Skip navigation

STEAL AWAY

While computers have transformed and benefited business operations, including food retailing, supermarkets are just now waking up to the risks involved, including computer-related crime.Take the case of King Soopers in Denver. Between 1993 and 1995, three employees skimmed cash and scanned products to the tune of $1.2 million to $2 million. Using their knowledge of the store's computer system, they

While computers have transformed and benefited business operations, including food retailing, supermarkets are just now waking up to the risks involved, including computer-related crime.

Take the case of King Soopers in Denver. Between 1993 and 1995, three employees skimmed cash and scanned products to the tune of $1.2 million to $2 million. Using their knowledge of the store's computer system, they routed records to a dummy account that was then erased.

"Computer security is a moving target," said David Thompson, vice president, chief information officer, Bashas' Markets, Chandler, Ariz.

"Developing ways to shield and protect is never ending. There is no immediate solution and elimination is an unreasonable expectation," he added.

However, supermarkets have taken measures to protect their business by bolstering auditing procedures, training associates to be on the lookout for this type of fraud and adopting policies to protect against computer crimes.

Key issues IT executives are forced to deal with include protecting human resource information, financial records, customer information, pricing strategies and new products. This type of information can either be destroyed or stolen from inside or outside the company.

"It is relatively easy to commit intentional or unintentional computer fraud," said Sun Ming Lieu, chief technology officer, ShopEaze, Santa Clara, Calif. "Checks and balances have to be in place for retailers to protect themselves against it. It is easy to cover one's tracks with computer technology."

Some retailers are hiring outside specialists to help them identify where potential risks lurk in the system. External auditors and "hack-experienced" individuals who specialize in testing a retailer's security infrastructure have been put to work at the headquarters.

Payroll, general ledger and pharmacy systems are usually the primary targets in a retailer's sights and the first mission for these security specialists.

Officials at Wegmans Food Markets, Rochester, N.Y., hired an outside auditing firm to break into their own network. The evaluation and audit led the retailer to invest more in computer security. Wegmans added three employees to monitor information security. Reportedly the chain was able to plug a lot of holes.

"It was well worth the steps taken to have somebody from the outside come in and take a look," said a company insider. "The loss of trust is the worst thing that can happen."

Similarly, Kroger, Cincinnati, added a security officer to concentrate on technology issues, according to a source at the chain.

H.E. Butt Grocery Co., San Antonio, hired an outside auditing firm that found that there were just as many threats from the inside than from external sources.

"Network security is being heightened for these are new issues for many retailers," said Thomas Murphy, president, Peak Tech Consulting, Colorado Springs, Colo., "especially when implementation of wide area and wireless networks come into use."

While supermarket executives admit that absolute security is an unrealistic goal, they are discovering that even an ounce of prevention, when it comes to security measures, can save costly losses of data and confidence.

Retailers are eyeing security systems looking for a balance between the cost of implementing the protective mechanisms and reducing the risk. "Like with all audits, we evaluate if the control is more costly than the risks involved," Thompson said.

IT officials are finding that computer security requires good management practices, common sense and detailed periodic review as they strive to safeguard cash and information.

"We are trying to have the discipline to be more organized," Thompson said. "We are always looking for ways to improve at a price that will not kill us or make it hard for us to do business."

One retailer said that what has been experienced so far may only be the tip of the iceberg. Moreover, some retailers feel that much of the computer crime committed may have also gone undetected.

Computer-related crimes are difficult to detect because of a lack of a paper trail, officials said.

"A number of checks and balances as well as security software can be used to flag unusual circumstances that need investigation," Murphy said. "As offenders learn to sidestep software packages, new ones come along to fill the gap."

"The bulk of our concern is within the organization with inadvertent behavior," Thompson said. "Eighty percent of all hazards are within organizations."

At Bashas' Markets, employees are used as a line of defense. Workers are trained to recognize computer system invasions and to detect inadvertent misuses. This retailer stresses the importance of the risks of security breaches.

Wegmans has added a security awareness program for associates. Combining the efforts of legal and consumer affairs is one step that has been taken there and requiring passwords on protected screensavers is one step that has been instituted.

Even casual Internet use for non-business purposes is being evaluated at major operators around the country. While some chains simply do not allow non-business uses, others do, but screen out objectionable sites.

Other retailers are exploring schemes to protect their information. One has constructed a system so that no one person has total access to all areas. Instead, it takes several people to log on to certain restricted areas.