The reliance on technology to solve the myriad ways in which
theft and fraud can occur in the workplace is badly misplaced. Security systems
in retail, warehouse and manufacturing environments has evolved from mirrors to
cameras to electronic article surveillance systems to computerized controls,
yet all fail to deliver on the promise to eliminate shrinkage.
A graphic example of this misplaced confidence is the
expansion of airport security, in the false belief that better electronic
surveillance means better control. While these devices have proven to obtain
results, the increased cost associated with support infrastructure, along with
the cost of the immense delays to passengers and cargo mean that security has
become unwieldy. On the other hand, an emphasis on the psychological tracking
of persons moving through transportation hubs and borders, similar to that
employed in Israel, has resulted in far more effective screening techniques, at
a fraction of the cost, and with numerous spinoff benefits.
In industrial settings, complex deterrence systems actually
tend to increase loss, while decreasing the frequency of events and increasing,
substantially, the per-incident theft or fraud. Computerized systems demand
skilled and knowledgeable operators, who then have access to the means to
subvert the systems. At the same time, complex, but linked prevention programs
tend to become targets, given that the reward is immense. This is the primary
motivator behind hacking, phishing and other data mining efforts, with huge
profits available to successful operators.
At the same time that impersonal strategies are created,
those that want to thwart the process rely on a combination of technical
subterfuge and good, old fashioned personal manipulation to reroute and remove the
barriers in place. The Canadian Proceeds of Crime (Money Laundering) Act may,
in theory, provide a solid basis for deterring and catching criminal activity
relating to banks, but a recent case in Manitoba suggests that, even a bank as
big as CIBC is not immune to the well-intentioned efforts of employees, wanting
to provide good customer service, circumnavigating the system to the tune of
millions of dollars.
HSBC in the UK recently was fined for directly assisting
fraudulent activities relating to certain clients. Yet, the banking industry in
Canada is well regulated, while the European banking system recently underwent
extensive reform following the 2008 crisis.
Back to simple security systems.
When the only deterrence and detection option was a system
of security mirrors, thieves learned where the blind spots were, and moved
their activities to those remote corners. When a plethora of mirrors was
installed, thieves also recognized that security could monitor only a few of
the mirror locations at a time, and largely ignored them.
Then, CCTV systems emerged. Again, blind spots were located,
thieves learned to shield activities, and good ones learned that the cameras
actually delayed response rather than enhanced it.
That was followed by EAS systems, which could be thwarted by
basic to complex systems. At the same time, ticketing of each item became
cost-prohibitive, and frequently, no one on staff was willing to risk his or
her safety to make an apprehension. Computer tracking for warehouses, suppliers
and even retail exposed even more vulnerabilities.
The current situation, though, is significantly different
than the one prevalent in the 1980s. Now, old-fashioned theft and fraud still
remains popular. While cheque fraud largely has been eliminated, credit card
and debit card problems have grown exponentially. While shoplifting still is
commonplace, greater theft opportunities have opened up for employees and
suppliers. In warehouses and manufacturing, collusion and fraud are more common
than theft, and on a larger scale, but theft still occurs often. Since rail has
been replaced by air and road cargo hauling, various fraud, theft and simple
hijacking incidents have involved larger and larger amounts, particularly in the
courier and short-haul trucking arena.
The problem is that owners and managers have become
complacent, assuming that, since the frequency of incidents seems to have
decreased, they have solved the loss problem. Even if inventories show good
results, or audits show proper ROIs and margins, huge losses likely still are
occurring.
There really is only one effective response, and it is the
same response that was appropriate before security systems became commonplace:
understanding and hands-on reaction. To borrow an inappropriate adage from gun
owners, “Equipment and programs do not steal. People steal.” And the only way to minimize risk is to
understand people, and respond to situations with a mix of sophisticated
technology and human intervention.
