Penetration Tests and Mystery Shoplifting


Penetration tests (sometimes referred to as mystery shoplifting) provide an opportunity to test out the effectiveness of security and obtain very specific and first hand feedback about why something worked or did not work. These tests are available for a range of premises, for example retail outlets, office buildings and warehouses.


Key Points

  • Test security by adopting a thief’s perspective (this is arguably the most illuminating way of understanding security strengths and weaknesses)
  • Assess the effectiveness of a variety of security measures (find out why they fail; a bad measure or merely poorly used?)
  • Test in different parts of the premises including back areas
  • Provide a tailored approach to meet specific objectives
  • Compare results in different areas
  • Receive a report designed to meet your specific needs
  • Consider follow-up and re-tests to show improvements and remaining weaknesses

Perhaps the most important advantage of tests is that they facilitate very specific feedback to stores (or head offices, warehouses, or the supply chain) about security strengths (and therefore provide an opportunity to promote good practices and recognise effective staff and procedures); and identify security weaknesses and provide recommendations on how these can be remedied.

The tests are a way of assessing security from the viewpoint of a thief. This is important because the thief’s perspective provides a very engaging way of gaining the attention of staff, and is therefore a good basis for communicating messages. People are interested in the thief’s view; it has credibility because it has been gained from real experience in the workplace.

Perpetuity staff have considerable experience of conducting penetration tests. We have interviewed offenders in prison, including burglars and thieves. We have also accompanied ex offenders on ‘walkabouts’ in communities and in stores to understand the types of opportunities they exploit. From this we have developed detailed insights that they use to determine security strengths and weaknesses. We have specific and extensive experience of conducting tests and we can use this to benchmark performance and guide future work.


It is important to set very specific objectives for tests that are tailored to the needs of the client. For example, we often conduct store penetration tests, aiming to access areas where the public would not normally be permitted and attempting to ‘steal’ a variety of goods from stores to assess what worked and what did not work (which can sometimes be about policy and procedure, sometimes staff behaviour and sometimes technology and specific security measures).

Following the tests we can provide verbal feedback on the day of the test. This is then followed by a written report with recommendations including ‘easy wins’. Other post-testing services include:

  • Promoting staff awareness via talks or road shows
  • Conducting listening groups where we feedback our findings to staff and elicit their views (for example) on
  • How thieves steal to generate ideas on how these could be prevented
  • Why and when colleagues are dishonest and how these incidents can be identified and minimised
  • Generating E-learning opportunities
  • Developing new procedures and improving on existing ones

Our service is a research-led approach by experienced testers based on work with experienced offenders.

For more information or to arrange a consultation please email: