Stocks

Retail fraud rings shift from stolen goods to stolen digital wallets

Police say tap-to-pay and app fraud are helping organized retail crime move from store aisles to phones, gift cards and resale networks.

Dev Ramirez

By Dev Ramirez · Crypto Correspondent

· 4 min read

Retail fraud rings shift from stolen goods to stolen digital wallets
Photo: CNBC

Retail theft is moving from visible shoplifting to quieter digital fraud that can happen at self-checkout or inside a shopping app. For investors following chains such as Lowe’s, Home Depot, TJX Companies and Walmart, the risk sits in a costly middle ground between cybersecurity, payments and store operations.

Police told CNBC that Chinese organized crime groups are using stolen card data, tap-to-pay systems and retail apps to buy gift cards and high-value goods. Law enforcement officials said the activity may generate as much as $1 billion a year for Chinese gangs.

Tap-to-pay fraud means a criminal loads stolen credit card information into a phone’s digital wallet, then uses the phone at a checkout terminal as if it were a normal card. In one Louisiana case described by Adam Parks, an assistant special agent in charge with U.S. Homeland Security Investigations, a suspect repeatedly bought $95 gift cards at a Lowe’s self-checkout while being coached through wireless headphones by a Southeast Asian scam compound.

Parks said the suspect later bought more gift cards at other retailers and returned to the same Lowe’s that day. He said the man has not been arrested and remains a suspect. Lowe’s did not respond to CNBC’s repeated requests for comment.

How the fraud works

The scams often begin with texts about unpaid tolls, expired registrations or pending arrests, according to experts cited by CNBC. Those messages are designed to push consumers into giving up credit card details, email passwords or other personal information. Artificial intelligence has made it easier for criminal groups to scale those messages and make them look more credible, experts said.

Jeff Otto, chief marketing officer at Riskified, a fraud-prevention company that works with retailers, said access to both a credit card and an email account can let criminals add the card to a device they control. If a bank sends a verification code by email, the criminal may be able to retrieve it before the cardholder realizes anything is wrong.

Gift cards are central to the scheme because they can be resold at a discount or used to buy products that are easier to resell. Parks said organized groups use gift cards to buy items such as iPhones with American settings, then ship those goods to China for resale. He said the process can help criminal groups move money around banking restrictions in the U.S. and China.

Retail app fraud follows a related path. Criminals steal login credentials, enter a customer’s account and use stored payment information to buy merchandise or gift cards. CNBC reported that Walmart login credentials were being sold on Telegram channels for $1.50 to $2.50, with details on how long the accounts had been active. Telegram did not respond to a request for comment.

Walmart told CNBC that customer privacy and safety is a top priority, and said it has systems to detect, prevent and respond to unauthorized account access. The company also said full payment card information is not stored in an unprotected form.

Cases stretch across retailers

CNBC said it reviewed nearly a dozen criminal cases involving retailers including Lowe’s and TJX. In Miami, police arrested Dancliff Labady in January and accused him of stealing nearly $95,000, mostly through TJX store-branded credit cards for TJ Maxx, Marshalls and HomeGoods, according to a police report. Labady has pleaded not guilty, and his attorney declined to comment.

Police alleged Labady gained access to about 15 customer accounts by calling Synchrony Bank, the card issuer, and adding a phone number he controlled. Synchrony told CNBC it does not comment on ongoing investigations and is cooperating with law enforcement. TJX said protecting customer information and technology systems is very important to the company, and said it has measures to identify and address potential fraudulent account activity.

In Tennessee, Capt. Matt Lawson of the Knox County Sheriff’s Office said investigators have arrested more than a dozen suspects since spring 2025 with alleged ties to Chinese organized crime. Lawson said seized phones contained apps that looked like anime games but were actually tap-to-pay tools holding stolen card information.

Homeland Security Investigations is also targeting gift card fraud through Project Red Hook. HSI said the effort has led to at least 239 arrests since January 2024.

Retailers and law enforcement groups have pushed Congress to pass the Combating Organized Retail Crime Act, which they say would improve information sharing in complex cases. The bill passed the House in May and was recently added as an amendment to the Senate’s National Defense Authorization Act, with a vote expected before the end of the year.

This story draws on original reporting from CNBC.

More from Stocks

All Stocks