RE: Bar code "discounts"

[Blanchard_Michael () emc com]

 so what's to stop "pranksters" from printing up a whole bunch of UPC labels and simply putting them on random items in 
those stores?  But not actually buying anything with those phoney stickers on them?  what a mess that would be for 
those big evil chains to have to clean up...... They'd have to go through each and every item in the store and check 
the barcodes to make sure they're correct.
 
  Now, what would happen to the truely innocent person that just happens to pick up that $50 DVD, intending to pay the 
$50 price for it, and it scans in at $25.... by law the store has to honor the price it scans in at (at least Mass law, 
not sure about other states).  to make matters worse, there is this inceadibly STUPID law (?) that passed stating that 
stores like home depot, wal-mart, Target don't have to individually price each item as long as there is a price on the 
shelf (which there rarely is for the item that you want to buy)....  the ONLY thing these stores have to go on is the 
UPC now...  the pranksters could put the stores out of business or at least hurt them a bit.....
 
Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 

 

________________________________

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of rms () bsf-llc com
Sent: Wednesday, October 25, 2006 12:11 AM
To: funsec () linuxbox org
Subject: [funsec] Bar code "discounts"


http://online.wsj.com/article/SB116174264881702894.html?mod=technology_featured_stories_hs
 
As Shoplifters Use High-Tech Scams, Retail Losses Rise 
 

Bar-Code Scam

Over six months in 2004, Thomas Westwood, his wife, Jennifer, and mother-in-law, Kathleen Dodson, worked the bar-code 
scam at Target stores. Using a computer, they scanned bar codes from relatively inexpensive Target items and printed 
out copies. Then they returned to the store and pasted the fakes onto expensive Dyson vacuum cleaners, DVD players and 
phones. Cashiers dutifully rang up the wrong prices.

All told, the trio stole more than $100,000 of merchandise, law-enforcement officials say. After a cashier in one store 
noticed a mispriced item, Target investigators got involved and discovered a pattern of such mispricings. Using video 
clips, they identified suspects, and the police moved in. Earlier this year, the trio pleaded guilty in a Missouri 
federal court to conspiracy to commit fraud.

Last December, a Target security guard nabbed a Colorado college student after he purchased a $150 iPod that carried a 
bar code for $4.99 headphones, according to Mr. Brekke. The thief had fashioned the fake label with a $25 software 
program called Barcode Magic, which he'd downloaded from the Internet, Mr. Brekke says.

Bar-code swindlers are hard to catch, says Mr. Brekke, a former agent with the Federal Bureau of Investigation. If an 
alert cashier points out that a bar code is ringing up the wrong price, the thief can either pay the difference or just 
say he doesn't want the item any more and walk out. "The risk level is very low," he says.

Mr. Brekke has been trying to persuade manufacturers to print prices on boxes or come up with bar codes in assorted 
sizes, which would be trickier to substitute. In the meantime, Target's loss investigators have begun to monitor sales 
reports for unusual patterns, trends and anomalies.

In the summer of 2005, they noticed spikes in sales of Legos. Expensive sets were being sold for a pittance. They 
studied hundreds of hours of surveillance tape, then devised an electronic system to alert in-store antitheft workers 
when big batches of Legos were rung up.

That's what happened last Nov. 17 at a Target in Hillsboro, Ore., but the security guard got the message too late. Mr. 
Swanberg had already made his fraudulent purchase and left, according to Mr. Lesowski, the prosecutor. The guard warned 
co-workers at nearby stores.

Later that day, an employee at a Beaverton, Ore., Target spotted Mr. Swanberg loading his cart with about 10 $100 Star 
Wars Millennium Falcon Lego sets. He slapped a phony bar code for a $19 Lego set on the top box and headed for the 
youngest looking cashier he could find, the prosecutor says. The cashier scanned the top box and multiplied it by the 
number in the stack.

Several burly Target employees surrounded Mr. Swanberg's cart, which he shoved at them in an effort to get away. They 
tackled him and summoned the police. In his van was a detailed daily itinerary for Target, Wal-Mart and Toys "R" Us 
stores he planned to hit, the prosecutor says.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.