The line between online and physical retail has vanished—and criminals are taking full advantage.

Modern fraudsters operate seamlessly across both channels, executing sophisticated schemes. For example, an order placed online with stolen credentials might be picked up in-store using a fake ID and resold within minutes.

In this article, we’ll look at how e-commerce data—like customer behavior, IP addresses, and payment patterns—can help investigate crimes that move between online and in-store activity.

The New Reality: Fraud Has Gone Omni-Channel

Today organized groups combine digital scams with in-store tactics to maximize profit and confuse investigations. For example, a fraudster might place an order online using stolen credentials, then pick it up in-store using a fake ID. The item is quickly resold on platforms like Amazon, eBay, or even social media—often before the fraud is even detected.

These schemes exploit gaps between channels and cause real losses. Therefore, understanding this convergence is the first step to combating it effectively.

The Data Opportunity: Ecommerce as an Investigative Goldmine

Every online transaction leaves a trail. Clues like device IDs, IP addresses, browsing behavior, purchase patterns, and mismatched shipping details may seem harmless when viewed in isolation. But when you connect the dots, a very different picture emerges. 

For example, a single delivery address might show up in dozens of suspicious orders, or an IP address could be linked to multiple fake accounts. Suddenly, patterns begin to emerge—revealing connections between online activity and in-store fraud that might otherwise go unnoticed.

Building a Virtual Intelligence Operations Center (VIOC)

Fighting omnichannel fraud requires more than good tools. It requires alignment between teams.

Loss prevention, fraud analysts, IT, legal, and customer service teams must collaborate and share access to the same information to be effective.

Without that alignment, things start to break down: gaps form, work gets duplicated, and decisions are made with incomplete information.

And that’s exactly where fraudsters find their opportunity.

To bridge the gap and eliminate silos, the first step is to implement a virtual intelligence operations center (VIOC). With shared alerts, accessible case histories, and integrated reports, teams can collaborate seamlessly, understand their roles, and make informed decisions more efficiently.

It’s equally important to ensure the platform supports quick training for frontline staff. In a rapidly evolving environment, they must be able to spot digital warning signs—like suspicious withdrawals, altered documents, or unusual purchasing patterns—within minutes, so fraud teams can act immediately. 

By creating this virtual intelligence operations center (VIOC), teams can work together more effectively, leveraging real-time data sharing and decision-making. This accelerates responses and strengthens overall defenses.

Prevention vs. Prosecution: Striking the Right Balance

Combating growing threats requires a two-pronged approach.

It is essential to invest in controls like address verification, CVV checks, and multi-factor authentication in preventing fraud at the time of purchase. However, these measures alone are not sufficient. Moreover, it is also important to take legal actions with both digital and physical evidence to discourage future criminal activity.

Case Studies: When Online Fraud Meets Organized Retail Crime

Let’s look at some examples:

The Macks: $8M Stolen Cosmetics Resold on Amazon

Michelle and Kenneth Mack led a sophisticated operation that looted chains like Sephora and Ulta. The products were stocked and resold on legitimate marketplaces, such as Amazon. 

With the help of digital intelligence, authorities tracked sales to a “mini logistics center” installed in the couple’s garage. Both were convicted and sentenced in 2024.

Guzman Network: Cross-border Reselling in NYC and Abroad

Led by Cristopher Guzman and Yvelisse Batista, this network stole clothing and cosmetics from large retailers and resold the products both in New York and abroad.

Details like transaction volume, recurring delivery addresses, and shipping patterns uncovered the structure of illegal exports, making it one of the first cases to fall under the new legislation targeting the resale of stolen goods online.

Thomas Equipment Scheme: 150 fake IDs across 23 states

Jaylan Thomas used multiple fake identities to rent construction equipment from retailers like Home Depot and Lowe’s. After halting payments, he resold the items online at deep discounts.

By cross-checking bank details, IP addresses, and rental records, investigators were able to identify the pattern, linking the scam to over $800,000 in losses.

Gonzalez’s attack: 170 Million Cards Stolen via Code Injection

Between 2005 and 2007, Albert Gonzalez led a cybercrime ring that breached the corporate networks of major retailers—including TJX Companies—by exploiting system vulnerabilities using a database programming language known as SQL. This technique allowed the group to gain unauthorized access and install malware that harvested sensitive data, including credit and debit card information. 

The stolen data was later used to commit fraud both online and in physical stores, resulting in major financial losses. The TJX breach alone exposed over 45 million card numbers, marking it as one of the largest data breaches at the time. 

In 2010, Gonzalez was sentenced to 20 years in federal prison for his role in the TJX breach and other related cybercrimes. The case became a landmark example of how coordinated efforts between retailers, cybersecurity professionals, and federal investigators can lead to meaningful legal consequences in the fight against cybercrime.

Recommendations: Synchronizing Ecommerce and In-Store Fraud Prevention

Fraud does not respect borders. Therefore, your response also needs to be integrated.

The first step in connecting digital and in-store investigations is to adopt a centralized platform like Hubstream—one that unifies data across sources and departments. 

With connected analysis, investigators can trace relationships between online transactions, in-store incidents, and law enforcement cases—uncovering patterns that often go undetected.

The Next Step

If you would like to take your loss prevention or fraud detection operations to the next level, chat with us today. We are happy to help.