Companies achieve, on average, 33x ROI using Agilence Read the report!
Schedule Demo Schedule Demo

Theft & Fraud

In Retail, Restaurants, and Grocery Stores

Common Types of Theft & Fraud

Shrink and margin erosion cost retailers, restaurants, and grocers billions of dollars every year.  Theft and fraud not only decrease profit, but they also damage a company’s reputation and negatively impact customer loyalty.  It’s time to get to know the most common forms of fraud and theft.


The most common type of employee theft, Sweethearting is the term used when an employee gives away or discounts merchandise to a friend, family member, or fellow employee. Cashiers can accomplish this through scan avoidance, price overrides, refund or gift card fraud, void fraud, or invoicing scams.

Account takeovers (ATO)

Nearly every customer has an email-password account combination. Hackers use ATO methods to access customers' personal information and payment data. Once an account is hacked, the cybercriminals may publicize the company’s vulnerabilities to other hackers. ATO quickly erodes trust in the retailer’s client base, making it a difficult and expensive process to reclaim their brand’s confidence and lost revenue. The use of sophisticated bots has given these loyalty and rewards fraudsters the opportunity to cast a wide net and collect increasing reward points. This criminal activity can have a devastating result on your business by eroding margins and hurting brand reputations.

Loyalty Program Data

Retailers depend on loyalty programs to attract and grow their customer base. Customers appreciate discounts, freebies, and special offers they receive as loyal members. However, criminals target the wealth of data stored in these loyalty accounts, often with lower security levels, giving them access to a customer's data and payment methods. It is estimated that $3.1 billion in redeemed loyalty points redeemed are fraudulent, making it a significant problem for retailers.

Loyalty and Rewards – New Accounts

It has become common for fraudsters to create multiple new accounts to help aid in their fraudulent acts like transferring loyalty or reward program points from one illegally acquired account to a new loyalty or rewards account. This creates an issue for business owners by making it difficult to tell the real customer accounts from fraudulent ones.

Organized Retail Crime (ORC)

Retail crime is big business, especially if there is a focused effort by a large group of people. Organized retail crime applies to the enterprise of professional criminals who target retail stores and work together to find new ways of stealing from businesses. Theft ranges from lower-priced drug store items to high-end luxury goods with the same purpose: steal goods and sell them for a profit. ORC can range from two or more people collaborating on retail theft to national and international ORC groups responsible for hundreds of billions in losses on a global scale.

Organized crime can result in serious crimes being committed that retailers can’t prevent by themselves. A good practice is to maintain regular communications with other Loss Prevention professionals to share information about ORC groups operating in any given area. A local police force can share information on ORC groups in the area. Building a successful ORC case involves gathering incident details, calculating financial impact, collecting evidence, and presenting all findings with the help of legal counsel.

Employee Theft

Like shoplifters, employees may simply steal inventory items either to keep for themselves or to sell after the fact. This can be accomplished in a variety of ways from simply hiding small items in pockets or elaborate plans like hiding items in the trash and retrieving them from the dumpster after.

Gift Card Scams

Gift cards are, in effect, employee-created currency, making gift card theft very difficult to detect. There are a few different ways to execute this type of theft, one of which involves associates issuing fake refunds to gift cards that they will keep for themselves or later sell. They may also give a customer purchasing a gift card a blank card while keeping the loaded one.

Contactless Payment Fraud /Card-Not-Present Purchases

Near field communication (NFC) is the technology behind contactless payments. Much like RFID technology, it uses radio waves to collect nearby information from smart devices. NFC reads these devices from about 1.5 inches away and no further than 4 inches. NFC technology involves a direct, almost instant transfer of encrypted data to POS devices, as opposed to more traditional chip and PIN technology that takes longer to process. QR codes are similar to a bar scan code but contain more detailed information. When scanned, systems can retrieve information about individual products or payment methods.

Fraudsters are overcoming mobile payment challenges. Once they have obtained personal data or credit card information, fraudsters are most likely to open a new credit card account. They can then use this data for card-not-present purchases, including mobile payment apps. In this situation, the mobile app belongs to the fraudster, but the payment information belongs to someone else, leaving the merchant to pay the price.

With an increase in mobile payments, the lack of protection puts merchants in the precarious position of incurring more chargebacks but having a limited dispute success rate. Without a clear means of chargeback resolution, merchants have been left to foot the bill, losing revenue and often the inventory that generated the sale. Small businesses are most frequently at risk, operating with already slim margins and competing with larger merchants.


Skimming refers to the theft of cash from the register or point of sale prior to the cash being entered into the employer’s accounting system, meaning the cash is diverted from the business to the employee. There are a number of different ways that skimming can occur including avoiding ringing in a transaction, ringing in a “no sale” transaction to open the till, or improperly applying voids and/or discounts to account for the missing cash.

Unrecorded Sales

This type of skimming occurs when an employee completes a transaction without ever ringing it into the POS system. The employee takes the cash from the customer and gives the customer merchandise but there is no record of the sale in any system, the customer does not receive a receipt and the inventory is unaccounted for. Employees may also only ring up a portion of the sale and pocket the remainder of the payment. Declining inventory levels without a corresponding rise in sales may indicate that one or more of your associates is using unrecorded sales to steal cash from the business.

“No Sale” Transactions

Employees may ring in a “no sale” transaction to open the drawer and pocket the cash within. Managers can often catch this type of skimming by comparing daily cash reports, looking for unusual cash shortages. Once aware that the problem is occurring, managers and/or operators can utilize transaction history to identify when unusual “no sale” transactions were rung in and pulling CCTV video of the event to confirm whether the employee took cash from the till.

False Voids and Discounts

Another way that employees can skim cash is by entering false voids or discounts into transactions and pocketing the difference. For example, a customer may pay full price for a product, but the employee applies their employee discount to the order and pockets the difference. Likewise, employees may simply void the transaction after receiving the cash from the customer and pocket the cash for the entire order. This type of skimming can often be detected by a sudden rise in voids or discounts in the POS.
Voids for non-cash items

Voids for non-cash items

As POS systems become more sophisticated, employees become more creative in manipulating that system. Above-average auto-gratuities may signify that employee are attempting to defraud the system. A significant number of voids, cancels, and discounts can point to an employee trying to manipulate the system.

Collaborating with a Customer

Another common form of employee theft involves colluding with a “customer” to steal merchandise – in most cases, this accomplice is a friend or relative of the employee. For example, cashiers sometimes void large transactions but still place merchandise in shopping bags for customers. Others ring up only portions of an order to let accomplices walk away with stolen merchandise. In certain cases, even supervisors have been caught helping to cover up employee theft schemes for a portion of the stolen profits.


Some customers will play “dine-and-dash” and never pay for their food. But the cash register should reflect a high percentage of payments. Employees can claim the food was delivered to the customer, charge the customer, and keep the cash, leaving the manager to adjust the sale based on the employee’s claim.

Wagon wheel Scam

Instead of a void, items can be transferred from one customer bill to another without numerous voids that may cause an alert. The Wagon Wheel scheme occurs when the customer is given the check at the end of the meal and pulls out cash to complete the transaction. The server returns to the register to close out the transaction and get the customer’s change. But before closing the transaction, the waiter opens a new check, transfers the item (often a beverage) from the original check to the new one, and then closes out the tab and pockets the cost of the beverage.

Food theft

With limited access to secured areas, managers may be one of the few people with access to food and supply inventory. Fortunately, identifying these schemes is getting easier as restaurants use more automated systems to track inventory, integrate with vendor systems, and send alerts to security teams when a red flag is noted. Advanced POS and analytics investments help restaurant owners protect their reputation and profits with an early-warning system that identifies potential managerial fraud.

Invoice miscoding

Constant deliveries in a busy restaurant environment can mean the invoices get overlooked, put to the side, or intentionally “lost” from the system. Not entering received food and supplies into inventory creates an open door for managers to walk out the door with items.

Buy online pickup/return in-store (BOPIS/BORIS) fraud

BOPIS fraud occurs when someone buys a product online through fraudulent means and returns it to the store in order to gain a gift card to sell online. This scheme has become an increasing threat to businesses as many stores take on an online presence. Likewise, BOPIS fraud involves fraudulently purchasing a product online, often with a stolen credit card, and picking up the goods at a store.

Item not received (INR) fraud

INR fraud occurs when a customer says their item was never received with the intent of getting a refund or getting a new item. since online orders are in such high demand most business owners don’t have time to investigate this kind of fraud and usually end up just shipping another item to the customer.

Promotion and Discount Abuse

As fraud tactics expand, it becomes increasingly difficult to detect who might be the one harming your store. Even long-time customers can have ulterior motives. These kinds of fraudsters target businesses with promotions for their customers and specialize in new ways to exploit these offers, especially with younger customers it has become common to abuse discount codes by posting them online and creating email addresses in order to receive new customer discounts.

Discount Fraud

Discount fraud occurs when an employee or customer purposefully and maliciously deceives or misrepresents fact to apply a discount for personal gain. For example, a customer may purposefully mislead a retailer and claim to qualify for an exclusive discount, like a military discount, even though they have never actually served in the military. Another example is when a customer has completed their purchase and pays in cash, an employee applies their discount card to lower the customer’s total. Then, the employee pockets the price difference for themselves. Another example of discount fraud occurs when a customer purposefully exploits the terms and conditions of the retailer’s coupon policy. These fraudsters can potentially redeem a coupon more than once, copy coupons, create fake coupons, or use the coupon on unrelated products.

Discount Abuse

Discount abuse occurs when an employee or customer applies a discount inappropriately or in a way that falls outside of policy. A perfect example is when an employee tries to share their employee discount with family or friends in a way that isn’t permitted or when a limited time discount is applied outside of the intended timeframe.

Stacking discounts can be another form of discount abuse. This occurs when multiple coupons, promotions, and/or discounts are applied to a single transaction, compounding cost savings beyond the intended use. These types of out-of-policy discounts stretch beyond the intended scope of use and will quickly erode margins if left unchecked.

Discount Policy Gaps

Policy and training gaps can often cost retailers more than any thief, fraudster, or dishonest associate. Proper discount policy creation, distribution, implementation, and training can prevent many instances of fraud and abuse as well as operational issues that can cost retailers millions of dollars annually. In addition to being abused, stacking discount issues ran also be caused by certain policy or technology gaps. For example, when applying multiple types of discounts to the same transaction, the order in which the discounts are applied can have an impact on the overall cost savings. Applying a “% off total order” discount after a line item or “$ off” coupon will offer a larger amount off the total purchase price.

Return Abuse and Chargebacks

Weak return policies can be an easy place for fraudsters to strike. Whether it's "friendly fraud" of legitimate buyers requesting a refund but never returning the products or a more considerable effort to defraud a retailer with high-end returns consistently, chargebacks are a growing concern for retailers. One popular third-party scheme involves purchasing expensive items but returning a cheap knockoff in its place for a full price refund, leaving the retailer on the hook for the merchandise and the payment. Returning an item, such as an electronic device, with certain parts removed, or purchasing a new item and returning an old/defective version of the same item in the new item’s packaging.

Top 5 Types of Return Fraud

1. Returns of shoplifted/stolen merchandise: Shoplifting with intent to return
2. Employee return fraud and/or collusion with external sources: Returning stolen goods assisted by employees (or perpetrated by employees)
3. Returns of merchandise purchased on fraudulent or stolen tender: Returning goods purchased using falsified or stolen checks, credit cards, or gift cards to purchase
4. Returns made by Organized Retail Crime (ORC) groups: Elaborate return schemes orchestrated by teams of professional criminals for profit
5. Renting/Wardrobing (returns of used, non-defective merchandise): Buying merchandise for short-term use with intent to return

Reseller Abuse

Reseller abuse happens when a customer buys an item in bulk with the goal of selling it themselves at an inflated price. With the help of bots, fraudsters have been able to wipe out entire inventories taking away the opportunity for your business to gain any new, legitimate customers.

Self-Checkout Fraud

The pandemic has caused an increase in contactless services in all markets. This has provided an opportunity for self-checkout fraud to rise. A recent study showed that one and five shoppers have stolen from the self-checkout line. Self-checkout fraud has been underestimated by many retailers and as a result, the self-checkout kiosk has been treated with minimal supervision.

The Banana Trick

While attempting to reduce instances of shoplifting, one retailer discovered that they had sold more carrots than they had ever had in stock. Looking deeper at their transaction data, they also found that some customers were purchasing up to 40lbs of carrots in a single transaction. This wasn’t a sudden switch to healthy eating, but rather an indication of a new type of self-checkout fraud. The Banana Trick was originally discovered by grocers as a clever strategy used by shoplifters where a low-priced item, such as a banana, is manually keyed in or scanned while placing another, high-priced, object onto the scale or into their bags. This scheme takes advantage of the ignorance of the machine. It involves customers choosing a code on the machine for a much cheaper item, such as bananas, carrots, or pinto beans, when they’re actually scanning pricier items that require a PLU.

“The Pass Around” aka Skip Scanning

Items that leave the cart and are placed in the bag without being scanned at all are stolen with the “pass around” method. In other words, the customer scans one item and places it, plus a second unscanned item in the bagging area, or simply walking out with the item still in their cart. Provided the retailers have weight discrepancy controls in place this will be detected by the self-checkout. The data for interventions can be captured in a good data analytics application.

“The Switcheroo” aka Barcode Switching

This method involves a little more work before getting to the self-checkout kiosk. Here the customer removes the price sticker of a lower priced item and sticks it over the barcode of a higher-priced item. Successful “switcheroos” are only done with things that have close to the same weight, to avoid triggering the “unexpected item in bagging area” alert, locking up the checkout screen, and requiring management override.

Buying Gift Cards with Stolen Credit Cards

Stolen credit cards are an increasing concern in retail, and self-checkout is no different. When a thief successfully steals a credit card, their first stop is often the nearest store that sells gift cards, including most grocery stores. Once there, the thief spends the funds on gift cards before the credit card’s owner can cancel it.

Related content

Goodbye, shrink. Hello, profits.

See how we help companies reduce shrink and improve margins by reducing preventable loss with data & analytics.