AI loss prevention software, explained.
UK retail crime hit a record £4.2bn last year, with £2.2bn of it direct theft across more than 20 million incidents (BRC). AI loss prevention software turns the cameras a retailer already has into real-time detection of that theft, with a human reviewing every consequential decision. This is a plain-English guide to what it does, what it can and can't fix, and how to evaluate it.
What is AI loss prevention software?
It is software that watches a retailer's existing CCTV in real time, recognises the events that matter, and surfaces them for a human to act on, before the loss leaves the store rather than hours later in a review.
Traditional CCTV is a recording medium: it is reviewed after something has gone wrong. AI loss prevention software changes that by running detection on the live feed. When a concealment, a grab-and-run, a till incident or a known offender appears, it flags the moment, assembles the evidence, and routes it to a manager. The platform proposes; a person disposes. Nothing consequential happens automatically.
The two halves of the category are behaviour-based shoplifting detection and face recognition. Beyond theft, the same cameras can also read the floor, footfall, occupancy and dwell, so a loss-prevention deployment doubles as an operations one.
Catch the behaviour. Recognise the face.
They solve different problems, and most UK retailers need both.
Behaviour-based detection
Flags concealment in clothing or a bag, grab-and-run, and unusual till behaviour by reading the actions on camera, not the item. It is the right floor for any single store. Only unambiguous behaviour is flagged, and a human clears it before anyone acts.
AI shoplifting detection →Face recognition (GDPR-safe)
Matches a detected face against your banned list and your staff and trusted-visitor whitelist. The value is cross-store: a repeat offender flagged at one site is recognised at every site, automatically, with a human approving every match.
GDPR-safe face recognition →No rip-and-replace, no streaming to the cloud.
Detection runs on a small edge node in the store, on the IP cameras already on the wall. Only events leave the building, which is better for latency, bandwidth and privacy all at once.
Because the AI runs on-site, the alert can land before the person reaches the door, the bandwidth bill of streaming every camera to the cloud disappears, and raw video never leaves the store, which makes the data-protection story far simpler. See how the pieces fit on the platform overview, or the deeper edge vs cloud write-up.
What AI loss prevention can and can't fix.
Shrinkage is not the same thing as theft. UK shrinkage runs at roughly 1.4 to 1.7% of turnover, and it is a basket of four things: external theft, internal theft, admin error and supplier fraud.
AI on CCTV is aimed squarely at the external-theft component, and the till-adjacent slice of internal theft that the cameras can see. It does not fix admin error (a process and EPOS problem) or supplier fraud (a goods-in audit problem). Any vendor implying their AI tackles all four categories is selling marketing, not software.
Being specific about this is the point: it lets you size the addressable loss honestly against vendor cost. We cover the full breakdown in what the BRC numbers don't tell you.
GDPR-safe is a design decision, not a policy page.
Whether face recognition on retail CCTV is compliant is decided on day one, in the architecture. It cannot be retrofitted onto a system that wasn't built for it.
Recognition is not identification
A high-confidence match surfaces a candidate. A human reviewer accepts or rejects before any name, ban or report is attached.
Face data separate from video
The numbers that represent a face are kept apart from the video, never in the same record. Right-to-erasure can act on each independently.
Append-only audit log
Every status change records who did what, when and with which role. The log is the legal artefact behind any decision.
ICO + ISO, verifiable
ICO-registered. ISO 9001:2015 (267400) and ISO/IEC 27001:2022 (268054), via the British Assessment Bureau, verifiable on their public register.
A buyer's checklist before you sign anything.
The AI-loss-prevention category is noisy and the demos look alike. These are the questions that separate software that works in a store from software that demos well in a deck.
Common questions.
Is AI loss prevention legal under UK GDPR?
Yes, when the system is built for it. The decisions that matter are architectural: face data stored separately from video, recognition split from identification (a human approves every consequential action), retention bounded by category, and an append-only audit log. QuantumEye is ICO-registered and ISO/IEC 27001 certified, and shares a DPIA template with retailers under NDA.
Does AI loss prevention software work with my existing CCTV?
Yes. QuantumEye runs on the IP cameras you already own (RTSP / ONVIF). It is a software platform, not a hardware vendor, so there is no rip-and-replace of cameras.
What is the difference between behaviour detection and face recognition?
Behaviour detection flags actions, concealment, grab-and-run and till incidents, on a per-camera basis. Face recognition matches a detected face against a banned list or staff whitelist. Most UK retailers need both: behaviour as the floor, and face recognition as the cross-store glue for repeat offenders.
How does AI loss prevention software handle false alarms?
QuantumEye flags only unambiguous behaviour, and a human reviews every flag before anything happens, so everyday shopping does not trigger it. Thresholds are tuned per site on UK footage during setup.
What does AI loss prevention software cost?
Pricing is scoped per estate, by camera count and module mix, on a 12-month contract with no setup fee. Pilots run 30 days, typically one store, fully featured. Book a call for a costed proposal.
How long does it take to deploy?
A first-store pilot is typically live in around two weeks, one store, fully featured, and can be run against your own anonymised incident history so you see real results before rolling out.
What would this look like in your stores?
A 30-day pilot, one store, fully featured, run against your own anonymised incident history. 20 minutes to scope it, online.