The Blurring Lines between ORC and Cyber Crime

(This article originally appeared in Loss Prevention Magazine)

In 2003, the Loss Prevention Research Council (LPRC) worked on a three-year international research project with the University of Leicester, UK. The research was focused on the impact of organized retail crime (ORC) on communities, businesses, and individuals. This became the pivotal point when retailers transitioned away from using the term organized retail theft (ORT) and started using the term ORC.

I recall reading the research project and realizing that this was the first time I had seen fact-based research that covered the broad scope of ORC. The project talked about the real reach of ORC, police corruption, collateral damage, illegal immigration tactics, and many other facets of it. “Our sixty-plus retail chain members are increasingly describing more ORC crews that have moved in part or totally from in-store to online activities. The move is mostly dependent on having the needed skills,” said Read Hayes, PhD, a research scientist at the University of Florida and director of LPRC.

Fast-forward to 2018, and you would probably see all the same topics with the addition of the terrorism funding and potentially human trafficking.

The ORC Triad

When I think of ORC, I break it down into three categories. One is theft, which could be theft of goods, service, or cash—basically theft of anything. The second category is fraud. Just like theft, this could be any type of fraud—check, credit card, document fraud, and others. And lastly is cyber crime. I think that’s the one that’s often missing when we talk about ORC, especially in retail. If you ever heard me speak about ORC, you would hear me refer to the “ORC triad,” and this term refers to the three categories I just described. I believe that looking at ORC as this triad is all-encompassing, and this allows you to build programs and culture around the total scope of ORC.

ORC today differs from years ago. Now a shoplifter turns booster, then moves to fraud, then easily jumps right into cyber crime. The dark web and the Internet in general have a host of tutorials and manuals on how to commit cyber crime. For example, the dark web has groups like The Shadow Brokers (TSB), which allow people with little to no computer skills to purchase malicious software and instructions on how to deploy it. TSB even offers a subscription-like service to its members for access to new releases of the latest and greatest tools to commit the nefarious actions via computer. You read it right—you can search the web to learn how to become a hacker, or you can pay a subscription fee and have someone provide you all the tools. What could be easier?

Bridging the Gap

In July 2016, I wrote an article in this column titled “Bridging the Gap between Cyber Crime and ORC.” I received a lot of feedback and have spoken about this topic several times since then. The number one question I got was on how to determine if it’s ORC or cyber crime when the lines are blurred. The simple definition of cyber crime is criminal activities carried out by means of computers or the Internet. However, my goal is not to redefine ORC or cyber crime; rather it is to have organizations rethink their approaches and realize how often they are one and the same.

I’ll use an example that we often see in retail. Someone enters the store with a stolen credit card and uses it to purchase three mobile phones. Is that cyber crime? The short answer is no; it’s credit-card fraud. But what if that same person purchased that credit-card number on the dark web and made a counterfeit credit card? Does that change the response? Is it cyber crime now?

Retailers are facing these types of cases day in and day out. In my experience, it is a lot easier to put a case together for local, state, or federal law enforcement when there’s an element of a computer crime. I personally had experiences where I worked with law enforcement on ORC cases with several million dollars of loss, and it took several years to bring those cases to closure. I also had personal experiences where cases were much smaller in volume but were easily prosecuted when they involved the cyber-crime or computer-crime element.

I reached out to Joseph LaRocca, the senior advisor at Retail Partners, who is a globally recognized expert in shrink reduction and retail crime issues. I asked him about his thoughts on the evolution of ORC. LaRocca said, “Organized retail crime activity continues to evolve, and with the development of new technology, criminal bad actors are refining their techniques to target traditional physical assets and virtual assets across vast geographic hubs.”

I hope this article gives you a different point of view on ORC and on its evolution and impact. Cyber crime is a global issue certainly much larger than any individual retailer. It’s important to keep up to date in the latest trends and how they are affecting other retailers.

 


Tom’s column regularly appears on every issue of LP Magazine. To subscribe to the printed version of the magazine and enjoy other great content visit losspreventionmedia.com