Bridging the Gap between Cyber Crime and ORC

(This article originally appeared in Loss Prevention Magazine)

Cybercrime and organized retail crime (ORC) are words we hear on a daily basis. Let’s talk about how they’re related and how they’re different. ORC is very difficult to define because it falls under many different definitions depending on where you are reading it. For the purpose of this discussion, ORC is defined as groups of people engaged in illegally obtaining merchandise in substantial quantities through both theft and fraud for the purpose of resale. Cyber crime is defined as crime conducted via the Internet or some other computer network. The two have both similarities and differences.

The Progression of Theft

I have always felt the “broken window theory” is an accurate depiction of how crime can be generated both in real world and cyber settings. For those not familiar with the theory, it proposes that a small amount of disorder in a given community (think a wall of graffiti) can eventually become the norm and can permeate throughout the area. The graffiti was never washed off, so now it becomes a part of that society. Eventually the graffiti artists will spread their work to other walls since they saw there was no action taken to remove the first wall of graffiti.

This theory is very similar to the career path of a shoplifter turned booster turned fraudster. The shoplifter isn’t getting caught taking small amounts of items, so they try their luck at larger items. Once they get into the lifestyle of stealing and reselling larger quantities of goods, they need to do it more and more to keep up the lifestyle. Some of the largest ORC groups consist of people who started out as shoplifters who are now recruiting people to skim cards. Now more than ever I see them with someone else’s personal information, which makes me wonder if they are obtaining this information from the Dark Web or getting the information themselves. Is that ORC or cyber crime?

It depends on who uses the data or card numbers. An example: a skimmer is at a gas station pump. The person that installs the skimmer goes back to get the credit card information. They do one of two things—either sell it on the Deep Web or give it to a group who goes shopping. Is the first action cyber crime? Is the second ORC? My opinion is they are blurred together. How would your company define this?

The Evolution and Impact of Fraud

In the last few years when there were major breaches in retail, did you or your company measure the impact it had on your numbers? If you have a co-branded store card, was your customer affected, and did it affect your fraud rate? Did your calls relating to fraud increase? Do you have a strategy or plan to address or review? Does your company subscribe to a third-party intelligence company to keep up with underground chatter? How will the dynamic in-store change? Do you monitor healthcare breaches and see if there is a relationship with new account fraud?

If you answered “no” to most of those questions, then there’s a gap. If a group of hackers in Russia steals credit card information and sells it on the web, it may lean more to the cyber-crime side. These questions relate to the evolution of ORC and how we can impact it in the future. If you are caught off guard by these questions, imagine how you will react when this type of activity is at your front door.

We discuss these issues every month on the Loss Prevention Research Council’s Retail Fraud Task Force as well as the Future of LP and ORC Working Groups to discuss the changing fraud landscape. Cyber crime is a global issue, certainly much larger than any individual retailer. It is important to keep up to date on the latest trends and how they are affecting other retailers.

For loss prevention professionals, here are some fundamental takeaways:

  • Create common definitions for ORC and cyber crime and evaluate how certain criminal actions can be classified.
  • Keep abreast of breaches and other data-security issues that affect your customers, as that could be an indicator of the coming tide of fraud.
  • Develop a game plan for people who are detained with fake IDs, counterfeit cards, and skimmers, or for other crimes that require the person to assume another identity. It could be the ground intelligence you need to prevent future cyber crime.


Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit losspreventionmedia.com