
Recent Posts
Stopping “Sweethearting” & Staff Theft at the Checkout: A Playbook for Retailers

Retail shrink isn’t just a back-of-house problem. At the checkout—manned lanes, SCO, scan-and-go-the risk of sweethearting (staff giving away items or discounts to friends/family) and other employee fraud quietly erodes earnings. With shop theft and overall shrink hitting record levels, ignoring internal loss at the till is no longer tenable.
This guide quantifies the risk, then lays out how AI video analytics, connected EPOS, and modern cameras can cut losses without wrecking the customer experience—or breaching UK data law.
The scale of the problem: external theft is up, but internal loss is a massive slice
-
The British Retail Consortium (BRC) reports losses from customer theft reached £2.2bn in 2023/24, despite retailers spending £1.8bn on prevention—retail crime is at a modern high.
-
Police-recorded shoplifting in England & Wales rose 20% to ~530,000 offences in the year to March 2025 (and is widely under-reported), reflecting the broader crime climate in which internal abuse thrives.
-
Inside your own perimeter, the numbers are uncomfortable: around 40% of retail theft is committed by employees, with distribution-centre theft growing fast and store-level behaviours—including sweethearting and false refunds—remaining persistent.
-
Self-checkout magnifies risk: UK research cited by Deloitte estimates 20–25% of store loss flows through self-scan and checkout, rising towards ~40% for mobile scan-and-pay. That includes intentional non-scans and unintentional mis-scans—plus collusion.
- Cost of living pressures make employee theft more likely.
Bottom line: if you’re not actively measuring and mitigating employee-enabled loss at checkout, you’re leaving profit on the belt.
How sweethearting happens (and why legacy controls miss it)
"Sweethearting" covers a family of behaviours: skipping scans, scanning cheaper PLUs, unauthorised discounts, voids after payment, “no-sale” opens, false refunds, and manager overrides used outside policy. Traditional CCTV helps after the fact; basic exception reports throw up too many false positives and rarely link to the exact video moment. Result: low detection, low deterrence.
What good looks like: a modern, connected loss-prevention stack
1) Connect CCTV to your EPOS terminals to monitor scans vs billings
Why it works: Marrying till events (voids, no-sales, price overrides, refunds, basket total anomalies) to the exact video snippet turns investigations from needle-hunt to near-real-time triage. Analysts review only the moments that matter, and store managers can coach with evidence.
What to implement
-
POS-linked camera overlays at every lane/SCO with time-synced transaction text.
-
Event-driven clip generation for risky behaviours (e.g., >X% post-total voids per shift).
-
Role-aware audit trails (who approved which override, when, and where).
entrustIT's Cloud CCTV integrates with several popular EPOS vendors, such as Square and Lightspeed - uniting video data and EPOS data.
C-suite outcome: Faster case cycle time, higher case quality, fewer “grey area” HR escalations.
2) Apply computer vision at the point of scan
Why it works: Visual AI compares what the camera sees to what the EPOS records—detecting misscans, non-scans, label switching and “cover-the-barcode” tricks. It flags in session, so colleagues can intervene politely but immediately.
What to implement
-
Item recognition at scanner throat/SCO camera to detect barcode bypass.
-
Weight/vision fusion for produce, bakery, and high-risk categories.
-
On-screen nudges (“We think that’s premium steak, not mince—please rescan”), which correct honest mistakes and disrupt collusion without confrontation.
Evidence: Deloitte notes visual-AI models at checkout can prevent material lost sales; for a large national grocer, the estimate is in the £tens of millions annually when deployed at scale.
3) Use anomaly detection on transactions and staff patterns
Why it works: People game thresholds. AI/ML on EPOS data surfaces patterned behaviours that rules miss:
-
High frequency of post-total voids; unusually long open-drawer times; no-sale spikes.
-
Manager override clustering relative to peers/time of day.
-
Basket mix anomalies (e.g., repeated “free” multi-buy outcomes with a specific cashier).
What to implement:
-
Daily exception scorecards per colleague/site, ranked by risk decile.
-
“Trust but verify” workflows: prompt coaching first, then targeted observation.
-
Link to HR (tenure, training gaps) to distinguish malice from skill gaps.
4) Protect SCO without punishing honest shoppers
Self-checkout is here to stay; design it to increase participation and accuracy, not friction. Blend SCO attendants, clearer UX, and AI gatekeeping that only escalates when needed. Research programmes (ECR Retail Loss and partners) show UX and design choices materially influence scan accuracy and loss.
5) Close the refund and gift-card loopholes
-
Lock down refund to original tender and require role-based dual control for open-value gift cards.
-
Trigger video-anchored alerts for refunds without a customer present, excessive receipt lookups, and high-value refunds near shift-end.
6) Focus body-worn and fixed cameras where risk concentrates
-
Front-of-store: belt, bagging area, and cash drawer views tied to EPOS.
-
SCO corral: overhead and angle cameras for non-scan tells (hovering, concealment).
-
Back-of-house: returns desk, safe, and high-value cages—with strict access controls.
This is where much of that £1.8bn prevention spend actually pays back—if it’s connected and measurable.
entrustIT's cloud CCTV
integrates with connected bodycams to upload footage seamlessly into a centralised cloud storage location.
Governance and UK compliance: do it right, or don’t do it
Monitoring staff and customers with cameras and AI is lawful in the UK when done proportionately, transparently, and with a lawful basis. Build compliance in from day one.
Your checklist (according to the ICO):
-
Lawful basis & DPIA: Document why monitoring is necessary and why less intrusive options won’t do. Keep Data Protection Impact Assessments current.
-
Transparency: Clear signage and staff notices; training that explains what’s monitored and how data is used.
-
Data minimisation & retention: Keep only what’s needed, for as long as needed. Article 10 rules apply if you process criminal-offence data.
-
No “naming and shaming”: Avoid publicly sharing images of suspected offenders; work with police and follow ICO guidance.
-
Register and pay the ICO fee if you use CCTV (most retailers must).
Implementation roadmap (90 days to traction)
Weeks 1–2: Baseline & risk map
-
Pull 12 months of EPOS data; rank sites by till-exception intensity and SCO shrink.
-
Run a privacy impact workshop with Legal/HR and draft DPIA.
Weeks 3–6: Connect and pilot
-
Enable POS-video linking on 2–3 high-risk stores (one with heavy SCO).
-
Turn on event-driven clip generation for 6–8 priority events (voids, no-sales, refunds).
-
Configure anomaly detection with conservative thresholds; track false positives.
Weeks 7–10: Coach and calibrate
-
Introduce dignity-first coaching for top-decile outliers; re-train on refund/override policy.
-
Tune computer-vision prompts at SCO to minimise friction.
Weeks 11–13: Scale
-
Report KPIs to ExCo: reduction in risky events/1,000 transactions, case cycle time, recovered margin.
-
Approve roll-out plan and funding model (opex vs capex, subscription vs buy).
KPIs the Board should see monthly
-
Risk events per 1,000 transactions (voids, no-sales, refunds, overrides).
-
% of events with linked video (coverage drives productivity).
-
SCO misscan rate and intervention success rate (corrections without escalation).
-
Outlier colleague rate (top two deciles, by banner/region).
-
Time-to-case resolution and £ prevented/recovered (including prevented loss estimates).
-
Customer sentiment at SCO (to ensure we’re not trading margin for churn).
Business case: why this pays for itself
-
The external environment is worse (record shop theft), and internal collaboration thrives in the same climate—you’re defending margin on two fronts.
-
Visual AI & EPOS-linked video materially reduce avoidable loss; Deloitte highlights the potential to prevent £multi-million losses annually at scale.
-
Beyond hard savings, you get cleaner audits, better colleague fairness (evidence-led), and safer stores—all Board-level outcomes.
Subscribe here!
Recent Posts
Posts by tag
- technology (125)
- Security (105)
- cyber security (93)
- IT Security (91)
- Microsoft 365 (67)
- Cloud (66)
- modern technology (66)
- Managed Service (65)
- business (61)
- cloud computing (60)
- IT support (59)
- cyber attack (59)
- cloud it (56)
- microsoft (54)
- workplace (54)
- Microsoft Teams (53)
- cybersecurity (51)
- Working from home (50)
- productivity (49)
- office (46)
- office 365 (44)
- IT (42)
- Password Security (40)
- employees (39)
- entrustit (39)
- Uncategorised (38)
- flexible work (37)
- Remote (33)
- efficiency (31)
- Cyber (30)
- Hosted Workspace (30)
- hosted desktop (30)
- schools (29)
- independent schools (28)
- cyber privacy (27)
- school ict (27)
- collaboration (26)
- email security (26)
- it support bournemouth (26)
- 2023 (25)
- public cloud (24)
- computing (23)
- it support dorset (22)
- password (20)
- entrust (19)
- it support hampshire (19)
- passwords (19)
- hosted applications (18)
- VoIP (17)
- cloud voip (17)
- covid19 (17)
- hacking (17)
- private cloud (17)
- data (16)
- it support southampton (16)
- teamwork (16)
- Coronavirus (15)
- cloud cctv (15)
- it consultancy bournemouth (15)
- msp (15)
- ransomware (15)
- GDPR (14)
- IT audit (14)
- cctv (14)
- hackers (14)
- it consultancy (14)
- office 365 support (14)
- Protection (13)
- covid-19 (13)
- hack (13)
- internet (13)
- it consultancy hampshire (13)
- it support winchester (13)
- management (13)
- network (13)
- Hosted Desktop and Applications (12)
- Windows Virtual Desktop (12)
- hardware (12)
- hybrid cloud (12)
- internet safety (12)
- it consultancy dorset (12)
- it consultancy southampton (12)
- 2020 (11)
- 2022 (11)
- IT costs (11)
- Microsoft Planner (11)
- vulnerabilities (11)
- windows 10 (11)
- data breach (10)
- phishing (10)
- windows (10)
- Backup (9)
- awards (9)
- bitwarden (9)
- digital (9)
- telephony (9)
- attack (8)
- communication (8)
- desk phone (8)
- education (8)
- eu (8)
- partnership (8)
- planning (8)
- software (8)
- staff (8)
- uk (8)
- usecure (8)
- Bournemouth (7)
- Google (7)
- Hampshire (7)
- IT Director (7)
- OneDrive (7)
- cloud storage (7)
- infrastructure (7)
- mobile (7)
- offsite backup (7)
- outsource (7)
- 2019 (6)
- Apple (6)
- Dorset (6)
- News (6)
- Skype for Business (6)
- apps (6)
- architect (6)
- artificial intelligence (6)
- child protection (6)
- european union (6)
- hacks (6)
- legal (6)
- legal it (6)
- mobile phones (6)
- onsite backup (6)
- password manager (6)
- remote desktop service (6)
- resources (6)
- virus (6)
- 3d design desktop (5)
- Azure (5)
- Case Studies (5)
- Desktop (5)
- ISO (5)
- Microsoft Copilot (5)
- Risk assessment (5)
- Windows 7 (5)
- award winning (5)
- brexit (5)
- designer (5)
- personal data (5)
- smartphone (5)
- surrey (5)
- website (5)
- AI (4)
- Access Management (4)
- Attacks (4)
- BYOD (4)
- Facebook (4)
- Government (4)
- Microsoft Forms (4)
- SharePoint (4)
- Thames Valley Tech & Innovation Awards (4)
- VPN (4)
- WannaCry (4)
- internet of things (4)
- ios (4)
- law (4)
- legacy (4)
- proactive (4)
- remote learning (4)
- united kingdom (4)
- 2021 (3)
- 2024 (3)
- AI CCTV (3)
- ChatGPT (3)
- Cyber Essentials (3)
- Cyber Essentials Plus (3)
- DR (3)
- DR planning (3)
- General (3)
- Google Drive (3)
- Help (3)
- IP (3)
- Local (3)
- Multi-Site Business (3)
- NHS (3)
- New Forest (3)
- The Business Magazine (3)
- Tiva (3)
- Zoom (3)
- award (3)
- big switch off (3)
- budgets (3)
- citrix (3)
- closed cloud (3)
- computer performance (3)
- copilot (3)
- copilot pro (3)
- ddos (3)
- digital hub (3)
- disaster recovery (3)
- guide (3)
- innovation (3)
- instagram (3)
- london (3)
- meetings (3)
- sme (3)
- sophos (3)
- storage (3)
- teaching (3)
- trump (3)
- twitter (3)
- wireless internet bournemouth (3)
- 2016 (2)
- 2018 (2)
- Bourne Group (2)
- Burhill (2)
- Burhill Group (2)
- CAD (2)
- Dorset Chamber (2)
- EDR (2)
- Environment (2)
- Firewall (2)
- GPT-4 (2)
- Gen Z (2)
- ISBA (2)
- Macs (2)
- Microsoft Autopilot (2)
- Mr Mulligans (2)
- PaaS (2)
- Privacy Shield (2)
- Sydenhams (2)
- Tech Company of the Year (2)
- Tech Growth (2)
- Thames Valley (2)
- acquisition (2)
- afc bournemouth (2)
- afcb (2)
- android (2)
- bcs (2)
- berkshire (2)
- blockchain (2)
- broadband (2)
- camcloud (2)
- cryptocurrency (2)
- digital transformation (2)
- downtime (2)
- dropbox (2)
- east grinstead (2)
- exhibition (2)
- finalist (2)
- iot (2)
- legalex (2)
- machine learning (2)
- macos (2)
- online meetings (2)
- organisation (2)
- paypal (2)
- predictions (2)
- president (2)
- serval systems (2)
- solent (2)
- strategy (2)
- us (2)
- video conferencing tools (2)
- windows 11 (2)
- 1998 (1)
- 5G (1)
- AMD (1)
- ARM (1)
- Abbey Hill (1)
- Aldwickbury Park (1)
- BBC (1)
- BGL Company (1)
- BUNKERS! (1)
- Birchwood Park (1)
- Burnout (1)
- CEO (1)
- Central South Business Awards (1)
- Cloud VMS (1)
- Cloudtango (1)
- Fourth Industrial Revolution (1)
- Go Integrator (1)
- Growth 100 (1)
- Harvey Jones Kitchens (1)
- High Growth (1)
- Hoebridge (1)
- Ignite 2018 (1)
- Ignite 2020 (1)
- Intune (1)
- LLM (1)
- Leaders (1)
- Loop (1)
- M&A (1)
- MDR (1)
- MFA (1)
- MSP Select 2024 (1)
- Market (1)
- May (1)
- Multi Factor Authentication (1)
- MyAnalytics (1)
- Ninja Warrior UK (1)
- PBX (1)
- PM (1)
- Power BI (1)
- Ramsdale Park (1)
- Redbourn (1)
- Regulation (1)
- Reid Steel (1)
- South Coast Tech & Innovation Awards (1)
- Surrey Business Awards (1)
- Thornbury (1)
- WCry (1)
- WannaCrypt (1)
- Wifi (1)
- Wycombe Heights (1)
- XDR (1)
- ashley madison (1)
- b2b (1)
- bandwidth (1)
- battersea (1)
- beach (1)
- big data (1)
- bloatware (1)
- brand (1)
- builders merchant (1)
- business growth (1)
- cambridge analytica (1)
- canada (1)
- cia (1)
- clinton (1)
- cnn (1)
- co op (1)
- compliance (1)
- copyright (1)
- crime (1)
- dark web (1)
- defence (1)
- dkim (1)
- dmarc (1)
- dns (1)
- donald (1)
- dyn (1)
- eagle eye networks (1)
- election (1)
- epos (1)
- equality (1)
- executive order (1)
- farnham (1)
- fax (1)
- football (1)
- gchq (1)
- grinstead (1)
- intel (1)
- intelligence (1)
- josh widdicombe (1)
- knights of old (1)
- landmarks (1)
- learning (1)
- legal technology forum (1)
- meltdown (1)
- millennials (1)
- mimecast (1)
- mirai (1)
- modern work (1)
- no-deal (1)
- number plate detection (1)
- onsite (1)
- paper (1)
- patisserie valerie (1)
- performance reviews (1)
- pound (1)
- premier league (1)
- private equity (1)
- procrastination (1)
- reading (1)
- recruitment (1)
- research (1)
- retail (1)
- samsic (1)
- sharefile (1)
- smart buildings (1)
- smishing (1)
- snowden (1)
- solent business awards (1)
- solentBA (1)
- spectre (1)
- spf (1)
- sterling (1)
- storm (1)
- talktalk (1)
- trumppresident (1)
- ukitawards (1)
- united states (1)
- usa (1)
- vault 7 (1)
- vitality stadium (1)
- whatsapp (1)
- white (1)
- white house (1)
- wikileaks (1)
- wireless internet southampton (1)
- women in business (1)
- xiongmai (1)
- year (1)
- zero touch deployment (1)
- zero-trust (1)