Retail Theft Is On The Rise

Retail Theft Is On The Rise

In the USA, for 2018, the summary breakdown for retail theft was in the following areas.

  • Shoplifting loses is now a staggering $50.6 billion dollars a year.
  • Return fraud is an estimated $15 billion a year.
  • Gift card fraud is an estimated $5 billion a year.

The NFR (National Retail Federation) 2018 survey of over 500 Major retailers returned some significant numbers, and 2019 is expected to have an even higher increase. Some notable highlights are:

Survey respondents indicated that 91.6% had been victims of ORC (Organized Retail Crime) during the year.

Areas where the most fraud is occurring:

  • In-Store Only Sales: 42.9%
  • Online Only Sales: 30.2%
  • Multi-channel Sales( i.e. buy online, pickup in-store): 22.2%

In 2018, ORC represented $777,877 for every $1 billion in retail sales.

Thefts coalesced into the following areas:

  • Ease of Theft/resale ability: Ease of the ability to steal products and ease of being able to resell it via multiple channels, including online and social media.
  • Gift Cards: Ease of theft and internal policies that make using or reselling the Gift Cards easier.
  • Laws: Raised thresholds for what classifies and felony theft, and stores being unwilling to prosecute offenders.
  • Lowered defenses: Inability to do anything due to staff shortages, or internal “do nothing” policies, and lowered supply chain security.
  • Product: Brand names and/or high demand products that can easily be resold. – Here’s a list of some of the most common items stolen:
  1. Designer clothes
  2. Laundry detergent
  3. Infant formula
  4. Razors
  5. Designer handbags
  6. Denim pants
  7. High-end Liquor
  8. Deodorant
  9. Teeth whitening strips
  10. Cell phones
  11. TV’s
  12. Tools (Power Tools and Kits, hand tools)
  13. Toys
  14. Video Games and accessories
  15. Lumber
  16. Portable Generators
  17. Lawnmowers
  18. Power lawn/yard equipment
  19. Plumbing parts and accessories

Most retailers are planning to increase spending to combat crime in the following areas:

Estimates for 2019:

  • Burglar Alarms: 92.1%
  • Digital Video Recorders: 84.%
  • Armored Car Deposit Pickups: 68.3%
  • POS data mining: 65.1%
  • Live customer visible CCTV: 61.9%

Some retailers have opted to simply let the thieves go, documenting the theft, and then later filing insurance claims for the losses.

The major issue with these non-responsive methods is that it only further emboldens the thieves.

The bottom line here is that ultimately the retail consumer pays for all of this in the form of increased prices.

For more information go to:

https://nrf.com/research/national-retail-security-survey-2019

– John

Logging Support Requests with CCS

Logging Support Requests with CCS.

At CCS, we always to try to respond to support requests in a timely manner. In order to do this, we need your assistance as follows:

  1. How to contact CCS.

Phone Number: 800-672-4806/425-672-4806

mail Address: support

During normal business hours, the phone will be answered by a dispatcher. However, if the support call volume is unusually high at the time of your call,

It may go directly to voicemail.

  1. Information needed for CCS to properly respond to any support requests are:

Name – First name (Minimum), and last name.

Company – The name of the company that we have on record

Location/Store – The physical location/store that the user is calling from, and/or the location/store that is having the issue.

Contact Phone Number – Store Phone number, cell phone number

Contact email address – If you are not immediately available, include the best time and day for CCS to re-contact you.

The nature and severity of the issue.

What you did before contacting CCS.

Who else in your organization did you attempt to contact first, before calling CCS?

  1. Here are some examples of support requests:
  1. Voicemail Message:

Poor Example:

“Hi, this is Mary, we are having a problem…” click!

In this particular case, the call came in from an unlisted, back-office number that no one monitors. When that number was called, no one answered, and the number didn’t go to any king of the voicemail system. So at this point, we had no idea which company this was, what location is involved or any other details.

Best Example:

“Hi, this is Mary Smith from Bob’s Widgets, Lynnwood Washington location. The store number is: 425-672-1234. If no one answers or if it goes to voicemail, please call me on my cell phone: 360-123-4567.

I just tried to log into the software when coming back from my lunch break, and I’m getting the following error message when I try to log into the Touch screen Ticket Entry:

“Invalid Login”

I kept trying different passwords, and nothing worked. I can’t ring up customers, please help!

I’m unable to get hold of a manager to help out.

We close the store at 6:00 PM tonight, but I’ll be here until 6:30 PM.”

In the above example, the contact information is clearly stated, and so is the nature of the support issue. Also, information as to what other attempt attempts were made to resolve the issue before contacting CCS. This allows CCS to quickly respond to both the call and to address the specific issue.

  1. Email message sent to CCS:

Poor Example:

“We are having a problem… “

The source email is for a personal email associated with a user’s personal cell phone: mary1234

In this case, the person who sent the message is not monitoring their email, so when a reply is sent requesting more information, CCS gets no reply.

Best Example:

“Hi, this is Mary Smith from Bob’s Widgets, Lynnwood Washington location. The store number is: 425-672-1234. If no one answers or if it goes to voicemail, please call me on my cell phone… 360-123-4567. If you send any emails, please address them to all of the following:

lynnwood

msmith

accounting

I just tried to log into the software when coming back from my lunch break, and I’m getting the following error message when I try to log into the Touch screen Ticket Entry:

“Invalid Login”

I kept trying different passwords, and nothing worked. I can’t ring up customers, please help!

Here’s a picture of the error taken with my cell phone.

Also, I called and texted our manager, but she’s on vacation in Maui and isn’t responding. Also, I couldn’t reach our Assistant Manager, by phone this afternoon, but she’s supposed to be in tomorrow morning at 8:30 AM.

We close the store at 6:00 PM tonight, but I’ll be here until 6:30 PM.”

Again, in the above example, the contact information is clearly stated, and so is the nature of the support issue, and includes an image of or print screen of the error. Also, information as to what other attempt attempts were made to resolve the issue before contacting CCS.

John

Windows 10 Build 1903

Windows 10 Build 1903

Microsoft has released Windows 10 Build 1903 in the month of August 2019 and has been gradually rolling out the availability to downloads to end-users. However, the availability of this update is not user-controlled and is being controlled by Microsoft. This is resource-hogging, time-consuming process is similar to what was experienced with the Windows 10 Upgrades from Windows 7 and Windows 8… meaning that no one should expect this finish in a timely manner, so it should only be done during off-hours.

Failing to do this could mean that with some older, slower registers, they could end-up being non-operational for at least half a day or more.

Some finer points:

  • The installation packet is several Gigabytes in size, so the downloads take a really long time. So while this is offering is being provided as part of the standard Windows Update, the entire process this is going to affect bandwidth, especially for users who have only basic Internet service, limited bandwidth and/or use multi-site.
  • The typical download times can be as great as 4 hours, plus another 2 – 4 hours for the actual installation to fully complete.
  • The entire installation process requires multiple automatic restarts of the computer. – It is important that the end-user NOT intervene with this process by physically powering off the PC or register, as doing that is will corrupt the operating system.
  • Of note: The previous Homegroup feature has been completely removed from the operating system.

– John

Washington State Family and Medical Leave Update for July 2019

Washington State Family and Medical Leave Update for July 2019

Paid Family and Medical Leave reporting and payment requirements have now changed for the Quarter 1 and Quarter 2 of 2019.

As of July 1st, 2019, you will now not only be required to submit your quarterly reports, but you will now be required

to make your business payments for both the 1st and 2nd quarter of 2019.

Information on reporting requirements can be found at:

https://www.paidleave.wa.gov/reporting

After gathering all of the reporting data requirements, the Employer needs to log into the Employers Secure Access Washington account in order to make a payment.

https://secureaccess.wa.gov/myAccess/saw/select.do

If you don’t currently have a SAW account, the need to first sign-up in order to be able to make payments. You will be required to have your UBI number.

If you don’t know your UBI number, you can look this up at:

bls.dor.wa.gov/checkstatus.aspx

If you use a 3rd party administrator, CPA, or business manager, make sure that they plan to submit your Q1 and Q2 payments on your behalf.

More information for 3rd party administrators can be found at:

paidleave.wa.gov/employer-agents

Of note… when signing your employer agent up, you will need to request an access pin number. This process may require a 3-5 day wait before the actual pin number is

sent to you.

– John

Advances in Automated Delivery Services.

Advances in Automated Delivery Services.

While plans for using automated drones to deliver packages have been around for quite some time, what is not commonly known is that that are actually other similar types of delivery services already in operation throughout the world.

A recent example of this involves smaller automated delivery services such as the experimental Amazon Prime “Scout” delivery service which has been undergoing testing in the small town of Snohomish, WA

Link to a recent article: https://www.cnet.com/news/amazons-scout-robots-thats-no-cooler-thats-your-prime-delivery/

Eventually, these types of services will likely expand into all areas of retailing:

As examples:

  • You could be online ordering groceries from a local grocery store and have the items delivered at your convenience.
  • You are physically at the grocery store and realize that have you have to run other errands and don’t want your food items to spoil in your hot car. – You could have all or a portion of the purchases delivered later via automated delivery on your terms.
  • Hot and cold meal deliveries – Things such as takeout meals, luxury restaurant meals and perishable items like ice cream could be delivered via heated or refrigerated drones.
  • Potentially, this could eventually involve larger delivery vehicles delivering items such as garden soil, lumber for your new deck, or bricks for your new patio.

– John

How the Wayfair Decision Affects You.

How the Wayfair Decision Affects You

Four primary facets of the law.

1. The law applies only to sellers who run a substantial amount of business in the state of South Dakota.

So what qualifies as substantial?

The state can’t just tax any seller. They can only tax sellers who have reached what is commonly referred to as a “minimum presence threshold.” For South Dakota, a threshold placed on total sales and/or total transactions.

Retailers with annual sales that either exceed $100,000 or that have more than 200 separate transactions in the state must set up their POS and sales systems to collect and pay taxes for the state.

2. The state had a simplified standardized tax code that was easy to comply with.

South Dakota is part of the Streamlined Sales and Use Tax Agreement (SSUTA), along with sixteen other states. These states share a simpler, more uniform tax system, which includes everything from product definitions to tax policy. The simplicity and uniformity of it removes some of the “undue burdens” of doing business in a different state and complying with their tax laws.

That said, cost of compliance remains a huge concern for some Court Justices and business owners everywhere.

As part of the decision, Justice Roberts expressed concerns in his final comments as:

“Correctly calculating and remitting sales taxes on all e-commerce sales will likely prove baffling for many retailers. Over 10,000 jurisdictions levy sales taxes, each with ‘different tax rates, different rules governing tax-exempt goods and services, different product category definitions, and different standards for determining whether an out-of-state seller has a substantial presence’ in the jurisdiction.”

3. The law will not tax out-of-state businesses for past sales.

This means that online retailers are legally protected from any retroactive taxes being assessed by any state or local municipality.

4. The state is providing free tax software to remote retailers.

The cost of compliance with all the various state and local taxes is a concern, and there was a concern that sales tax compliance software would not be available immediately or within the near future. Also, while there was confidence that the free market would quickly provide affordable solutions. Another caveat to this Court ruling was that only Congress actually has authority over this issue, and politicians could write legislation that contradicts or supersedes the Court’s ruling.

Because of the profit potential, many states are now following South Dakota’s lead in mimicking this new law.

How does this potentially impact you?

  • States can tax remote sellers.
  • Retailers must track sales levels and tax law changes in all states where they do business.
  • Retailers must set up operations to collect tax wherever they sell, and then pay taxes on each state’s schedule, so this could require substantial additional business overhead in order to be compliant, especially if a business doesn’t have good reporting software on hand.
  • Competing for business now presents a more even playing field. So If an online business must start charging tax, they lose the competitive advantage of being tax-free. This makes remote retailers more vulnerable to competitors,

including local brick-and-mortar shops. Huge online business such as Amazon are least likely to notice much of an impact because of the sheer scale of their business and their profit volumes. It’s feared that many small merchants will really suffer as a result of this ruling, however, if they don’t reach the minimum presence threshold, then they aren’t affected at all.

Medium-sized businesses might feel this the most, as they will be required to take on the pressures of tracking tax law changes, tracking their own sales volumes in each states taxing jurisdiction, and then actually collecting and paying the sales

tax when they need to.

– John

Is there a Gap in your GAAP?

Is there a Gap in your GAAP?

GAAP (Generally Accepted Accounting Practice) standards are often overlooked. Things that you should look for are:

1. Running edit lists to review transactional data before posting it in batch. – This allows you to catch any errors or omissions prior to posting.

2. Documents that you create should always have unique numbers. This would be true regardless of what area of the software that the document being created in.

Examples: POS Orders and Invoices, A/P Vouchers and Checks (paper and EFT), Payroll Checks, General Journal numbers, etc.

3. Auditing as you go – Whenever you are doing transaction input, after auditing your work, you should have another staff member review it before you post it.

4. Grouping transactions by date or period– As you are making any adjustments, make sure that all adjustments that are posted together are on the same date and/or within the same accounting period – Meaning don’t post entries dated in January with activity for February or March.

Typically, in most software applications, a document number is considered a Primary Key, so it should be considered “Unique” and would not be duplicated. However, there are some programs where it might be a Secondary key where multiples might be allowed, such as using a sequence Number, such as when using duplicate entries and historical tables such as Check History (e.g. checks, voids for the same checks, or manual payments, EFT transactions, etc.).

Just because a program might allow you to insert duplicate data, that isn’t necessarily a good thing to do

Even in situations where the programming might allow for this sort of thing, a duplicate document number might cause other issues with software functionality. -As examples.

• Unique document numbers make auditing easier. If an auditor sees a lot of duplicate documents, it may prompt the auditor to dig deeper looking for other accounting irregularities, thereby artificially extending the length of the audit. An example of this sort of this would be a local, state or federal tax audit.

• A Ticket/Invoice number exists in history multiple times – So A user runs a report on ticket #54653 without having specified a date or date range. The subsequent report returns a dozen documents created over a period of 10 years.

• Problems posting – I have seen examples where end-users have used the same invoice number dozens of times. When they try to post a new voucher using the same invoice number, the program may hang or crash while it attempting multiple times to create a “New” document for one that already existed previously. As an example, the program might be writing data for the same document into history a dozen times, and they just stop the attempts to write the new data.

The worst example of this that I have seen so far, is with one vendor that 21 manual payments on file using an invoice and check number of “SUPPLIES”

In this case, a better example of document number creation would have been to enter numbers in a format like the following: “SUPMMDDYY” (e.g. SUP042519… or Supplies for 04/25/2019), or “VendNoPrefixMM252019) (e.g. BOS042519, Bobs Office Supplies for 04/25/2019).

Check number and Invoice numbers should always be auto-assigned.

If you have any questions or need assistance with the creating your own document number assignment schema, please contact the CCS Retail Systems Support department.

– John

Using Proper Physical Count Procedures

Using Proper Physical Count Procedures

It’s always a good idea to make copious notes about physical count configuration and usage issue and to review them prior to doing the actual work.

Typically, this process would include:

  • Making backups of current data. – Typically, this would involve backing-up the full database.
  • Archiving old count files for previous periods or years. – This would ensure that old files are not accidentally imported.
  • Making sure that PDT’s (Physical count device) batteries are fully charged, and that any old count data is cleared from the devices.
  • Training staff who will actually be doing the work to properly use both the software and hardware functions.

Taking this proactive approach is vitally important, especially if you only do inventories once a year or less frequently. Failing to do this can mean a potential disaster waiting to happen…

As an example…

An end-user who had just completed a physical count determined that ALL of the adjusted inventory levels were wrong for all of their locations.

In working with the counter staff, the following was later determined:

  • When importing the count file into the default PDT’s (Physical count device) software directory, the file downloaded was named the same as what it was last year and downloaded to PDT software’s default directory.
  • However, their default NCR Counterpoint parameter was pointing to a different import folder than the PDT software default. When the staff imported the count file, they were actually importing the previous year’s physical count file. – No one had checked the date of the file or the content before importing it.
  • After importing the count file, the user did a blind post the count data without checking any of the data, and just let the system to adjust all items not counted to zero.

To compound matters…

  • No backup of the existing CounterPoint data files was done prior to the start of the import process. – This means that they had no recourse but to restart the physical count process.
  • The count file had obvious errors in it (Barcodes scanned into the quantity field; Quantities input into the barcode field; Blank Quantities; etc.). – The NCR Counterpoint software has both a verify function that can be used prior to importing data and various worksheets that can be used for reviewing and validating data.
  • Other users had started multiple physical count snap-shots that involved many of the same items. Some of these has been open for as long as a year.
  • On detecting the initial problem, the staff repeated the exact same import/post process (using the wrong file) at least twice, before finally creating a new physical count, and without doing any imports, then zeroed-out

the entire inventory for that location.

The one saving grace here was the current year’s count file uploaded not been deleted, nor had the PDT been purged after the upload.

If you are unsure of any part of the physical count process, CCS Retail Systems can provide both training and technical assistance prior to starting the count, as well as ongoing process support during the actual count.

– John

Some good reasons to keep your software subscriptions current

Some good reasons to keep your software subscriptions current

  1. License key validation – Most software subscriptions are issued with an annual license that requires a renewal in order to be either installed as either a new installation or re-installed as of the current date.

As examples:

  • The currently installed application software is only supported running on the currently installed operating system. If you want to move the installation to a newer server or workstation operating system environment, you’ll need to have a current license key in order to physically move or update the software.
  • Passport will not let you either re-install software or install new software using an old expired license. This means that you are required to renew your subscription first.
  1. The application software environment becomes corrupted over time – This requires re-installing the software or a service pack which may require downloading software. – Many software applications now have huge installation files, this can be true whether or not you plan on doing a full installation or simply installing an incremental service pack.

For example:

  • If your NCR CounterPoint Subscription license isn’t current, you will not be able to download any software, or access NCR’s customer support website. Considering that it is common for downloads to be several gigabytes in size, it can take hours just to do the downloads prior to any installation attempt even being made. Not having this as of a specific deadline date, can mean having to reschedule a critical installation or cause you and your organization some unwanted hardship or downtime. Inability to access the website can mean not being able to download installation and configuration manuals or updated training manuals.
  1. Some of your software applications stop working – If a license expires, it may take time to get it renewed.

For example:

  • Your ShipRush or StarShip shipping software and interface to NCR CounterPoint expires. Until the license is renewed, you will not be able to use the shipping software or the software interface for NCR Counterpoint.

Please contact the CCS Support department if you have any questions or for assistance with updating your software subscriptions.

– John

New Twists Ransomware and Spear Phishing Attacks

New Twists on Ransomware Spear-phishing Attacks

In recent years we have seen an increase both the number of spear phishing campaigns, and increased ingenuity as to the ways that scammers try to assist you in getting your systems infected, or attempt to fleece you out of money.

In the past, this may have been something sent via emails that used official-looking emails complete with a financial institution’s corporate logo, or they could get phone calls from a fake bank account executive. The email or caller could tailor an email to the customer with personalized information they downloaded, making it seem like it was a legitimate email.

The fake bank account executive or emailer would then indicate there is an urgent problem with the customer’s account, and then ask for birthdates, Social Security numbers or passwords. The virtual trap could also be set by the official-looking email asking customers to click on a link embedded in the email to, say, update their account information. However, the link takes the unsuspecting victim to a fake but legitimate-looking website, where the customer is then tricked into listing passwords, bank account numbers, Social Security numbers, user ID’s, access codes, and PIN’s.

Some recent twists on the above are:

An email that spoofs your email account in the emails “sent from” field. The body of the scammer’s email claims that they have already hacked into your system via a porn or adult dating website that you “supposedly” recently visited. The email indicates a direct threat to email explicit photos or videos to all of the contacts in your email system, specifically to your employer, and/or the police, if you don’t send money to a specific destination as of a specific date and time.

One or both of the following may be included:

  • Instructions on where to go to pay the ransom.
  • Clickable links that direct you to site to pay a ransom, and/or a link that actually infects your system with encryption malware, which subsequently locks you out of your system, with another ransom demand in order to get a key to un-encrypt your drive(s).

Typically, the best thing to doing in these situations is to immediately delete the email, and clear it out of your mail deleted mail folder and the follow-up with staff on how to be diligent about recognizing and handling these sorts of threats.

– John