October 23, 2019
What Lunch with 2 Criminals Taught Me About Security
Read Time / 6 min.
There’s no better way to design a security solution than to think like a criminal.
Nearly a decade ago, I had the opportunity to sit down with two criminals-turned-security consultants who told me what they looked for, how they acted and how they achieved long-term success in their criminal careers.
They bragged about their ability to steal from employers and break into businesses after hours. For nearly 20 years, these two men used different tactics to steal – and they shared with me vulnerabilities they looked for in businesses and how they were able to get away with it for so long.
Although they were finally caught, they were responsible for thousands of dollars in business losses across the organizations they targeted.
Here are three secrets they shared with me, along with the security tips I learned.
1. How they stole more than $35,000 without raising any eyebrows.
When stealing from their own employer, one of their secrets to success was to make a great first impression and build a false sense of trust.
The criminals would falsify their resumes, so it would be impossible for employers to reject their applications. Once hired and trained, they were typically left to work autonomously, since they were seen as trustworthy and able to perform their job duties.
In an example they shared, one man was hired as a bartender and the other was hired to work in the kitchen. The bartender had memorized the prices of all the standard drinks, so he knew the cost of one, two or more of those drinks ordered together. He was then able to quickly tell his patron the cost.
He would put the money into the register but never ring up the items. Instead, he would place a penny on the counter for every $10 that was put into the register but not entered into the system.
He explained that he used pennies because patrons didn’t always have change, so it looked like the pennies were part of an innocent “take a penny, leave a penny” collection.
At the end of the night, he counted the pennies and was able to take the money from the register and put it into his pocket as he closed out. If he had 15 pennies, he was able to take $150 from the register. In a matter of weeks, he was able to steal more than $10,000 from the business.
Meanwhile, the man in the kitchen ran his own scam. On his first day, he identified the locations of the walk-in freezer, back door and dumpster, as well as where the alcohol was stored. Multiple times throughout the day, he would take what looked like trash in boxes or bags out to the dumpster, which happened to be in a back alley, out of sight of most people.
He would fill these boxes and trash bags with bottles of alcohol, cases of steaks and lobster as well as other expensive items at the restaurant and, instead of putting them in the dumpster, he would put them behind the dumpster.
He would then contact an accomplice to pick them up and resell the items. Over a short time period, he said sales from these items generated almost $25,000.
2. How they tricked a security system that wasn’t fully integrated.
Next, one of the criminals told me about a warehouse where he worked. The warehouse contained expensive electronics, but its security system wasn’t nearly as robust as it should have been – and it wasn’t integrated with other solutions that would have provided broader visibility into the security of the facility.
The warehouse only had door contacts, which the criminal learned how to trick. He would go to the back door, attach a thin magnet to a door contact so the system thought the door was still closed, then prop open the door.
After hours, he and his accomplices would come back and take large quantities of electronics to sell through various channels. It wasn’t until months later that management realized there was an inventory shortage.
He resigned from that job, but not before taking over $50,000 worth of goods.
3. How they stole identities with the press of a button.
Finally, one of the criminals was able to get a job at a medical office filing paperwork. He targeted this job because it allowed him full access to every file, and he knew that the files contained enough information that he could use them to apply for credit cards and loans online.
As part of his job duties, he was required to make copies of the documents, so, with the press of a button, he would make an extra copy of patient information sheets, which contained Social Security numbers, birth dates, addresses and other personally identifiable information.
He would then do one of two things:
- If he was approved online, he would place orders for various items and send them to different P.O. boxes that he opened under fake names. Then, he would sell that merchandise for profit.
- When the credit cards arrived at the P.O. boxes, he would sell the cards, themselves, on the black market.
He purposefully only kept this job for a month, but in that time period, he amassed over $100,000 in “sales” from the products and cards.
Security Tips I Learned from 2 Criminals
One lunch nearly a decade ago has helped me design security systems that better protect customers from criminals like these. Below are just a few of the many tips I now share with my customers:
- Always perform background checks on job applicants – for any position.
- Install video surveillance systems by cash registers (and regularly review the footage).
- Ensure you have visibility into vulnerable entries and exits to your business.
- Integrate the proper security solutions – such as access control, intrusion detection and video surveillance – to protect your people, property and assets.
All of their stories gave me invaluable insight into designing integrated security systems with criminal activity in mind. That lunch was also a catalyst for obtaining my degree in criminal justice – with a focus on psychology of a criminal.
My degree, combined with that lunch so many years ago, has helped me educate customers on vulnerabilities to look for, security system features to seek and what to keep in mind while working with a security integrator.