Security Resources

Archive for the Anchor Posts Category

Theft and Security Statistics Links – Anchor Post

This post will be updated periodically with statistics, links, and other information related to shoplifting, theft/fraud, and the security industry in general.


Shoplifting & Loss Prevention Studies & Stats

12-07-2012: Centre for Retail Research “Shoplifting for Christmas 2012”   Shoplifting+for+Christmas+2012+Study+US

12-06-2012: Norcross Patch article quoting CRR report and stats from the National Association for Shoplifting Prevention

12-04-2012: NRF article quoting estimates that return fraud will cost U.S. retailers $2.9B this holiday season. The estimates were derived from survey responses – the details of which are available here.


Security Industry Stats

12-07-2012: Freedonia Security Industry Growth Report. “US demand for private contracted security services is projected to increase 5.2 percent annually to $63.8 billion in 2016. The market will be supported by a high perceived risk of crime (from conventional violent and property crimes to white collar crimes and terrorism) and a concern that public safety officials are overburdened. The outsourcing of security activities to contracted firms, instead of relying on in-house security, will support demand. The privatization of some public safety operations, such as guarding government facilities and correctional facilities management, will also boost gains.

Security services that capitalize on continuing technological developments hold especially good prospects. For instance, both security consulting and systems integration revenues will see above-average growth. Security consultants and systems integrators are able to manage a wide variety of services when creating, upgrading or implementing security plans and when installing or upgrading complex electronic security devices. In addition, the trend toward more sophisticated and automated security electronics that are increasingly integrated with other building operations will boost growth for these services. ”

12-02-2012: Yahoo article on IBIS’s security alarm services growth report. Also, here is a direct link to the IBIS site.


General Crime and Other Stats

LTE Wireless Jamming – Anchor Post

This post will be updated periodically with information related to 4G / LTE vulnerabilities and strengths.



A post on ExtremeTech analyzed a claim published by MIT Technology Review that LTE networks can be shut down using a “simple jamming trick” utilizing a cheap software-defined radio. Their assessment was that it would be far more difficult than implied by the authors – both in terms of practicality (large transmit power requirements) and scope (attacks would affect close range devices only – not a whole geographic area).

Nevertheless – and unsurprisingly – it appears that LTE devices may be vulnerable to specific methods of jamming, just like other common wireless systems. As always, where wireless is used for security communication, multiple paths are a necessity.

Further reading:  MIT Technology Review Publication  and  Virginia Tech Response to NTIA RFC


Stickers vs. Skimmers: Can’t We Do Better?

There is no doubt that securing the global infrastructure against card skimming is a critical task. Despite the cost and complexity of upgrading our technology, the U.S. has reached a point where we can no longer sit idly by while the frequency and sophistication of credit card thefts grows. This problem has always come down to cost. The sheer number of card reading devices in use today has made it economically unjustifiable to switch technologies, given the losses incurred by credit card issuers. It is estimated that bank losses from compromised cards is $2.4 Billion (not including losses borne by merchants themselves, which could be tens of billions), while replacing all payment cards, terminals, and ATM/gas pump readers would top $5.8 Billion.

The reluctance to switch to “EMV” or “Chip and PIN” cards, as many countries in Europe and elsewhere have done, seems shortsighted, but certainly not surprising where such large expenditures are involved. The trends in crime and loss, however, paint a much more serious picture – and will become the driving force to bring the U.S. closer to where we need to be. As one would expect, as countries around the world transitioned to more secure payment systems, crime shifted to the ones that did not – primarily the U.S. – and figures reported by some banks show that fraud has quintupled here in the past five years.

Compounding the problem is the availability of custom electronic devices, known as skimmers, that make reading cards are retrieving PINs easier than ever. Brian Krebs has a great collection of posts and photos of such equipment here (look for “All About Skimmers” in his Categories section). Skimmers can be designed to blend into the exterior of ATMs, mounted inside gas pumps, and attached to retail credit card terminals, making detection very difficult. The security industry has helped raise awareness, but realistically, there is little that can be done to protect the current technology. Applying tamper-evident tape to gas pump access panels, as the Association for Convenience and Fuel Retailing suggests, barely qualifies as a countermeasure, and Barnes & Noble’s PIN pads were compromised, despite being located in a busy public space (to be fair, it is unclear whether the B&N terminals were modified in-place or prior to installation). Even with a vigilant public and reliable tamper detection for these devices (neither of which exist today), the inherent insecurity of today’s magnetic stripe credit cards demands change. Consider the proliferation of low cost, high resolution cameras – some of which are already finding their way into skimmers. With cameras mounted on either side of a card reader, the potential exists to capture the card number, PIN, and verification code of a card without direct tampering of any kind – and at greater and greater distances.

The good news, as reported early in 2012, is that a program to support smart-card technology upgrades is in the works. The costs will likely be paid by both the merchants and card issuers through direct investment, and changes to the rules regarding security (PCI-DSS), auditing, and liability for fraud. More information can be found here. It is sure to be a long process, however, despite the fact that some retailers are already installing upgraded card readers.

Meanwhile, a press release this week from MasterCard makes it clear that card security will continue to advance. They announced a partnership with Standard Chartered Bank Singapore to roll out cards with an embedded keypad and one-time password generator (picture above). Don’t expect to find one of these in your (U.S.) mailbox anytime soon…

— UPDATE 12-11-2012 —

I decided to make this an anchor post, and will update it periodically with stories and information about skimmers and countermeasures.

12-07-2012 Article from NBC in Southern California about the widespread use of skimmers, including pictures of newer devices with Bluetooth capabilities. Here is one of the images:


8-13-2013 Well, we’re finally seeing some better options being deployed. Here is an article detailing a few of them.

Security and Theft Videos