Loss Prevention

Retail loss prevention

Retail loss prevention is a set of practices employed by retail companies to preserve profit. Profit preservation is any business activity specifically designed to reduce preventable losses. A preventable loss is any business cost caused by deliberate or inadvertent human actions, colloquially known as "shrinkage". Deliberate human actions that cause loss to a retail company can be theft, fraud, vandalism, waste, abuse, or misconduct. Inadvertent human actions attributable to loss are poorly executed business processes, where employees fail to follow existing policies or procedures - or cases in which business policies and procedures are lacking. Loss prevention is mainly found within the retail sector but also can be found within other business environments.



Periodically retail business inventories all of the merchandise in the store. Items that are unaccounted for compared to what the inventory system believes the store should have are losses or "shrink". Shrink is caused by operational errors, internal theft, and external theft. Retail loss prevention is responsible for identifying these causes and following up with training, preventing, investigating, responding to and resolving them.

Operational errors

Operational errors are inadvertent human errors. Operational errors occur when associates do not follow existing business best practices and policies or a company lacks the proper best practices and policies to ensure work is performed with minimal human error. Operational errors also occur due to a lack of proper training for associates.

External theft

External theft is when customers intentionally cause shrink by theft, fraud, or vandalism. 80% of customers who steal merchandise are opportunists and do not walk into the store with the intent to steal. They find that one thing they did not expect to find, cannot afford to pay for it, and will steal it if they have the opportunity. Others are desperate who will steal essentials for their family, but only if they have the opportunity. A few steal because they like the adrenaline rush and will steal, regardless of how much money they have if they have the opportunity. The remainder are "boosters" who are thieves for a living, walk in with the full intent to steal and sell their goods for a profit, on their own, or to a "fence" that sells stolen merchandise.

Internal theft

Internal theft is when company employees intentionally cause shrink by theft, fraud, vandalism, waste, abuse, or misconduct. Because associates have access to the entire building and during non-business hours, they are capable of creating substantial losses to the company over a longer period of time. Internal theft is typically identified by reporting systems, first-hand visual/CCTV surveillance or tips from co-workers.

Electric article surveillance

The development of electronic article surveillance (a magnetic device attached to the merchandise that would trigger an alarm if removed from the store, also called EAS) led to an increase in arrests; however, many cases have been dismissed due to lack of observation of the crime.

CK Custom Security Consultants Policies

Armed and Unarmed Services

CK Custom Security Consultants has armed and unarmed personel that will be first on the seen within hours of the original incident as per agreement between CK Custom Security Consultants and the client. We pride ourselves on our ability to protect our clients to whatever degree that a client would need. We are bound by local, State, and Federal regulations in the performance of our duties. Our security personell all have been highly trained and certified in their prospective jobs.


All members of the CK Custom Security Consultants community are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transmitted, or otherwise used by the client. CK Custom Security Consultants reserves the right to restrict the use of Information Technology Resources in order to preserve data security or comply with law or policy.

In order to further secure data and improve regulatory compliance, CKCSC has implemented Data Loss Prevention (DLP). CKCSC uses DLP to identify confidential data on the client network and – in cases where intentional or unintentional use violates policy – block the creation, reception, storage or transmission of confidential data.


Certain information such as patient health information, personnel data, or financial records is confidential and must be treated with extreme care to avoid inappropriate disclosure with possible attendant fines or mandated notifications.


Security and privacy incidents must be

  1. reported
  2. identified
  3. declared
  4. responded to
  5. re-mediated
  6. resolved with adequate record-keeping

Detailed requirements for each of these steps are below.

  • Report
    • Immediately report any suspicious activity or other suspected incident to ITS Support and notify your supervisor
  • Identify
    • Information Security Officer or designee, or Privacy Officer, confirm, quantify, and categorize incident within 3 business days
  • Declare
    • High-scale severity incidents invoke SPIRT Core Team within 1 business day of confirming incident
    • Initial incident report is drafted
  • Respond
    • Attempt to contain incident as soon as possible
    • Assign roles, bring in additional resources, as necessary
    • Develop communication plan
  • Re-mediate
    • Re-mediate and complete full incident report
  • Close
    • Debrief with lessons-learned meeting within 10 business days
    • Finalize documentation
    • Complete regulatory reporting, as required (*HHS OCR notification within 60 days of discovery)

    There are many different types of incidents that can be reported to CKCSC. Examples of incidents include, but are not limited to, the following:

    • Client information misdirected or disclosed via mail, fax, verbal means
    • Client record documents are misplaced, stolen, lost
    • Client record documents are exposed (e.g., files left open on computer), improperly disposed of (e.g., not shredded) or stored (e.g., not locked or protected)
    • User accesses system or application with credentials other than his/her own
    • Unauthorized access to a system, application, or document
    • A device (e.g., laptop, smartphone, desktop, tablet, removable storage, smart watches, cameras, voice recorders, etc.) containing WCM data is lost, stolen, or otherwise unaccounted for
    • A rogue device is connected to the network which impacts or prevents others from working
    • System or individual is infected with malware or phishing (e.g., virus, ransomware)
    • Potential data loss due to a malware infection
    • Theft or shoplifting by consumer or employee, or cash drawer off over policy limits

    Containing the Incident

    • Once an incident has been reported and declared, the incident must be contained to prevent further harm. By means of example, the following containment steps should be taken:
      • For IT security-related incidents, such as an infected system on the Client network, any network cables should be disconnected immediately and the system should remain powered on to allow for further investigation.
      • For incidents involving employee protected health/personal information in paper form, immediate efforts should be made to retrieve any copies or gain assurances that all records are accounted for

    Closing an Incident

    Closing an incident indicates that the incident has been completely contained, remediated, and properly reported. In order to close an incident, all attributes in the incident report must be completed, as defined in Incident Report.

    CK Custom Security Consultants will conduct an after action report by the Management Action Team (MAT) and go over the incident report to verify it's authenticity and close the case. Copies can be obtained only by personnel with proper security clearance.