The home improvement chain also said the malware responsible for the breach has been removed from all stores.
(Page 2 of 2)
Retailers gain access to the database using an ID, a password, and a digital secure ID key. The key generates a random number based on an algorithm that the host and the key know. The number changes every 60 seconds. "We want to make sure whoever is logging in is who they say they are," says Richard Varn, NRF technology policy adviser.
In addition, only users designated by the retailers will be able to gain access to the system.
Who, what, where, how
The database is set up so that retailers can enter a wide range of information about a retail theft incident, including where it occurred, what occurred and what was taken, LaRocca says. The report would include details such as the brand name, the type of product, the universal price code number, and the serial number. "That`s important to the police for recovery," he says.
That`s because police often come across property they suspect is stolen but don`t have proof to support their suspicions. A serial number pulled from the network database would give them enough evidence to make an arrest, LaRocca says.
The retailer also could enter information about the person responsible for a theft: Was it just one person or a group who robbed the store? Did they use guns and if so, what type of guns? Did they hurt anyone or take an employee or customer hostage? In the case of a burglary, how did they get in?
In the case of online fraud, a retailer could post a crook`s screen name, eBay screen name or alias.
Retailers are given the option of deciding how much information they want to post and can designate with whom they want to share the data, LaRocca says. For example, they could limit access to specific information on the incident to people within their company, retail category, or law enforcement, he says. However, the aggregated statistics would be available to the master system.
"For instance, we could know that a robbery or burglary occurred, so we could track the number of incidents," he says. "But we wouldn`t know the specific details of the incident if the company chose to keep it private."
In addition, more than 90% of the cases that will be entered into RLPIN already will have been reported to law enforcement, LaRocca says.
The network also provides for a less structured sharing of information among retailers, for example, an exchange of ideas about theft- prevention methods. "It allows for discussion boards, interaction of various kinds, news items, things that are not cases but might be trends," Varn says.
The network is also not dependent just on retailers inputting information. "It`s an actual investigative tool that allows you to go out and try to probe and find information," Varn says. "It scans and collects information."
For example, it gathers information from electronic resources, such as magazines and newspapers, and has the ability to pull information from the web in general, using technology similar to that Google uses to capture data from web sites. "It will look for things that are relevant to the incidents in the system-- e-mail addresses, particular items that are on sale at an auction site, or particular addresses," LaRocca says.
Eventually, the system will be able to delve into public records and police reports.
Retailers can query the system in several different ways. For example, they can ask for all the robberies that occurred in Los Angeles or ask to see all the robberies in all retail categories. They can also use a series of queries to drill down to a specific incident, LaRocca says.
The network also allows users to ask for e-mail alerts on certain queries. For example, a jewelry retailer might ask to be notified any time there is a jewelry store robbery in which a person used a gun, LaRocca says. The network would send a message with a summary of the incident and the retailer could then access the system via the web and look at the full incident detail.
While there are vendor systems that can collect and share information, the NRF`s goal was to offer retailers a standardized system. "We want to connect to different vendors out there--to vendor A`s system and vendor B`s system and vendor C`s system," LaRocca says. "We don`t want a retailer that uses vendor A not to use our system because we had it run or built by vendor B. That was very important to us."
More palatable sharing
In addition, the network attacks organized retail theft from a different angle than vendors` products do, Chan says. For example, Triversity`s FraudWatch product analyzes point-of-sale transactions looking for patterns that indicate potential loss or fraud, he says. It does not give details on specific incidents.
The NRF`s network also offers a more neutral environment for sharing information among competing retailers, Chan says. "If Target is getting clobbered by an organized gang of shoplifters and they give that information to the NRF, it`s a little more palatable than for them to pick up a phone and call their buddy down at Kmart," he says.