Tap-to-pay fraud is becoming a quieter and harder-to-detect form of organized retail crime. Instead of stealing merchandise directly from store shelves, criminals are using stolen credit card credentials, compromised retail accounts and digital wallets to complete transactions that often look legitimate.
According to a CNBC investigation, these schemes frequently begin with phishing messages designed to steal payment information and account credentials. Criminals then load the stolen card into a digital wallet or take control of an existing retail account before using ordinary-looking purchases to convert the stolen credentials into gift cards and high-value products.
For retailers and brands, the shift means organized retail crime can no longer be viewed only as a physical loss-prevention problem. It increasingly involves identity theft, account takeover, payment-system abuse and coordinated activity across stores, digital platforms and international resale networks.
Table of Contents
- What Is Tap-to-Pay Fraud?
- How the Scheme Works
- Why Gift Cards and High-Value Products Are Targeted
- Why Retailers Are Vulnerable
- Retail Account Fraud Extends Beyond Tap-to-Pay
- Scale and Enforcement Challenges
- Why Tap-to-Pay Fraud Is Difficult to Detect
- What Retailers and Brands Should Monitor
- What the Shift Means for Brands
- Frequently Asked Questions
What Is Tap-to-Pay Fraud?
Tap-to-pay fraud occurs when a criminal adds stolen credit card information to a digital wallet and uses a mobile device to purchase merchandise or gift cards.
Because the payment is processed through a digital wallet, the transaction can appear similar to any other contactless purchase. The individual making the purchase may walk through a self-checkout lane, tap a phone against the payment terminal and leave without creating the visible disruption associated with traditional shoplifting.
Tap-to-pay fraud may also involve retail account takeover. In these cases, criminals steal a customer’s login credentials, access the customer’s stored payment methods and make purchases through the retailer’s app or website.
Both methods allow criminals to use legitimate payment infrastructure while hiding the fact that the underlying card, account or identity has been compromised.
How the Scheme Works
The fraud typically begins before the criminal enters a retail store.
Victims receive convincing phishing messages about unpaid tolls, expiring vehicle registrations, pending arrests, criminal judgments or other urgent issues. The goal is to frighten the recipient into providing credit card details, email credentials or other sensitive personal information.
Once criminals obtain the necessary information, the scheme generally follows several steps:
- The victim’s payment information is stolen. The victim enters credit card details into a fraudulent website or form controlled by the criminals.
- Email or account credentials may also be compromised. Access to the victim’s email can allow criminals to intercept one-time passwords or security alerts from the card issuer.
- The stolen card is added to a digital wallet. Criminals load the card into a device they control and complete any required verification using the victim’s compromised email account.
- A retail account may be taken over. In retail app fraud, criminals access an established customer account and use the payment cards already stored within it.
- Low-level participants make the purchases. Individuals sometimes described as “foot soldiers” enter stores and purchase gift cards or high-value products, frequently at self-checkout.
- The stolen value is converted into resellable assets. Gift cards may be sold at a discount or used to purchase electronics and other products that can be shipped and resold overseas.
By separating the theft of the credentials from the in-store purchase and the eventual resale of the merchandise, criminal networks make the full operation more difficult to detect.
Why Gift Cards and High-Value Products Are Targeted
Gift cards allow criminals to convert stolen payment credentials into a flexible and easily transferable form of value.
They can be resold for cash, traded through online channels or used to purchase merchandise. Criminal networks may use the cards to buy high-value electronics, including smartphones, which can then be shipped overseas and resold at a premium.
This process can also help organized groups move money outside traditional banking channels. Instead of transferring stolen funds directly, they convert the value into gift cards and physical products that can be transported, resold or integrated into the legitimate economy.
Gift cards are particularly attractive because criminals can divide purchases into smaller transactions. A series of relatively low-value purchases may attract less attention than a single large transaction, even when the combined value is substantial.
Why Retailers Are Vulnerable
Retailers are attractive targets because their apps, websites and customer accounts often contain valuable payment and personal information.
A retail account may provide access to:
- Stored credit cards
- Personal customer information
- Loyalty rewards
- Purchase history
- Store credit
- Store-branded credit cards
- Saved addresses and contact information
However, retail platforms may not always use the same security controls as banking applications.
Retailers are primarily focused on helping customers complete purchases quickly. Adding more authentication steps may reduce fraud, but it can also create checkout friction, increase cart abandonment and negatively affect conversion rates.
This creates a difficult balance between security and convenience.
Criminals can also take advantage of older customer accounts. An account that has existed for many years and contains a normal purchase history may appear more trustworthy to basic fraud detection systems than a recently created account.
CNBC reported that login credentials for older retail accounts were being offered for sale through online channels. The age and history of those accounts can help criminals bypass rudimentary checks designed to identify suspicious users.
Retail Account Fraud Extends Beyond Tap-to-Pay
Tap-to-pay is only one part of the broader threat.
Retail app fraud occurs when criminals obtain a customer’s username and password through data breaches, phishing or social engineering. After accessing the account, they can use stored cards or store-credit access to purchase merchandise and gift cards.
The fraudster may also change account details, add a new phone number or manipulate the account recovery process.
Because the transaction occurs through an established customer profile, the activity may initially appear legitimate. The retailer sees a recognized account, a stored payment method and a purchase similar to ordinary customer behavior.
This makes account takeover especially difficult to distinguish from normal shopping activity without stronger behavioral monitoring.
Scale and Enforcement Challenges
The total scale of digital retail crime is difficult to calculate.
Law enforcement officials told CNBC that networks linked to Chinese organized crime may generate as much as $1 billion annually through tap-to-pay fraud and related schemes. However, the report also emphasized that there is no firm industrywide estimate of how much retailers are losing.
CNBC identified roughly a dozen criminal cases across the United States involving a variety of retailers. The cases included both low-level opportunists and more structured criminal networks using stolen payment information, digital wallets and compromised retail accounts.
On the federal level, Homeland Security Investigations said its Project Red Hook initiative had produced at least 239 arrests since January 2024. The operation focuses on gift card fraud and other forms of digital retail crime, including activity connected to major organized crime groups.
Despite these enforcement efforts, the cases remain difficult to investigate.
Individual transactions may be relatively small. A purchase of several gift cards worth less than $100 each may not appear significant to a local police department, even when similar purchases are happening at hundreds of stores across the country.
The operation may also involve several distinct participants:
- Criminals conducting phishing campaigns
- Sellers of stolen credentials
- Individuals accessing compromised accounts
- Foot soldiers making store purchases
- Gift card resellers
- Buyers of high-value merchandise
- International shipping and resale networks
The person making a purchase inside a store is often one of the lowest-level participants in the organization. The individuals controlling the stolen data, directing the activity or receiving the profits may operate in another state or another country.
Jurisdiction is another obstacle. A single scheme may include victims, transactions, retailers and criminal participants located across several cities, states and countries.
Local authorities may struggle to connect isolated incidents to the wider network, particularly when the value of each individual transaction falls below the threshold needed to attract federal attention.
Information sharing can also be inconsistent. Retailers, banks, local police and federal agencies may each hold a different part of the evidence. Without coordinated information sharing, suspicious transactions can remain isolated instead of being recognized as part of a larger pattern.
Why Tap-to-Pay Fraud Is Difficult to Detect
Traditional shoplifting creates visible warning signs. A person may conceal merchandise, clear a shelf, avoid payment or attempt to leave a store with a full cart.
Tap-to-pay fraud looks very different.
The criminal may:
- Select products normally
- Scan them at self-checkout
- Use a mobile phone to complete payment
- Receive an approved transaction
- Leave with a receipt
From the perspective of the store employee, the purchase may appear legitimate.
The fraud may only become visible later, after the cardholder disputes the transaction or the bank identifies the card as compromised. By that point, the gift cards may have been resold or the merchandise may already be in another jurisdiction.
Criminals may also spread purchases across multiple locations and keep individual transaction amounts low. This reduces the likelihood that a single store or local authority will immediately recognize the broader pattern.
What Retailers and Brands Should Monitor
The shift toward digital organized retail crime requires retailers and brands to look beyond traditional in-store loss prevention.
Important signals may include:
- Repeated gift card purchases
- Multiple similar transactions within a short period
- Unusual transaction velocity
- Purchases across multiple store locations
- New digital wallet registrations
- Changes to email addresses or phone numbers
- Repeated password resets
- Suspicious account recovery activity
- Logins from unfamiliar devices or locations
- High-value purchases from dormant accounts
- Stored payment methods used after account changes
- Multiple declined payments followed by successful transactions
- Unusual combinations of gift cards and electronics
No single signal necessarily confirms fraud. However, connecting payment behavior, account activity, device information and cross-location transactions can help retailers identify coordinated patterns that may not be visible at the store level.
Retailers may also need closer coordination between asset protection, cybersecurity, fraud prevention, e-commerce, customer service and payment teams. Digital retail crime frequently crosses the boundaries between these functions.
What the Shift Means for Brands
The impact of organized retail crime does not end when merchandise leaves the store.
Products purchased through fraudulent transactions may later appear in unauthorized resale channels or on online marketplaces. This can create additional risks involving unauthorized sellers, channel disruption, pricing instability and uncertainty around the source of the inventory.
Brands may not always be able to determine whether products being resold online originated through fraud, theft, liquidation, diversion or legitimate distribution.
This makes marketplace monitoring and seller investigation increasingly important. Unusual inventory patterns, sudden increases in third-party offers or recurring sellers with unclear product sources may be signals that require additional review.
The connection between digital payment fraud and downstream resale also demonstrates why physical loss prevention, account security and marketplace enforcement should not be treated as completely separate issues.
Frequently Asked Questions
What is tap-to-pay fraud?
Tap-to-pay fraud occurs when criminals add stolen credit card information to a digital wallet and use a mobile device to purchase gift cards or merchandise. The payment may appear legitimate even though the underlying card credentials were stolen.
How does tap-to-pay fraud relate to organized retail crime?
Organized criminal networks can use stolen payment credentials, digital wallets and low-level participants to make purchases across multiple retail locations. Gift cards and high-value products are then resold or transferred through broader criminal networks.
Why do criminals purchase gift cards?
Gift cards allow criminals to convert stolen credit card information into a transferable form of value. They can be resold, exchanged or used to purchase high-value merchandise.
Why are retail accounts targeted?
Retail accounts may contain stored payment cards, personal information, loyalty rewards, purchase history and access to store credit. Older accounts can also appear trustworthy to basic fraud detection systems.
Why is digital retail fraud difficult to investigate?
Transactions may be relatively small and spread across multiple stores, jurisdictions and countries. The person making the purchase may also be separated from the individuals stealing the credentials and controlling the broader operation.
How can retailers detect tap-to-pay and retail account fraud?
Retailers can monitor unusual gift card purchases, transaction velocity, cross-location activity, account credential changes, unfamiliar devices, suspicious digital wallet activity and high-value purchases from compromised or dormant accounts.
Organized retail crime is shifting from visible shoplifting toward identity theft, retail account takeover and payment-system abuse.
Criminals are using stolen credit cards, compromised email accounts, digital wallets and established retail profiles to complete transactions that look ordinary. Gift cards and high-value products then allow them to convert stolen credentials into value that can be resold, transferred or moved internationally.
For retailers and brands, protecting physical inventory is no longer enough. The threat now requires closer monitoring of digital wallets, compromised customer accounts, repeated gift card purchases, transaction velocity, cross-location activity and the resale channels where fraudulently purchased merchandise may eventually appear.
As organized retail crime becomes more digital and less visible, the organizations best positioned to respond will be those capable of connecting activity across accounts, payments, stores, devices and marketplaces. Contact Brand Alignment to learn how we can help.
Take control of your marketplace presence with fast, effective brand protection strategies.
Every day, unauthorized sellers and MAP violations can erode your pricing, reputation, and revenue. Don’t wait for problems to escalate, start enforcing your policies and reclaim your market authority with our proven tools and expert support.



