10 Common Retail Fraud Methods
Michael London
This article is a take on Charles Piper's excellent article on healthcare fraud 10 Popular Health Care Provider Schemes. I thought his article was so excellent that I decided to write a similar article for retail fraud.
I worked in retail for close to ten years. During that time, I met some of the most hard working and honest people I have ever met. However, I also found that 3% of the employees at the corporation I was at wound up stealing from the company. Sometimes they stole a couple hundred dollars and sometimes they stole tens of thousands. I would like to point out that none of the people I caught or interviewed were bad people, they just made some bad decisions
In one case, I was investigating data coming from the registers at a store in Kentucky. Multiple items were refunded for cash the day after purchase by the store manager. I asked a couple of Loss Prevention investigators to review the transactions for fraud I was certain was there. The investigators reported that there was no fraud occurring, but it looked like a procedural issue and they would talk to the manager. Two days later, they had a signed confession from the manager for embezzling $50,000.
Many Loss Prevention investigators tend to focus on the theft they can see rather than on the more expensive theft they can't see. There is only a limited number of ways to steal merchandise from a store and once someone steals merchandise it is apparent that it is gone. There are many dozens of ways to steal or embezzle money from a store that are undetectable to everyone but a trained investigator with a tool set of pattern recognition algorithms. All of the cases below were located with nothing but data from the registers and a dedicated group of investigators to follow up on that data. Many of the cases had no video surveillance available to confirm initial fraud transactions.
I will do my best to describe 10 of the most common methods used for theft based on a combination of volume and dollars lost. There are many hundreds of such fraud methods and each individual retailer (any store with a cash register) has its own loop holes for embezzlement.
In many of these instances, you may ask "How are these transactions able to be processed?". The two answers I have for you are:
1. It isn't fraud until it is fraud, these transaction methods are supposed to be used for legitimate purposes.
2. Where there is a will, there is a way.
10 Common Retail Fraud Methods
- Fraudulent cash refunds
- Cash office embezzlement
- Fraudulent refunds to a gift card
- Cash theft on shared drawers
- Loyalty fraud
- Refunding to a personal credit card
- Gift card power down
- Gift card pre-tender
- Merchandise pass-off
- Fraudulent refunds laundered to gift cards
FRAUDULENT CASH REFUNDS
Fraudulent cash refunds are not the most common way cashiers steal, but they are certainly one of the most costly ways. A lot of employees I talked to who stole using other methods would vehemently deny that they had ever stolen any cash. As if there was a certain stigma with actually stealing money from the register itself, but other methods of theft were easier for them to rationalize. The ones that did steal funds in the register found themselves addicted to doing so. The reason that this method is not more common is that registers have less cash in them as consumers use cards more and more. Many cashiers have to wait until the end of their shifts in order to commit this type of fraud.
There are multiple variations of cash refund fraud, however the most common and costly method is using an original customer receipt to return merchandise. This method bypasses many of the fraud protections that stores use to deter this type of theft. One of the things I used to look for was a legitimate customer leaving their receipt after a return. The cashier would then use this receipt to process multiple refunds until there was nothing left on the receipt to refund. Although it doesn't sound costly, the average case of this size was over $10,000.
The most costly method of this type is when managers surf the previous days or weeks sales and look for high dollar merchandise they can fraudulently return.
At a store in northern Indiana I noticed high dollar cash refunds for things like refrigerators right before the store would close (9PM). These refunds were $750 a pop and the merchandise was usually purchased the previous week with a credit card. Based on the daily cash sales, I calculated that there was not enough money in the register for the customer to receive the cash. Also, why was the tender switched from credit card to cash? I located the original receipt information and called customers to ask them if they were satisfied with their purchases. All of them extolled the virtues of what they had purchased to me and said that their products were working great. I asked an investigator to make a trip to the store and review video. I told him to look for the manager concealing money in the cash room at the end of the night because the registers did not have enough money in them. The investigator reviewed video and found exactly what I had told him to look for. The manager wrote a signed confession with the explanation that he didn't think anyone would catch him or notice the missing money. He had been overseeing the store with the title of assistant manager for the past couple of months and thought he deserved more money.
CASH OFFICE EMBEZZLEMENT
This one may sound straight forward, but I guarantee you that it is not. The following case mirrors four other cases which each wound up being $100,000 or more. It was found that a store had a discrepancy in their gift card account of a few hundred thousand dollars. Usually these things are written off as some type of glitch or error. I was able to locate specific activity where gift cards were being activated and voided at the location and a register was not used to process the transactions. I tracked a few of the gift cards and determined that the gift cards were being activated and voided a few minutes later for $200-$500. I used a data warehouse to backtrack the activity a couple years and found that it was always occurring in the morning and the total for this location in these types of transactions was $256,000. It turned out that the nice cash office lady who worked in the morning had found a glitch that allowed her to activate gift cards using the cash office terminal and convert those gift cards to cash without ever receiving a signal from the gift card processor that the cards had a balance. She would take an equivalent amount of cash from the safe every single day she worked. When she was interviewed, she admitted that she committed the theft and claimed that her husband was sick and the doctor would only take cash. We found out beforehand that she was at the local casino almost every night and recently purchased a new car. This case led me to other gift card errors throughout the company that were causing hundreds of thousands of dollars in losses in ways that people would not expect.
FRAUDULENT REFUNDS TO A GIFT CARD
This is one of the most common and costly methods of retail fraud at a store. With this type of fraud, an employee takes merchandise from the sales floor (or remembers the item numbers) and types in a bunch of bogus customer information into the register in order to process the refund. They refund the merchandise directly to the gift card. It is usual to see the cashier repeat this pattern on a new gift card a few days later, but some cashiers will keep refunding onto the same gift card. The trick with these cases is too have the ability to link the gift card back to the refunding associate in some way. In one of the more interesting cases I had, I located multiple suspicious refunds to gift cards by an employee at a store. The redemptions of the gift cards were online for various types of cosmetics. I was able to find the employee's YouTube account and found them posting videos of the merchandise they had obtained fraudulently. They racked up about $5,000 in fraudulent refunds and had been employed less than 90 days.
CASH THEFT ON SHARED DRAWERS
This is as straight forward as it gets. A cashier takes money out of the register and conceals it.
This is as straight forward as it gets. A cashier takes money out of the register and conceals it.
The drawer is counted and it comes up short. The caveat here is that the drawer is shared by multiple associates. I have seen as many as 15 different employees on the same drawer.
One might think that finding the person who is stealing is as easy as charting out associate shifts on days the drawer was short. The truth is that the store loss prevention employees everywhere were having a hard time doing this.
I developed an application that merged shortage data with no sales on the drawers that were short. The result was a targeted list of who was stealing the cash in each store along with the times they had likely taken the money. Unresolved cases for thousands of dollars popped up after the first run of the application.
One might think that finding the person who is stealing is as easy as charting out associate shifts on days the drawer was short. The truth is that the store loss prevention employees everywhere were having a hard time doing this.
I developed an application that merged shortage data with no sales on the drawers that were short. The result was a targeted list of who was stealing the cash in each store along with the times they had likely taken the money. Unresolved cases for thousands of dollars popped up after the first run of the application.
LOYALTY FRAUD
Many retailers have loyalty rewards programs that reward customers with points they can redeem for merchandise at a later time. It turns out that this is the most common way that employees steal from their employers. It is very easy for the employee to swipe their own card on transactions and earn the points. I have found that most employees are very selective about which transactions and customers they take points from. They will typically wait for promotional transactions that earn more points than a regular transaction. They will also pay attention to if the customer has a loyalty card and if they are at all aware of the program. The thing to look for here is the same loyalty card being swiped by the same cashier on multiple days. The biggest offenders I have found with these programs were franchise store owners who racked up balances in the thousands of dollars. Any retailer with a loyalty program has massive fraud that needs to be addressed. Many of the stores are rated on how many people they sign up for the program. Although it doesn't cause any loss to the store, I have seen multiple locations signing up hundreds of fake accounts in order to make their numbers.
For retailers that have these types of programs, they are a gold mine for linking disparate fraud transactions together using a fraud detection application. The loyalty program ended up being the single greatest tool in my arsenal for locating and closing fraud cases of every type.
For retailers that have these types of programs, they are a gold mine for linking disparate fraud transactions together using a fraud detection application. The loyalty program ended up being the single greatest tool in my arsenal for locating and closing fraud cases of every type.
REFUNDS TO PERSONAL CREDIT CARDS
When I tell people that this type of fraud happens they are shocked that it is a possibility. Here is the scam, a dishonest employee scans previous days sales transactions and finds a sale for a high ticket item. They process a refund for the merchandise back onto one of their personal credit cards or debit cards. It's a quick way to steal $1,500 or more in a single transaction. On camera, it is not apparent that they are doing anything fraudulent and it typically takes under a minute from start to finish. I have even seen dishonest employees bring customer paperwork to the register to make the transaction look more legitimate.
If unresolved or undetected, these cases quickly balloon to thousands of dollars. One of the main reasons for the quick escalation is that it is very easy for the employee to commit this fraud. Also, because there is no money being taken from the register till it is easy for employees to rationalize the theft.
The most widely used method to detect this type of fraud is to add up all of the refunds and all of the sales on all of the credit cards throughout a company and look for cards which have a "negative balance". This is a terrible and inefficient way to find this type of fraud. The main problem with this method is that a date range must be used to run the report. If the cut off is 90 days, any purchases prior to 90 days will not match to refunds. This causes legitimate refunds older than the 90 day window to flag as potentially fraudulent.
One of the better methods is to link the credit card back to the refunding employee in various ways. Once a card has been flagged as potential fraud, the bank must be contacted to verify the cardholder info.
GIFT CARD POWER DOWN
If you have never heard of this type of fraud, it is likely that your company is losing tens or hundreds of thousands of dollars because of it. This type of fraud occurs on a monthly basis for thousands of dollars in each case.
At a small franchise store in Idaho, an employee who also had a heroin addiction figured out that he could load a gift card with $500 (the maximum amount) and turn off the register off. The balance would stay on the card for three days. After three days it would disappear from the card. The employee managed to process $40,000 in fraudulent transactions in 45 days. Trading the $500 gift cards for $100 worth of heroin. During the interview, he admitted that he was an addict and made a deal with the store owner to pay him back over time rather than going to jail.
Why does this glitch happen? In order to add money to a gift card at some retailers, there is a 3 way handshake. The first part of the handshake is the register communicating with the gift card processor and telling it that it wants to put money on the gift card. The second part is that the processor tells the register that the money is on the card and it waits for the register to confirm the payment for the transaction. The third part is that the processor waits for a signal that the transaction is completed. If the processor does not receive the signal it waits for 72 hours before it closes the transaction. I don't know why the process works in this terrible way, but it does.
How can you see if you are at risk? Test the steps above and see if the gift card has a balance. Building an algorithm to detect this type of fraud is tricky, but it is possible.
GIFT CARD PRE-TENDER
Like the scenario above, the following method of fraud is the result of the inefficiency in how gift cards are activated. I have seen this fraud method used by store employees and by organized retail crime rings.
At one location in the central United States, employees were told that the store was closing in a few months. They decided to defraud the company using a gift card glitch one of them found out about earlier in the year. The employee would load up multiple gift cards for $500 a piece at a register in the footwear department. The employee would leave the transaction open and walk over to the electronics department with the gift cards and purchase multiple video game systems. The employee would then walk back over to the footwear department and void the original transaction.
The fraud ended up amounting to $8,000 before the employees were stopped.
The thing I never understood with this type of fraud is why this method was any better than the employee stealing the merchandise from the back room and printing up a false receipt? I guess that the employee was able to rationalize the theft easier with a receipt.
Like a gift card power down, this type of fraud can only be detected by building a detection algorithm against the transaction database.
When I tell people that this type of fraud happens they are shocked that it is a possibility. Here is the scam, a dishonest employee scans previous days sales transactions and finds a sale for a high ticket item. They process a refund for the merchandise back onto one of their personal credit cards or debit cards. It's a quick way to steal $1,500 or more in a single transaction. On camera, it is not apparent that they are doing anything fraudulent and it typically takes under a minute from start to finish. I have even seen dishonest employees bring customer paperwork to the register to make the transaction look more legitimate.
If unresolved or undetected, these cases quickly balloon to thousands of dollars. One of the main reasons for the quick escalation is that it is very easy for the employee to commit this fraud. Also, because there is no money being taken from the register till it is easy for employees to rationalize the theft.
The most widely used method to detect this type of fraud is to add up all of the refunds and all of the sales on all of the credit cards throughout a company and look for cards which have a "negative balance". This is a terrible and inefficient way to find this type of fraud. The main problem with this method is that a date range must be used to run the report. If the cut off is 90 days, any purchases prior to 90 days will not match to refunds. This causes legitimate refunds older than the 90 day window to flag as potentially fraudulent.
One of the better methods is to link the credit card back to the refunding employee in various ways. Once a card has been flagged as potential fraud, the bank must be contacted to verify the cardholder info.
GIFT CARD POWER DOWNIf you have never heard of this type of fraud, it is likely that your company is losing tens or hundreds of thousands of dollars because of it. This type of fraud occurs on a monthly basis for thousands of dollars in each case.
At a small franchise store in Idaho, an employee who also had a heroin addiction figured out that he could load a gift card with $500 (the maximum amount) and turn off the register off. The balance would stay on the card for three days. After three days it would disappear from the card. The employee managed to process $40,000 in fraudulent transactions in 45 days. Trading the $500 gift cards for $100 worth of heroin. During the interview, he admitted that he was an addict and made a deal with the store owner to pay him back over time rather than going to jail.
Why does this glitch happen? In order to add money to a gift card at some retailers, there is a 3 way handshake. The first part of the handshake is the register communicating with the gift card processor and telling it that it wants to put money on the gift card. The second part is that the processor tells the register that the money is on the card and it waits for the register to confirm the payment for the transaction. The third part is that the processor waits for a signal that the transaction is completed. If the processor does not receive the signal it waits for 72 hours before it closes the transaction. I don't know why the process works in this terrible way, but it does.
How can you see if you are at risk? Test the steps above and see if the gift card has a balance. Building an algorithm to detect this type of fraud is tricky, but it is possible.
GIFT CARD PRE-TENDER
Like the scenario above, the following method of fraud is the result of the inefficiency in how gift cards are activated. I have seen this fraud method used by store employees and by organized retail crime rings.
At one location in the central United States, employees were told that the store was closing in a few months. They decided to defraud the company using a gift card glitch one of them found out about earlier in the year. The employee would load up multiple gift cards for $500 a piece at a register in the footwear department. The employee would leave the transaction open and walk over to the electronics department with the gift cards and purchase multiple video game systems. The employee would then walk back over to the footwear department and void the original transaction.
The fraud ended up amounting to $8,000 before the employees were stopped.
The thing I never understood with this type of fraud is why this method was any better than the employee stealing the merchandise from the back room and printing up a false receipt? I guess that the employee was able to rationalize the theft easier with a receipt.
Like a gift card power down, this type of fraud can only be detected by building a detection algorithm against the transaction database.
MERCHANDISE PASS-OFF
At a store on the east coast a customer would walk to the electronics counter twice a week, purchase a television and a soda, and walk out of the store. It was the sixth time this month they purchased the same items at the same cashier. If someone had looked at the receipt more closely, they would have noticed that only the soda had been purchased and the $1,200 television had been voided from the receipt. The total at the bottom of the receipt was $1.18. The case value ended up being $20,000 after two months. When I caught onto the fraud pattern, I almost jumped out of my chair because of how blatant it was.
This type of fraud is one of the most common and most costly types of theft. I have seen case after case where employees gave away hundreds of dollars of merchandise in a single transaction. Watching video of these types of thefts was mind boggling. Shopping carts full of merchandise being bagged by a cashier and walking out the door. Typically 20% of the merchandise is paid for and the rest is given away for free. This type of theft is detectable using register data.
One of the things it took me too long to learn is that this type of theft is recurring. Usually when I found one transaction there were a few more that the cashier had also processed.
At a store on the east coast a customer would walk to the electronics counter twice a week, purchase a television and a soda, and walk out of the store. It was the sixth time this month they purchased the same items at the same cashier. If someone had looked at the receipt more closely, they would have noticed that only the soda had been purchased and the $1,200 television had been voided from the receipt. The total at the bottom of the receipt was $1.18. The case value ended up being $20,000 after two months. When I caught onto the fraud pattern, I almost jumped out of my chair because of how blatant it was.
This type of fraud is one of the most common and most costly types of theft. I have seen case after case where employees gave away hundreds of dollars of merchandise in a single transaction. Watching video of these types of thefts was mind boggling. Shopping carts full of merchandise being bagged by a cashier and walking out the door. Typically 20% of the merchandise is paid for and the rest is given away for free. This type of theft is detectable using register data.
One of the things it took me too long to learn is that this type of theft is recurring. Usually when I found one transaction there were a few more that the cashier had also processed.
FRAUDULENT REFUNDS LAUNDERED TO GIFT CARDS
At a franchise owned store on the west coast, employees would refund refrigerators, generators, washers, dryers, etc with a velocity and fervor that I had not seen before. The refunds were always for cash and there was not enough cash available in the register to give back to a customer. A few transactions later, an equivalent amount of gift cards was purchased offsetting the overage in the register drawer. Customers were contacted and all of them verified that they still had the product. The fraudulent gift cards were used at company owned locations by the employees processing the refunds. The location also showed signs of cash refund fraud, loyalty fraud, and credit refund fraud.
Backtracking the fraud, it added up to $136,000 over the last 12 months. An inventory conducted by an outside vendor a few months prior had also shown massive inventory shortages. The store owner was contacted about the fraud and told what the employees were doing. A few days later when a company representative came to review CCTV and reclaim ownership of the location, the store owner removed the video equipment from the location. Store owners were liable for any theft from their locations and were required to carry insurance for fraud. Many thought that the removal of the equipment was an attempt by the store owner to avoid paying up for the fraud.
A few months later, it turned out that the insurance company had filed a criminal complaint against the employees committing the fraud. A detective had talked to the employees about the acts they had committed. The employees had an interesting story to share. The store owner was not paying the employees and would tell the employees to process refunds in order to "pay themselves". All of the employees had the same story.
KNOW YOUR DATA
Many of the fraud types listed above occur at every retailer across the country on a daily basis. The methods listed above are a small sample of the hundreds of fraud methods for embezzlement. If your organization does not have methods in place to detect these types of fraud, millions of dollars are being lost per year. The best way to locate theft patterns like these is to build reporting against the transaction database. Having thousands of fraud reporting algorithms process and export to interactive dashboards is by far the best method at determining where the big problems are.
Michael London builds interactive reporting systems for the kind hearted fundraisers at the Cleveland Clinic. These systems help fundraisers find people willing to support patient care and research. Prior to working at the Cleveland Clinic, Michael was a corporate fraud investigator for multiple companies and many different types of retailers. He occasionally writes posts on fraudviz.blogspot.com, a blog dedicated to finding visual methods of locating fraud. He tweets under the twitter handle @FraudViz .
At a franchise owned store on the west coast, employees would refund refrigerators, generators, washers, dryers, etc with a velocity and fervor that I had not seen before. The refunds were always for cash and there was not enough cash available in the register to give back to a customer. A few transactions later, an equivalent amount of gift cards was purchased offsetting the overage in the register drawer. Customers were contacted and all of them verified that they still had the product. The fraudulent gift cards were used at company owned locations by the employees processing the refunds. The location also showed signs of cash refund fraud, loyalty fraud, and credit refund fraud.
Backtracking the fraud, it added up to $136,000 over the last 12 months. An inventory conducted by an outside vendor a few months prior had also shown massive inventory shortages. The store owner was contacted about the fraud and told what the employees were doing. A few days later when a company representative came to review CCTV and reclaim ownership of the location, the store owner removed the video equipment from the location. Store owners were liable for any theft from their locations and were required to carry insurance for fraud. Many thought that the removal of the equipment was an attempt by the store owner to avoid paying up for the fraud.
A few months later, it turned out that the insurance company had filed a criminal complaint against the employees committing the fraud. A detective had talked to the employees about the acts they had committed. The employees had an interesting story to share. The store owner was not paying the employees and would tell the employees to process refunds in order to "pay themselves". All of the employees had the same story.
KNOW YOUR DATA
Many of the fraud types listed above occur at every retailer across the country on a daily basis. The methods listed above are a small sample of the hundreds of fraud methods for embezzlement. If your organization does not have methods in place to detect these types of fraud, millions of dollars are being lost per year. The best way to locate theft patterns like these is to build reporting against the transaction database. Having thousands of fraud reporting algorithms process and export to interactive dashboards is by far the best method at determining where the big problems are.
My system to detect all of these types of fraud methods
Michael London builds interactive reporting systems for the kind hearted fundraisers at the Cleveland Clinic. These systems help fundraisers find people willing to support patient care and research. Prior to working at the Cleveland Clinic, Michael was a corporate fraud investigator for multiple companies and many different types of retailers. He occasionally writes posts on fraudviz.blogspot.com, a blog dedicated to finding visual methods of locating fraud. He tweets under the twitter handle @FraudViz .
