A seemingly ordinary transaction at a Louisiana Lowe’s last spring unveiled a sophisticated criminal enterprise, revealing the evolving landscape of organized retail crime. A man in an Air Jordan T-shirt, acting like a typical shopper at a self-checkout kiosk, methodically purchased multiple $95 gift cards using a tap-to-pay method via his phone. Unbeknownst to the red-vested associate nearby, this individual was a cog in a vast Chinese crime ring, leveraging stolen credit cards while receiving real-time instructions from a Southeast Asian scam compound through wireless headphones. This incident, captured on surveillance video, underscores a growing threat that law enforcement estimates is siphoning as much as $1 billion annually from retailers across the United States, marking a perilous new frontier in digital fraud.
Adam Parks, an assistant special agent in charge with U.S. Homeland Security Investigations (HSI), a federal agency with a broad mandate covering transnational crime, highlighted the pervasive nature of these operations. "We know that there are hundreds of individuals at any one time doing this across the country," Parks stated, emphasizing that while individual transactions might seem small, the cumulative impact is immense. The suspect from the Lowe’s incident, still at large, continued his fraudulent spree at other retailers on the same day before returning to the original Lowe’s to repeat the process, illustrating the brazen efficiency of these networks. Lowe’s declined to comment on the ongoing investigation.
The Digital Frontier of Organized Retail Crime
While credit card theft and fraud are enduring challenges, the proliferation of contactless payment technologies like tap-to-pay and the widespread adoption of retail applications have inadvertently created new vulnerabilities that criminal organizations are expertly exploiting. This shift represents a significant departure from traditional organized retail crime, which often involves the physical theft of merchandise from store shelves for resale. Instead, these digital thefts can be executed with minimal physical risk to the perpetrator, often directly under the nose of store employees or remotely from anywhere in the world.
Scott Glenn, vice president of asset protection at The Home Depot, articulated this distinction. "It’s very low risk for the bad actors," he noted. "It’s not the same thing as walking into a Home Depot, filling up a cart full of power tools, and then walking out. It’s just not as visible, it’s not as obvious to what’s happening out there and so it’s become a more preferred method over the last several years." Industry experts and law enforcement attribute retailers’ vulnerability to their dual role: platforms that handle sensitive customer information, including stored credit cards and personal data, yet typically lack the stringent, bank-grade security protocols characteristic of financial institutions. This imbalance makes them attractive targets for sophisticated fraud rings.
Despite the escalating scale of this digital crime wave, concrete, publicly available data quantifying the exact losses retailers incur from these specific forms of digital fraud remains elusive. However, investigative reporting by CNBC has uncovered at least a dozen criminal cases nationwide, implicating a diverse array of retailers and highlighting the collaborative nature between highly organized criminal groups and lower-level fraudsters. The complexity of these cases often overwhelms local law enforcement agencies, as articulated by Capt. Matt Lawson of the Knox County Sheriff’s Office in Tennessee, who has been actively investigating a fraud ring with suspected ties to Chinese organized crime. "Unless the theft hits a certain dollar threshold or rises to the level of a federal crime, ‘it’s kind of like they get away with it almost,’" Lawson lamented, pointing to systemic challenges in addressing this sophisticated form of crime.
Anatomy of a Digital Heist: From Phishing to Payout
The genesis of tap-to-pay fraud often lies in a familiar, insidious tactic: phishing or, more commonly in recent years, smishing (SMS phishing). Fraudsters initiate the process by dispatching mass text messages designed to induce panic and urgency. These messages frequently warn recipients of unpaid toll bills, impending car registration expirations, or even fabricated legal judgments and arrests. The psychological manipulation aims to scare consumers into divulging sensitive information, including credit card details, email credentials, and other personal data. The advent of artificial intelligence has significantly amplified the efficacy and scalability of these schemes, enabling crime groups to generate highly convincing messages that appear legitimate, making them harder for average users to discern as fraudulent.
Once a victim’s email password and credit card information are compromised, the fraudsters move swiftly. Jeff Otto, the chief marketing officer of Riskified, a technology company specializing in fraud prevention for major retailers such as Foot Locker, Peloton, and BJ’s Wholesale Club, explained the next critical step. "Once a fraudster has a person’s email password and credit card, they can load that credit card into a device that they control." The challenge often lies in the bank’s verification process, which might trigger a one-time passcode sent to the cardholder. However, having access to the victim’s email account allows the fraudster to intercept and utilize this passcode before the legitimate cardholder even notices the suspicious activity, effectively bypassing security measures designed to protect consumers.
The Orchestration of Transnational Crime

While some low-level opportunists engage in tap-to-pay schemes independently, buying merchandise or gift cards to resell for quick cash, the operations linked to Chinese organized crime rings reveal an elaborate, multi-tiered network. Parks detailed the sophisticated mechanism designed to repatriate profits to China, circumventing stringent banking regulations in both the U.S. and China. The strategy involves using tap-to-pay fraud to acquire gift cards, which are then used to purchase high-value goods, particularly those with a premium resale market in China, such as iPhones configured for the American market. This method allows criminal organizations to convert illicit cash into legitimate, transportable assets, facilitating larger financial transfers outside traditional banking scrutiny.
At the base of this pyramid are "foot soldiers," often individuals who have entered the U.S. illegally and are indebted to smugglers or organized crime networks. These individuals are compelled to work off their debts, becoming the operational arm of the fraud. "So [they’re] going to instruct you on how to go into a store, convert the stolen credit card information into acquiring goods and then now you’re going to ship those goods back to China," Parks explained. He added that while these "foot soldiers" are often the ones arrested, they represent only the lowest echelon of a much larger, more complex criminal hierarchy.
Beyond direct tap-to-pay at physical terminals, the fraud extends to retail app exploitation. This involves stealing a consumer’s login credentials, accessing their retail account, and using stored credit card information to purchase merchandise or digital gift cards. Riskified’s Otto demonstrated how data breaches, phishing attacks, and social engineering tactics – where publicly available information is pieced together to construct a victim’s identity – can grant fraudsters access to these accounts. Investigations revealed that login credentials for platforms like Walmart’s app and website were being openly traded on Telegram channels for as little as $1.50 to $2.50, often accompanied by details about the account’s age. Otto pointed out that "These are older accounts that often get past some of the more rudimentary fraud checks [because] we tend to trust accounts that have been with us for a long time. And in this case, these can be sold." Telegram did not respond to requests for comment regarding its role in facilitating such illicit trades.
A critical vulnerability in the retail ecosystem stems from the differing security philosophies between retail platforms and financial institutions. Retail apps and websites, while convenient for shopping, frequently contain sensitive data including stored credit cards, personal information, and even access to store-branded credit accounts, as exemplified by Macy’s app allowing both shopping and bill payment. Otto emphasized, "It has a lot to do with the fact that they are focused on convenience and they’re focused on conversion, generating the maximum amount of online revenue, and because of that, they do not use bank-grade security. They don’t want to add additional friction." Walmart, in a statement to CNBC, affirmed its commitment to "customer privacy and safety" and stated it has "systems in place to help detect bad actors, prevent, and respond to unauthorized account access and is continuously enhancing these protections," further noting that "full payment card information is not stored in an unprotected form."
Spotlight on Specific Cases and Evolving Tactics
The investigation into tap-to-pay fraud across the country has revealed a blend of independent opportunists and highly organized criminal networks. In a notable case from January, Dancliff Labady was apprehended in Miami, accused of defrauding nearly $95,000 primarily by exploiting TJX Companies’ store-branded credit cards for TJ Maxx, Marshall’s, and Home Goods. According to police reports, Labady allegedly gained access to approximately 15 customer accounts by contacting Synchrony Bank, the card issuer, and fraudulently adding a phone number under his control to these accounts. With his number linked, he was able to load the cards into his digital wallet and execute dozens of transactions across Miami-area TJX stores during the bustling holiday shopping season, all without possessing physical cards. His arrest followed a report of suspicious activity by TJX’s asset protection team to Synchrony Bank. Labady has entered a plea of not guilty, and his attorney declined to comment. Synchrony stated it is fully cooperating with law enforcement and does not comment on ongoing investigations. A TJX spokesperson reiterated the company’s commitment to "protecting our customers’ personal information and our technology systems" and highlighted existing measures "to identify and address potential fraudulent account activity."
Further illustrating the cunning of these crime rings, the Knox County Sheriff’s Office, since spring 2025, has arrested over a dozen suspects with alleged connections to Chinese organized crime. These individuals were reportedly traversing the country, using stolen credit card information to purchase gift cards and launder money. A review of seized cell phones from these suspects unveiled the use of specialized applications that stored stolen credit card data, ingeniously disguised as innocuous games, often featuring anime or Pokémon-like characters, to evade detection. Captain Lawson recounted, "They look like anime games… We would just kind of start tapping on them… and we would find the ones that were the actual tap-to-pay apps."
Law Enforcement and Legislative Countermeasures
On a national scale, Homeland Security Investigations has launched "Project Red Hook," a targeted initiative to combat gift card fraud and other forms of digital retail crime. Since January 2024, this project has led to at least 239 arrests, primarily focusing on some of the largest Chinese organized crime groups operating within the U.S. This federal effort underscores the gravity of the threat and the commitment to dismantling these transnational networks.
For several years, the retail industry, in conjunction with various law enforcement organizations, has been actively advocating for legislative solutions. Their efforts have centered on the "Combating Organized Retail Crime Act," a proposed federal law designed to enhance information sharing between law enforcement agencies and retailers, streamline investigations into complex, multi-jurisdictional cases, and potentially introduce more severe penalties for such crimes. The bill successfully passed the House of Representatives in May and was subsequently included as an amendment to the National Defense Authorization Act in the Senate, with a vote anticipated before the end of the year.
Captain Lawson emphasized the critical need for improved collaboration and information exchange. "Law enforcement sometimes likes to hold information and not share everything and kind of compartmentalize it… even the retailers are guilty of this," he observed. He stressed that "The more information that we get out when we notice these people are breaking these laws," the more effective law enforcement will be in apprehending the culprits and disrupting these criminal enterprises. The fight against this evolving digital fraud requires a unified front, blending advanced technology, robust security protocols, inter-agency cooperation, and proactive legislative frameworks to safeguard consumers and the retail sector from these increasingly sophisticated threats. The stakes are high, impacting not just corporate balance sheets but also consumer trust and the integrity of the digital economy.
