Threat Analysis

The Organized Retail Crime (ORC) Research Series:

The Boosters: Don’t Get Used to the Boost

by | Apr 23, 2024 | Blog, Research

Executive Summary

Criminal boosters—individuals who steal and transport merchandise in support of Organized Retail Crime (ORC) enterprises—serve as the enterprise’s foundation, acquiring the goods it sells for profit. In this sequent report to our November 2023 publication on criminal fencers (who resell the stolen goods), we provide insight into methods, motivations, and practices ORC enterprises employ when commissioning and directing boosters. Partnerships with multiple major retailers and direct investigations into numerous case studies enabled our research.

Boosters regularly employ traditional methods of stealing; however, many also use unique or sophisticated methods to lift merchandise from retailers. We provide this overview on boosters to inform consumers and retailers how to identify potential interactions with boosters to protect themselves from the growing issue of ORC and protect employees from possible dangerous confrontations.

ORC Update

In our initial report, we highlighted the pervasive issue of ORC, emphasizing its distinct nature from ordinary shoplifting. ORC enterprises engage in large-scale theft of retail merchandise with the intent to resell the items for financial gain, causing harm to both major and minor retailers. Fencers play a crucial role in this illicit trade, selling stolen goods online or through various channels at considerable markdowns. ORC enterprises regularly ship products across state lines or even operate internationally, causing evolving challenges to online platforms, particularly with the implementation of the European Union’s Digital Services Act (DSA).

The European Union’s (EU) DSA went into effect on February 17, 2024, requiring online platforms to actively combat the distribution of illegal goods, services, and content (see source 1 in appendix). Online platforms could potentially be held responsible for the sale of illicit goods and services if they are aware of the activity and fail to stop it (see source 2 in appendix). To combat products sold by ORC enterprises, online marketplaces must verify the identities of third-party sellers and ensure products are not stolen or illegal goods. The DSA is forcing digital marketplaces to tackle organized retail crime and e-commerce fraud, likely motivating ORC enterprises to regularly adapt some of their tactics to attempt to evade these measures.



We provide the following recommendations for consumers who may interact with boosters during the course of their in-person shopping. While boosters generally steal from and interact directly with retailers, many events have the potential to become confrontational or violent. As such, we recommend that consumers keep the following in mind if they witness a booster at work:

Do not attempt to immobilize the booster or reclaim stolen goods. Contesting a thief is not a customer’s responsibility, and many retailers enforce non-engagement policies for store employees to ensure safety.

Maintain distance from those conducting boosting activities, as brazen actors move quickly and are likely apathetic to those in their way.

Inform store security of ongoing events, if possible. However, individual safety supersedes any other possible customer actions.


We provide the following recommendations to merchants who fall victim to ORC. These actions will allow retailers, law enforcement, and Managed Intelligence partners (Nisos) to use the intelligence gathered to identify, disrupt, and dismantle ORC enterprises. In addition, the intelligence can help retailers develop prevention measures to deter ORC.

Invest in store security measures that deter and stop booster activity, and regularly update policies to counter changing booster techniques.

Document and monitor for stolen inventory, as boosters deliver products to fencers who generally turn these products for resale quickly.
Monitor local online marketplaces, particularly within the first 24-48 hours of the larceny event, for resale of the documented stolen inventory.
Maintain lists or pictures of repeat shoplifting offenders, as boosters hit the same stores multiple times.
Many boosters identified in our research had prior arrests and criminal histories. Correlated with retailer images, previous arrest information could help law enforcement identify repeat offenders.
Maintain documentation of IDs used in returns and consider reassessing the threshold at which a unique ID or individual is flagged for multiple returns.
Multiple boosters identified in our research conducted fraudulent returns at different locations for the same retailer on consecutive days, including some days with multiple returns.
Consider enforcing stronger return policies, particularly if a location allows non-receipted returns in exchange for store credit.
Closer inspection of IDs used during returns or return limits could deter ORC enterprises from consistently targeting locations they deem amenable to their procedures.
Some employee attempts for closer ID inspection have led to physical confrontations, possibly increasing the risk of altercations if such a policy is enforced, particularly soon after its implementation.
Boosters traveled to alternate retailer locations to attempt similar returns when challenged on IDs, suggesting policies must be implemented and enforced simultaneously across all retailer locations to deter boosters.

What is “Boosting?”

Criminal boosters are individuals who steal merchandise to be sold by fencers. Boosters provide the foundational products required to sustain an ORC enterprise. Individuals who act as boosters in ORC enterprises represent a wide range of demographics. In our review of ORC-associated criminal cases and original research into ORC theft rings, boosters consisted of both male and female individuals. Boosters often expose themselves to significant risk of legal or other repercussions by conducting the operation’s “on-the-ground” public work and often—but not exclusively—represent vulnerable populations.

Our research into booster networks identified multiple operational procedures, including traditional shoplifting, exploiting company policies to obtain products and store credit, and working as a store employee “insider” providing stolen goods to fencers. While fencers regularly recruit individuals to steal goods, ORC enterprises also utilize and rely on close friendships or familial relationships to centralize trust, ease coordination, and simplify goods acquisition and shipment.

To obtain the complete research report, including endnotes, please click the button below.


The representative reporting contained herein from the Nisos research organization consists of analysis reflecting assessments of probability and levels of confidence and should not necessarily be construed as fact. All content is provided on an as-is basis and does not constitute professional advice, and its accuracy reflects the reliability, timeliness, authority, and relevancy of the sourcing underlying those analytic assessments.

About Nisos®

Nisos is The Managed Intelligence Company™. Our customized, scalable services enable cybersecurity,
corporate security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.