AI theft detection vs gesture detection, compared honestly.
Both approaches run as software on the IP cameras you already own, and both watch the live feed to flag a likely theft as it happens, for a human to review. On that axis, catching the act in the moment, they are genuinely similar, and gesture-only detection is a legitimate, lower-privacy choice. The real difference is identity. Gesture-only has no memory of who: it cannot recognise a repeat offender returning next week, or the same person working your other stores. QuantumEye does behaviour detection too, then adds optional face recognition for cross-store repeat-offender recognition, which carries a higher GDPR profile and is always human-confirmed. With UK retail crime at a record £4.2bn last year, £2.2bn of it direct theft across more than 20 million incidents (BRC), the question worth answering before you buy is simple: do you only need to catch the act, or do you also need to recognise the person across visits and sites?
What gesture-only and full AI theft detection actually are
Both are software on your existing cameras, not a camera swap, and both put a human in the loop. The difference is not the camera or the moment of the catch; it is whether the system remembers who it saw.
Gesture-only detection watches the live feed and flags suspicious body movements and gestures that tend to precede a theft, a hand sweeping stock into a bag, a furtive concealment, a grab and a turn for the door. It reads the action, so it works on anyone, including a first-time offender with no prior record, and it needs no watchlist to function. Because it never builds a record of identity, its privacy footprint is low and there is nothing to match a face against. For a single store that only needs to catch the act in the moment, that is a reasonable and honest place to stop.
QuantumEye does that same behaviour-based job, concealment, grab-and-run and till incidents, and then offers a second, optional layer that gesture-only systems do not have: face recognition against a banned list and a staff whitelist. That layer is what gives the system a memory of who. It is not switched on by default and it is not required to catch a theft; it is the part you add when recognising a person across visits and across sites is the problem you actually have. See the detail on the behaviour-based shoplifting detection page, and the identity layer on the face recognition page.
Catching the act in the moment
On the axis most people mean by theft detection, flagging a likely theft as it unfolds so a manager can respond, the two approaches are broadly comparable. It is fair to say so plainly.
Both run on a small edge node inside the store, on the standard IP cameras already on your wall over RTSP and ONVIF, so only events leave the building and the raw video stays on-site. Both read what a person is doing rather than who they are, which is why both catch a genuine first-timer the very first time. And both are human-in-the-loop by design: the software proposes, a person disposes, and a manager reviews every flag before anything happens. Neither one physically intervenes, stops or restrains anyone.
If your honest requirement is only to catch the act, gesture-only and QuantumEye's behaviour detection will feel similar in day-to-day use. We are not going to pretend otherwise. The differences that matter show up afterwards, the next time that person walks in, or the first time they try the same thing at another one of your branches.
AI theft detection vs gesture detection: the identity layer
This is the load-bearing difference. Gesture-only has no memory of who. QuantumEye can add one, on purpose, with a higher GDPR profile that has to be governed properly.
A gesture-only system treats every incident as if it were the first. A prolific offender barred last month walks back in and the system flags the act again, but it cannot tell you this is the same person you have seen three times, nor that they were caught at your branch across town last week. There is no watchlist to govern and no face data to protect, which is precisely the trade: lower privacy footprint, but no cross-store recognition.
QuantumEye's optional face recognition closes that gap when you need it closed. A repeat offender, once flagged and human-confirmed at one site, is surfaced as a candidate at every site, while your own staff and trusted visitors are whitelisted so they are not flagged. Crucially, recognition is not identification: a high-confidence match surfaces a candidate for a person to confirm, never an automatic ban. Face data is stored separately from the video, the audit log is append-only, retention is bounded, and data stays in the UK and EU. Using it lawfully needs a clear lawful basis and a DPIA. Our write-up on how we built GDPR-safe face recognition covers that in full.
Do you only need to catch the act, or also recognise the person?
The decision is not which is better in the abstract. It is which question your estate actually needs answered, and what governance you are willing to take on to answer it.
If you run a single store and your only goal is to catch theft in the moment with the lowest possible privacy footprint, gesture-only is a fair choice and we will say so. There is no watchlist to maintain, no face data to secure, no DPIA to write. You catch the act, a human reviews it, and that is the end of the loop.
If the same faces keep coming back, or the same people work several of your sites, then catching the act each time in isolation leaves value on the table. That is the point of adding the identity layer: cross-store repeat-offender recognition that gesture-only structurally cannot provide. The trade is real and we are explicit about it, you take on face-recognition governance, a lawful basis and a DPIA, in exchange for memory of who. A practical path is to start with behaviour detection on every site, then add face recognition only where recognising the person across visits and sites earns its keep. If you want the whole category in one place first, the AI loss prevention guide walks through how the pieces fit.
The difference, in one table.
| Gesture-only detection | QuantumEye (behaviour + optional face recognition) | |
|---|---|---|
| What it does | Flags suspicious gestures and body movements that precede a theft, as they happen. | Flags the same behaviour, concealment, grab-and-run and till incidents, plus optional identity recognition. |
| Catches the act in the moment | Yes. Reads the action, so it works on anyone, including a first-timer. | Yes. Behaviour detection reads the action too and catches a first-timer the first time. |
| Memory of who | None. Each incident is treated as if it were the first. | Optional face recognition gives the system a memory of who, when you switch it on. |
| Cross-store repeat-offender recognition | No. It cannot recognise a returning offender or the same person across sites. | Yes, with the identity layer. A human-confirmed offender is surfaced as a candidate across every site. |
| Watchlist to govern | None. Nothing to maintain, which keeps it simple. | A banned list and staff whitelist, only if you enable face recognition. |
| GDPR profile | Lower. No identity match, no face data to protect, still human-in-the-loop. | Higher when face recognition is on: needs a lawful basis and a DPIA, still human-confirmed. |
| Acts on the incident | No. It detects and alerts; a human takes any physical action. | No. It detects, alerts and evidences; a human takes any physical action. |
| Hardware | Software on your existing IP cameras (RTSP / ONVIF). No camera swap. | Same. Software on your existing IP cameras, edge node in-store, raw video stays on-site. |
What this does not change.
The useful comparison is the honest one. Here is what stays true whichever way you go.
Common questions.
What is the difference between AI theft detection and gesture detection?
Gesture detection is one approach to AI theft detection: it flags suspicious gestures and body movements that precede a theft, on your existing cameras, with no identity layer and a low privacy footprint. QuantumEye does that behaviour-based detection too, then adds optional face recognition so the system can recognise a repeat offender across visits and across sites. On catching the act in the moment the two are similar; the real difference is whether the system has a memory of who it saw.
Is gesture-only detection a worse choice than full AI theft detection?
No, and we will not pretend it is. Gesture-only detection is a legitimate, lower-privacy choice. If you run a single store and only need to catch the act in the moment, it does that job, with no watchlist to govern and no face data to protect. The point where it falls short is identity: it cannot recognise a returning offender or the same person at your other stores. That is the gap the optional face-recognition layer is for.
Do I have to use face recognition with QuantumEye?
No. Face recognition is optional and is not on by default. QuantumEye's behaviour detection catches theft in the moment without it, on anyone, including first-time offenders. You add the identity layer only when recognising a person across visits and sites is the problem you have, and when you are ready to take on the governance that comes with it, a clear lawful basis and a DPIA.
Does either approach stop theft on its own?
No, and we are careful not to claim otherwise. Both gesture-only detection and QuantumEye detect, alert and evidence so a person can act quickly. Neither physically intervenes, stops, restrains or deters by presence. A human, staff, guard or manager, takes any physical action.
Is QuantumEye's face recognition legal under UK GDPR?
It can be, when it is built and operated for it. Adding face recognition raises your data-protection profile, so it needs a clear lawful basis and a DPIA. The architecture matters too: recognition is separated from identification so a human confirms every match, face data is stored separately from video, the audit log is append-only, retention is bounded by category, and data stays in the UK and EU. QuantumEye is ICO-registered and holds ISO 9001:2015 and ISO/IEC 27001:2022, verifiable on the British Assessment Bureau register.
Do I need new cameras for either approach?
No. Both gesture-only detection and QuantumEye run as software on the IP cameras you already own over RTSP and ONVIF, with detection on a small edge node in the store so only events leave the building and the raw video stays on-site. There is no rip-and-replace. Pricing is scoped per estate by camera count and module mix, on a 12-month contract with no setup fee, and a first-store pilot is usually live in around two weeks.
Other comparisons.
See where catching the act stops and recognising the person begins
A 30-day pilot, typically one store, fully featured, on the IP cameras you already own and run against your own anonymised incident history. See behaviour detection catching the act in the moment, and decide for yourself whether your estate also needs the optional, human-confirmed identity layer. No camera swap, no setup fee, and a first store usually live in around two weeks.