Hacking The Grocery Store Self-Checkout – 3 Ways Thieves Are Making YOU Pay For What They Don’t

December 10th, 2007 | by MG | (Visited 409,804 times)

Stealing at Walmart using The Self Checkout SystemAutomation is the new wave of the future. We have everything from our food to our own bodies implanted with RFID (Radio Frequency Identification) chips nowadays. RFID chips allow us to let machines handle the scanning and security. But while the machines can tell you if something hasn’t been paid for or what something is, they can’t tell you about social cues.

This new security through automation has led to a new wave of thieves who take advantage of your newfound confidence in “the system”. This is the framework for social engineering. In laymen’s terms, Social Engineering, involves using careful questions, methodical actions, and a knowledge of a system’s security to “hack” it.

So how are folks “hacking” their grocery stores? Self-Checkouts.

Where you had one person per register and often two if you counted the person bagging the groceries, now many grocery stores, like Super Walmart, have gone to a turn style type bagging system where the cashier now scans AND bags. Additionally, with the advent of self-checkout systems, you can have as many as 4 or 6 checkout kiosks with only one manager to help out all of those customers.

The issue here is, that in reality, you’re dealing with people who either don’t understand the way the checkout works or are doing something wrong. Which requires the self-checkout manager to leave his monitoring station to come and help. Often times, you can hit a security snag like having a different weight in the bagging section than what should be there, or an item that can’t be scanned, etc.

Rather than take the time necessary to monitor for security, the checkout managers are trained to monitor for speed and service, so such items are usually passed through as long as the person doesn’t appear to be doing something fraudulent.

Meet The Grocery Store Managers – Alan and Greg

Grocery Store Manager - Walmart

I spoke with two grocery store employees this weekend to confirm what I’ve seen in my experience using the systems they’re tasked to manage. Both Alan and Greg, work at different stores. Both are in managerial positions at their stores. For their feedback, I’ve left out their details. Both expressed concern that this is just something you don’t talk about.

Alan works at a smaller community market (which he’s asked be left unnamed) that’s been around for over 20 years. Their systems have been retrofitted with RFID chips, self-checkouts, and basic door security with scanners at the exit which go off when items have not been marked paid. Alan’s store has two “older” gentlemen (who alternate shifts) at the door scanners to greet as well as act as a deterrent for theft. All lanes have a bagging clerk and the self-checkout section has 4 stations with single manager podium/station.

Greg works at a new Super Walmart that has been built from the ground-up less than 3 years ago. Much like Alan’s setup, there are several disabled and/or elderly employees who work as greeters and impromptu theft deterrents near the door scanners. Everything else is similar.

To be precise, regarding the greeters – both Alan and Greg admit that their presence is meant to be a deterrent. Neither company truly uses their greeters as security personnel. As the last employee a customer sees as they exit, they are just asked to greet, and to generally remain aware of suspicious behavior and to alert a floor manager if needed.

Three Ways Grocery Stores Are Getting ‘Hacked’

As a programmer, you inherently look at flaws in a system. It’s how you improve the systems you build on a daily basis. These are the three flaws I’ve seen in the system in my visits to both stores. Though Alan’s stores sells primarily groceries and Greg’s sells everything you could need (lawnmowers to bananas), it’s remarkable how similar their experiences with all three methods are.

Tactic #1: Misrepresenting An Item’s Weight

Stealing and Theft - Weighing Items At the Self Checkout

This seems to be a bullet proof system. You enter in the type of produce, place it on the scanner, and the scanner prices it based on the weight. However, because of the lack of attention by the manager in busy times, or because of the complete absence of a manager altogether, this is one more way thieves are getting a leg up on the machine. When scanning produce which as been bagged, some will hold the produce while on the scanner, letting it register at a fraction of it’s true weight. The scanner is also intended to weigh items placed in the center. Placing the bulk of an item’s weight closer to the edge also misrepresents the weight. On higher priced produce and goods measured this way, the price adds up very fast.

The truth is, that at my store, I can’t always be at my station. Most of the time people don’t follow the directions and I have to reset their station or help them navigate through the system’s instructions. Sometimes I’m called away and the station is left unmanned. If I’m there, I’ve been trained to focus on keeping the lines moving. I honestly can’t say I’ve kept an eye out for this, but it’s very possible. I’m more likely to see it as placing something on or off the scanner itself and as long as it seems you’re doing it right, I’ll get back to scanning the other 3 stations for problems.
I’ve actually caught one person doing this but only becuase they were teenagers, louder than normal, and becuase I overheard one of them tell the other teen to do this. Aside from that, while I’m at my station 95% of the time, I don’t check for it. I’m more concerned about helping customers getting through the lines. The teenager that was caught had $7.00 worth of apples and they registered for just under $1. If I hadn’t overheard him, I wouldn’t have caught him. If apples register as apples, I don’t pay attention to the price.

Tactic #2: Not Scanning The Item At All

Stealing and Theft - Not Scanning Items At All

This tactic works on the premise that most food is simply not tagged with security. Loss Prevention is all about the ratio of cost to secure vs cost of theft. For many “small ticket” items such as groceries, there is usually no security. Pharmacy goods, medicine, alcohol, and other items do get secured most of the time, but your loaf of bread, box of rice, and produce, isn’t.

When scanning items, these thieves will grab 2 or 3 of the items, let one scan and place them all in the bag before being seen. Or they will simply run the item over the scanner where the code cannot be read and the beeps from another station will give the checkout manager the assurance that the item was scanned. In other words, perception is reality.

At my store, the job of scanning in each item in the store into our computers is left to minimum wage teens. Some get lazy, some honestly miss items, and some are just following orders not to scan certain items. We have limited resources and when a scanner is broken or misplaced, the more tangible and visible efforts like customer service and attention have a higher priority placed on them. At my store I’m bouncing around between stations helping people out or resetting their screen. I may notice if you don’t scan something and leave it at the bottom of your cart like soda or dog food, but if you pretended to scan it most clerks would leave any suspicion up to the security at the exit.
At our particular store, we simply do not secure most foods. We cover alcohol, but mostly because of federal law regarding purchasing by minors. Technology items, toys, and more expensive items usually have RFID tags, but our food does not. If it looks like you’re scanning items correctly and not calling attention to yourself, I probably won’t pay attention to you. It’s the people that start getting agitated or that flag me that get the attention. We’re trained to make sure people scan all items in the cart, but as long as your cart is empty and everything looks to be in order, there’s no reason to be suspicious.

Tactic #3: Scanning A Different, Lower Priced Item

Stealing and Theft - Scanning a different item

With produce and expensive cuts of meat such as steak and beef, they can be entered manually if their tag is missing or it won’t scan for one reason or another. When entering in the item code, you can enter in the code for a cheaper item, or a smaller item. As long as the item is scanned, the weight is mostly irrelevant. Expensive cuts of lean steak can be ringed in as a quarter pound of ground beef. Something jumbo sized can be entered as something a fraction as big. If the item looks like the item being scanned, brand, weight, or size is often ignored altogether.

With our produce, some are missing labels. This is notorious with bananas. We only sell one type of banana so most people still enter everything correctly. As far as the rest.. If it looks like you’re scanning in medicine, detergent, or whatever. As long as the item scans and you don’t call suspicion to yourself I honestly can’t say I’d give you a second look. It’s more about obvious theft like leaving things in your cart, moving the lines along, and helping customers with the system.
When I first got hired on I started out stocking items in the back of the store. Several of the employees back there routinely did this. They would buy hundreds of dollars of steak, key them in as ground beef and pay 10 or 20 percent of the true cost. If a fruit looked red or round, they would key it in as a tomato or apple, whichever was cheaper. They don’t work here any longer but for other reasons. That department has a high turnover rate. If it looks like you’re scanning what pops up on my screen, I’m more concerned with the other stations. If someone scans in a different TV or DVD player, we let the door scanner alarms handle things. So much gets scanned every minute, it’s nearly impossible to pay attention to specifics.

But Does The Door Security Really Work?

Walmart Greeters and Security - Hacking and Social Engineering

This question was the reason I couldn’t use Greg’s real name. He admitted that most of the door greeters were “nice old ladies” and that some rarely even left the electronic carts they sat in due to their disability, weight, or simply because it was easier that way. That many would just wave hello or goodbye while trying to stay awake. He said that Wal-Mart takes Loss Prevention and theft very seriously, but when the alarm goes off – there’s nobody nearby to second guess the greeter’s judgment.

Some of the electronic devices like the XBOX 360, Playstation 3, or Nintendo Wii grab additional attention in the associate meetings. But items like TVs, PC accessories, and other high ticket items do not. When the alarms sound, the greeter will usually check that the customer has a receipt and that the items are on the receipt, but only to see that something like that item was bought. Unless it’s very obvious, the customer is just waved on. If they recognize the customer as a frequent one or one that “looks normal”, as long as the customer looks confused and offers the chance to investigate, the greeters will just smile, chalk it up fussy computers, and let them go without checking.

As Greg put it, the folks working the door don’t really check to see why a $20 new release of 50 Cent’s CD rings up as a clearance-priced MC Hammer CD. It’s a rap CD, it must be the machines.

The security figures the cashiers caught the mistake. The cashiers figure the security will catch a mistake.

How Bad Does The Theft Get?

Walmart Self Checkout - Fast Easy Fun!

Because Greg had personal knowledge of employee theft, I figured he had heard other stories of people using the above system. He had indeed. He acknowledged that the third was by far the most expensive in terms of items stolen. Stealing that way at his store was often called “Oops’ing”.

What is Oops’ing?

During a non-company related Christmas BBQ a couple years back that many of the employees attended (including Greg), one of the stockers was tipsy and admitted to “Oops’ing” a few hundred dollars worth of the alcohol and steaks they were eating. The night manager coined the “Oops” term when items were mislabeled as the right type or brand of item, but at an incorrect price or size.

The host (the stocker), went through the self-checkout and each item was entered, but as a much smaller sized bottle or type of meat. When the numbers come back, or a duplicate item is later registered (when you enter in another item’s code and that item is later scanned, the purchase is flagged), it’s very easy to write the loss off as a mistake during inventory. Because the true items may be purchased with a large time difference between them, it rarely raises suspicion.

One of the department managers had overheard the boastful host and took him in the corner. Greg expected some loud words, but oddly enough after a few concerned questions were asked both came back smiling and ready to party.

When Greg asked the stocker what that was about, he was told the manager just wanted to know that nothing was “stolen” and that everything was just entered as something else as it had been. When that’s the case, it looks like computer error, and the numbers of items loaded and purchased still balance out. He was warned that if he ever heard that again he’d have to take action and that the employee should be smart and keep that kind of thing quiet.

Greg said the truth was that many of them read and post on sites like Walmart-Blows.com. He didn’t speak up about the BBQ theft because for the most part, if he keeps quiet and focuses more on his numbers and section, it’s better.

“You never know if you’re ratting to a manager about their friend”, said Greg. I suppose he’s right.

RSS feed


Dec 10, 2007 1:13 PM

[…] But that doesn’t mean Walmart is “bad”.. just means that you should be aware of where you’re shopping and that sometimes the price is right. Or in other words, you get what you pay for. […]

Comment by cone
Dec 10, 2007 2:32 PM

This isn’t unusual, I work at Walmart in Phoenix and the bathroom stall on the far right is pretty much reserved for employee theft. The weapon of choice is a soft 20 cd holder. Rip out 20 cds or dvds and put them in the cd holder, stuff the cd holder in your pants or pocket.

The scanners don’t pick up the cd holder and if theyre not in the case you can steal a couple dozen every night asyou take smoke breaks.

Comment by mpogo
Dec 10, 2007 2:33 PM

Ass. mgrs don’t care.. ours taught us what we could and couldn’t get away with the first night we had training..

May 07, 2008 11:25 AM

[…] surprising to hear that the security system at Wal-Mart, enforced by senior citizens, can sometimes allow rampant theft to take place, and even more serious crime like the instance […]

Jul 11, 2008 9:02 PM

[…] ways to fool and ultimately steal from supermarkets that use self-service check out lanes: Hacking The Grocery Store Self-Checkout: 3 Ways Thieves Are Making YOU Pay For What They Don’t. Here’s just one M.O. favored by these crooks: “With produce and expensive cuts of meat […]

Sep 08, 2008 11:32 AM

[…] drive freight trucks and we consistently run “heavy”. The best way to steal from our “Super” grocery store is to go to the deli and buy the largest drink you can buy. Stuff everything you can fit, inside […]

Comment by MomWithConscience
Nov 11, 2008 4:35 PM

I personally stole a microwave and a set of pots & pans from Walmart. The buzzer went off, I handed my receipt to an employee, and they let me go. I had purchased a few other items, among which were some razor refills. Apparently these get RFIDs because they are expensive and small and easily lifted. (Nevermind that if I really wanted to steal them I could simply open the box, remove said refills and stick them in my pocket. But I digress.) Anyway, the employee was way more nervous than I was. She rifled through my bag a bit, looked at the receipt, and concluded that it “must be the razors” because that happened all the time. Out I went with around $200 in stuff. I exited thru the Tire/Lube Express because I was having my oil changed – not sure if this made any particular difference.

Of course, I went back another time and went thru the self checkout, scanned the two items I hadn’t paid for on my previous trip, paid cash, then went back into the store and left the cart there. I had never really intended to steal anything. I just had a wild hair and decided to see if it would work. If I’d been caught, the two items were on the bottom of the cart, and all I had to do was feign Mom-brain and that I’d forgotten to scan them.

Another scam, by the way, is coupons. Some stores are somewhat wise, in that I can’t scan a Swiffer coupon when I haven’t bought a Swiffer. I can, however, scan the $7 coupon off a new Swiffer WetJet when all I bought was a pack of $4 refills. The system only recognizes the “family” of items, I guess, not the individual ones. I have to admit that I’ve done this, through both the self checkout and the regular checkout.

Comment by BSJ
Jun 05, 2009 8:06 PM

There is an inherent logical flaw in your article. At first you say managers are called over when the weight of a scanned item doesn’t match what’s in the bagging area and then all of the scams you mention would obviously set off this weight imbalance alarm. You should at least be able to explain that, or your whole article is worthless.

Comment by Ginnie
Jun 06, 2009 9:36 PM

I think you’re forgetting the social engineering that in most situations, negates the tools put in place to prevent such things.

Another example for you: How many users do you know that write down their computer passwords when the rules for passwords become too difficult for them to remember?

It’s the “people” factor that is the variable with regards to how effective any such measures could ever be.

Comment by Nate
Aug 06, 2009 1:01 PM

None of these “hacks” account for the beginning and ending weight checks.

Most grocery stores (and Wal-mart) weigh the items still unscanned (usually on the left side). Once an item is scanned, its weight is subtracted from the “unscanned” side and added to the total weight of the “bagged/scanned” side. These two must counter-balance or you get the “please place item in bag” request over and over.

These hacks are worthless on all but the most outdated and basic of machines and/or the most apathetic and non-caring store employees.

Comment by Major Santerre
Jun 25, 2010 1:49 PM

The greatest fat loss workout involves higher intensity interval training, a common sense diet and plenty of rest.

Comment by James
Oct 29, 2010 12:11 AM

Wow. Are American programmers that stupid. Here in Australia we have this system whereby the items weight is programmed in with its barcode so when it hits the bagging area it needs to weigh correctly. The only real way to beat the system is to print your own barcodes and put them on same weight items of greater expense or the easiest way and can only be done on loose items that require you to identify the items and weigh them. You put mangoes on the scale and pick carrots on the screen, just make sure the store staff isn’t watching. Since most people are stupid and cant work a simple machine you’ll have plenty of chance while the staff help the morons.Happy shopping

Comment by Anonymous
Oct 16, 2011 3:46 PM

forged receipts are a great backup- i often dont even have to show my work at the gate when leaving through the garden center. if someone does happen to be there i show them the receipt and we are good to go. Get thermo receipt paper rolls at an office store, scan yr original, edit with microsoft paint, shoot a copy and tape yr piece of receipt paper to the copy so it lines up right and run it back through the printer. just like counterfeit money w/o having to do fed time

Comment by The O
Jun 10, 2012 1:02 PM

So John C Reilly is a Walmart Manager now? LOL

Comment by Anonymous
Sep 05, 2012 9:30 AM

I find it hard to fathom, since I work for Walmart, that anyone would be so stupid as to facilitate theft, which is in actuality, stealing from themselves. We receive a periodic bonus, which is in-part based on theft deterrence and minimizing waste. The more theft, the less we get in our bonus.

Sep 15, 2012 3:05 AM

[…] Some retailers have ditched self check-out entirely after experimenting with it.  Theft/shrinkage (described here) and user frustration are […]

Comment by bob byrd
Oct 11, 2012 2:36 AM

As a former food manager of a huge corp, id say stealing groceries is a low blow to the store. only for the fact big retail chains hardly mark up food items. There are mark ups on perishable items dont get me wrong, but as for the entire grocery section, they hardly make anything off you. sometimes even take losses on sale items, just to get you in the doors. you may not believe this. but its all 100% true

Comment by it works
Mar 17, 2013 10:04 AM

APPEARANCE & ATTITUDE is all that matters. We’ve all seen the grungy 20-something carted off in cuffs for stealing smokes. He deserves what he gets. But how many well-dressed, high-powered attorney-types have you seen under interrogation for shoplifting? None. Zero. Doesn’t happen. Be that guy, and you’re golden.

I can’t emphasize the dress code for theft enough. It’s the trick. If you’re stealing something and you didn’t shave within the past 10 hours, you belong in jail. If you’re wearing a baseball cap, jeans, sneakers, tee shirts or anything like that, you won’t be successful for long. It’s easy for a minimum wage employee to power trip his way into accusing teenagers of stealing. But they are far too intimidated to question a man in a suit.

Once I was quasi-accused at WalMart. I was ringing my bread and crackers on top and an associate, whom I knew previously, asked “are you gonna ring all that up this time?” I asked wtf she was talking about. She said she saw me take a shopping cart-full of stuff out to my car without ringing it up a few weeks prior. I immediately raised my voice, sharpened my tone and asked her, “are you accusing me of stealing! Let’s get the manager over here RIGHT NOW!” She dropped her head, whsipered “no, no, no” and walked off. Not many will go to the mat for a company that pays them $7 an hour and assures they never advance or receive any benefits.

Jun 28, 2013 3:38 PM

[…] know if Walmart is still good at combating shrinkage.  If you look on the Internet, there are websites that explain how Walmart loses inventory.  These little things won’t be obvious from reading a 10-K because it’s simply not […]

Comment by Deek
Jul 07, 2013 11:51 PM

Here is what can be done at a store near me. Go around 0100 to 0300. There is a self checkout area in the shape of an L. There is an attendant stations next to a checkout station. The station faces the wall and is in a corner. You can easily pretend to scan items and place the min the bag. If they do not weigh too much they will not be noticed. You know how plastic sacks stick together? Don’t open one all of the way up. Let the back be like a hammock for item. Scan a couple and put them in another bag. Then Pay and leave.


Sorry, the comment form is closed at this time.