchase
• Types of Products Purchased in the Same Transaction as the Return
• Correlation of Employee to Customer or to Original Transaction
• Purchasing at one Location and Returning at Another

Unfortunately, it’s impossible to prevent all instances of return fraud and abuse, but retailers can stay competitive by improving technologies and return policies, while always remaining vigilant.

Reduce Internal Theft
Most employee theft occurs at the POS terminal or register and can be identified by analyzing deviations from Key Performance Indicators (KPIs) and statistical norms. By using loss prevention analytics to easily identify these exceptions, companies can avoid sifting through hours of video surveillance and transactional history. Loss Prevention professionals can then investigate and use CCTV to confirm whether or not employee theft is occurring and determine the best way to handle dishonest associates. Based on industry best practices, below are the most common indicators that employee theft may be occurring at your stores:

Issued & Redeemed Gift Cards

Monitor gift cards used in employee purchases, the number of gift cards issued at each location, and an overall gift card payment purchase summary.

Refunds, Exchanges, Discounts, and Price Adjustments

Set established KPIs for acceptable “normal” ranges per location for metrics like refund count, no match, credit cards with employee and non-employee activity, etc.

Price Overrides

Tracking unauthorized price overrides, users can uncover multiple different types of internal theft.


Track transactions by employees to identify which employees have frequent coupon transactions in which no items are sold.

Line Voids and Cancels

One of the easiest ways to identify employee theft is by tracking line voids which occur when an individual item is deleted from the transaction.  Similarly, cancels occur when whole transactions are voided before completion. 

Post Voids

A post void occurs when an entire transaction is removed from the record after completion.  This is usually used to correct a mistake like an incorrectly entered price and re-entered within the next transaction or two.  Monitor when transactions are immediately re-entered after a post-void and when they are not, possibly indicated employee theft.

Low Dollar Transactions

Monitor transactions per employee to identify anyone with unusually high rates of low dollar transactions that may indicate employee theft.

Prevent Loyalty and Reward Program Fraud
Fraud can also be an “inside job,” commonly referred to as internal or employee theft. It is not uncommon for employees to rack up points on their personal loyalty cards by entering their card numbers for purchases made by non-loyalty program customers. With the growth of third-party shoppers, additional loyalty program vulnerabilities are on the rise.
It is not just fraudsters that take advantage of loyalty program loopholes. Some otherwise legitimate customers also exploit loyalty program policy and procedural gaps to take rack up extra loyalty points. One customer legally earned 1.2 million airline miles, about 40 round trips to Europe, by buying 12,000 pudding cups. Frequent travelers also share their tips on how they continue to legally “hack” travel reward programs, earning millions of miles each year.

To combat loyalty program fraud, companies must implement stringent policies that close loopholes for fraud while still offering incentives to customers. More importantly, they must have secure systems at every step of the customer journey, to protect customer information. Using loss prevention analytics to examine existing transactional data can also reveal gaps and potential fraud in current operations.
The first step in preventing fraud is raising awareness within your organization and with customers. Companies should track vulnerabilities and loopholes in their systems that lead to potential fraud before it happens. Loss prevention analytics software can help identify and quantify suspicious transactions that can point to unwarranted and unrecognized attacks.
Raising awareness with customers is also critical. Few customers are vigilant about checking point balances and only do so when a problem arises. Changing passwords, not using public wi-fi, and other safety reminders can raise awareness with customers.

Stop Self-Checkout Theft
There is an increased risk of theft associated with self-checkout compared to staffed lanes. Here are several ways to prevent it.

Attentive Attendants

The first line of defense protecting your organization from self-checkout theft and fraud is an attentive, engaging and properly trained employee on duty. This alone can stop up to 90 percent of customer theft whether deliberate or accidental. In addition to being attentive and looking for potential theft, this employee should be engaging and willing to help frustrated customers struggling with the checkout process.  Whether the employee is a store associate, a security guard, or an Asset Protection/Loss Prevention representative (or some combination of all the above), when customers come across someone who’s curious and outgoing, they’re less likely to steal.

Security Scale and CCTV Cameras

A security scale in the bagging area of the self-checkout kiosk is another great deterrent against theft both intentional and accidental by alerting both the customer and the attendant when an item is added to the bagging area without being scanned. Used in conjunction with a good data analytics application that’s integrated to CCTV, scales can be an excellent deterrent and training tool for attendants. Identifying patterns in data that point to potential issues with specific customers or attendants (along with video as evidence) can go a long way towards creating a self-checkout environment that minimizes shrink exposure.


End Skimming
One of the best ways to identify potential fraudsters is by reporting cash penetration by employee. This report should show what percentage of sales are paid for with cash by the employee and/or location. This will help to identify problem stores and associates who may be skimming cash from the register.

For example, if your typical cashier averages 30% cash transactions, you may say that an acceptable range is 20 – 40%. Any employees that fall outside of that threshold for a given timeframe may warrant further investigation. This can mean digging deeper into that associate’s use of discounts, voids, error corrects, refunds, “no sale” transactions, or even CCTV video review.
A similar report can be run to identify cash penetration by location. Even one dishonest associate can drastically impact the average cash penetration for the location.

Put the Brakes on the Wagon Wheel Scheme
Many restaurant owners will monitor high void activity. This is indicative of theft or possible retraining requirements. However, when using the wagon wheel scheme, the server only voids the one, single item at the end of the night, raising little suspicion. In many cases, the server is the one preparing the item (usually a drink) as well - as opposed to the kitchen staff - making it easier to manipulate. If an item must be sent to the kitchen, a server is less likely to manipulate it as they are now no longer the sole party involved in the scam. Many operators have little time to manually sift through every transaction to identify these transferred, low-value items, and while some POS (point of sale) systems may come equipped with a baseline monitoring system, they are typically not sophisticated enough to identify these patterns.

Running loss prevention analytics reports targeting employees, by daypart, with high transfer activity on low-value, server-controlled items is a good way to identify this scheme. Looking specifically at employees with low-value item voids at the end of their shift and tracking check duration are other good metrics to review. Managers should be able to identify long; open checks being used as holding places for the transferred item.

Prevent BOPIS and Click-and-Collect Fraud
Click-to-pay is here to stay. However, retailers must be vigilant to identify fraudulent purchases before the items are picked up. Retailers should set expectations for the click-and-collect customer at the time of purchase. Clearly state the steps they must take to get their product, from checking their email, parking in the correct stall, or having their QR or barcode ready at pickup time. Visa recommends these BOPIS best practices:

  • Manually reviewing high-ticket purchases.

  • Creating alerts that indicate frequent purchases by the same billing address, email, or payment method within a short time, at the same or multiple locations.

  • Tracking devices (IP addresses) and emails used by customers, especially if there were previous declined purchases.

  • Monitoring customer purchase patterns, especially for high-value items, declined purchases, or gift card purchases.

  • Reviewing loyalty program activity for inconsistent or unusual behavior.

Training is essential for in-store employees who serve BOPIS, curbside, or automated locker customers. In addition, with short availability windows of 2 hours or less, employees must be responsive to online purchases. Employees should know how to read orders, pick correct items to fill the order, prepare orders for pickup, and process returns. These skills are dissimilar to cashiering or shelf-stocking skills and require different types of training.

Retailers should establish workflows with checkpoints that ensure products ordered match products picked and packed. Video and intelligent systems allow companies to monitor employee activities and identify ways to streamline the process.

Collusion is another concern, primarily if in-store employees work with Organized Retail Crime (ORC) groups to defraud retailers. For instance, CSRs may issue customer “appeasements,” where the retailer ships replacement products or gift cards to themselves, friends, or other groups. Analytics that compare employee addresses to appeasement shipments will target and reduce losses.

End Promotion & Discount Abuse
There are many ways to analyze discount transaction data that may reveal profit-reducing activities. One option is to compare discount applications by employee or location to company averages and identifying over and under-performers.

Questions to Consider When Analyzing Data for Employee Abuse:

  • Does the employee purchase a higher volume of items at a greater discount due to the use of employee discount benefit? 

  • Is the employee regularly seeking super discounts by adding his employee discount on top of an already marked down item? 

  • Is there an extensive degree of purchase overrides used by the employee to receive a discount as compared to other employees? 

  • Comparatively, is the employee’s overall percentage discount received greater than any other employees’ discount at the store level? 

To avoid faulty discounts, employers should put a monetary limit on the amount per month an employee can redeem with their employee discounts. Furthermore, it is encouraged for store managers to approve every employee discount prior to its application to a purchase. Video surveillance (CCTV) footage can also be incredibly helpful when determining if improper discount usage is due to a dishonest associate or an honest policy or training issue.

Detect and Prevent Friendly Fraud
The main difference between friendly fraud and identity theft is that, in the case of friendly fraud, the fraudster is the authorized user of the card used to make the purchase in question. The transaction was authorized and was presumed to be a legitimate purchase until the customer files a chargeback, attempting to regain the payment for the transaction yet holding on to the product or services rendered. Here are ways to identify this behavior:

Fraudulent purchase patterns

Investigate to see if there is a pattern of misuse of the credit card, especially by someone other than the authorized cardholder. Patterns can include larger than usual purchase amounts or frequency compared to average retailer sales or if they are a high-theft item.


Communication and tracking

Ask customers about their purchases, recording the call while asking for validating information. Retailers can also save delivery information to prove items were successfully delivered to the customer. Email communications can also be tracked, providing documentation and proof of purchase and return authorization.


Return policy changes

A return policy review may be warranted if chargebacks become an issue, even if only for certain high-risk items. If clearly communicated, the policy can simplify or even prevent certain disputes altogether.


Tips for Minimizing Chargebacks

  • Notify customers before charging for recurring payments
  • Make sure the billing descriptor is easily recognizable
  • Use delivery confirmation
  • Keep an easy to access paper-trail of every transaction
  • Communicate regularly with customers
  • Make customer service contact information easy to find
  • Empower customer service and other employees to resolve issues quickly
  • Grant refunds and cancellations as soon as requested
  • Be vigilant for suspicious behavior


While chargebacks are an important process for consumers to dispute certain charges, they should be a last resort. By taking the above steps, companies can help keep legitimate and fraudulent chargebacks, and the associated losses to the business's bottom line, to a minimum.



Learn more about the different types of Theft & Fraud.