Stolen Cards Are Being Loaded Into Phone Wallets. Police Say Gift Card Fraud Is Now a $1B Retail Problem

Chinese organized crime group member
Image Credit: CNBC/Facebook.

The new wave of organized retail crime does not always look like someone running out of a store with a cart full of merchandise.

In many cases, police say, it can look like an ordinary shopper tapping a phone at checkout, buying a gift card or high-value item, and leaving before anyone realizes the payment came from stolen card data.

CNBC reported that tap-to-pay fraud, retail app scams, and stolen digital credentials are reshaping organized retail crime across the United States.

Law enforcement officials told CNBC that organized crime groups tied to these schemes may be making as much as $1 billion a year.

The Theft Starts Before the Store Visit

The in-store tap is often the last step. CNBC reported that stolen card data can come from phishing messages, compromised retail accounts, or login credentials sold through online channels.

A fake toll text, delivery notice, arrest warning, or account alert can push a victim to a phishing page that asks for card details and personal information. Once criminals have enough data, they can try to add the card to a phone wallet or retail account controlled by someone else.

The Phone Becomes the Payment Tool

Once stolen card information is loaded into a digital wallet, the person in the store does not need the physical card. The purchase can look routine: a phone tap, a gift card purchase, and a quick exit.

That makes the fraud harder to spot than a traditional grab-and-run theft. A cashier or self-checkout system may see a completed payment, while the real cardholder is somewhere else and may not notice until a bank alert, declined transaction, or chargeback appears.

Gift Cards Turn Stolen Data Into Cash

Gift cards are useful to fraud groups because they can be bought quickly, moved across accounts, and resold at a discount. CNBC described fraudsters using stolen cards and tap-to-pay transactions to purchase gift cards or high-value goods that can later be converted into cash or shipped for resale.

Homeland Security Investigations has also targeted gift card fraud through Project Red Hook, which focuses on how organized crime groups exploit gift cards to launder money. HSI said the project specifically targets Chinese organized crime groups because of the cross-border nature of the crime.

The person making the purchase may be only the visible layer. CNBC reported that lower-level participants can be directed by organizers who stay away from the store while stolen cards, phone wallets, and retail accounts are used to turn digital theft into gift cards and merchandise.

Recent Cases Show the Pattern

Greenwich police in Connecticut said earlier this year that plainclothes officers saw activity consistent with organized credit card fraud while targeting organized retail crime. In one February incident, police said two New York men used 15 different credit or debit cards through tap-to-pay methods in an attempt to buy gift cards at multiple stores.

In a separate incident days later, police said another man used multiple tap-to-pay methods on different cards while attempting to buy gift cards in Greenwich and Stamford. Greenwich police said the men’s behavior, payment methods, burner phones, and card activity were consistent with tactics used by organized criminal groups.

Congress Is Looking at Organized Retail Crime

The U.S. House passed the Combating Organized Retail Crime Act of 2025 in May. The bill is aimed at organized crime involving illegally obtained retail goods and cargo sold through physical and online marketplaces.

A summary from Rep. Dina Titus’ office said the bill would create a coordinated federal response to organized retail crime. A House summary also said the legislation would expand federal money-laundering law to include offenses involving general-use prepaid cards, gift certificates, and store gift cards.

Cardholders Should Watch Wallet and Retail App Alerts

The victim in a tap-to-pay fraud case may never be near the store. They may have clicked a fake text days earlier, reused a password, or had a retail account compromised without knowing where the information went.

Cardholders should turn on transaction alerts, watch for messages saying a card was added to a new wallet or device, and treat unfamiliar retail-app logins as urgent. If a bank sends a wallet-enrollment code, password reset, or login warning that the customer did not request, the safest move is to contact the bank through the number on the card or the official app, not through a link in the message.

People who see unfamiliar tap-to-pay purchases, gift card charges, or retail-app orders should lock the card, dispute the charges, change passwords from a clean device, remove unknown wallet devices, and check whether the same password was reused elsewhere. They should save bank alerts, screenshots, merchant names, timestamps, emails, text messages, order confirmations, and card statements before reporting the fraud to the bank, the retailer, the FTC at ReportFraud.ftc.gov, or the FBI’s Internet Crime Complaint Center at IC3.gov.