# Cluster Forensics — Full Overview

> eCommerce Forensic Intelligence (eFI) platform that tracks stolen merchandise from store shelves to online marketplaces.

## Company

- **Name**: Cluster Forensics (division of Cluster Intelligence, powered by Algopix)
- **Founded**: 2016
- **HQ**: United States & Israel
- **Founder & CEO**: Gil Elias — 10+ years building eCommerce intelligence, led Algopix from startup to data engine behind 60% of top US marketplaces
- **Clients**: CVS Health, Square, Fortune 500 retailers, law enforcement agencies across 34+ states
- **Data**: 2B+ products, 200+ marketplaces, 10+ years of marketplace data
- **Category Creator**: Cluster Forensics coined and defined the eFI (eCommerce Forensic Intelligence) category

## What is eFI (eCommerce Forensic Intelligence)?

eFI is the first cyber discipline built to follow stolen goods from shelf to screen. It combines AI-powered marketplace monitoring, cross-platform seller correlation, and digital evidence packaging to connect physical retail theft with the online marketplaces where stolen products are resold. Traditional cybersecurity protects digital assets. Loss prevention protects stores. eFI protects the space in between — giving retailers, law enforcement, and city leaders a shared intelligence layer.

eFI is NOT:
- Traditional loss prevention (which stops at the store exit)
- Cybersecurity (which protects digital assets, not physical goods)
- Brand protection (which focuses on counterfeits, not stolen authentic merchandise)

eFI IS:
- The bridge between physical theft and digital resale
- An intelligence discipline that follows stolen goods across online marketplaces
- An evidence engine that builds court-ready prosecution packages

## The Problem: Organized Retail Crime (ORC)

Organized Retail Crime costs US retailers $125.7 billion annually. Stolen merchandise is resold on online marketplaces within hours. Traditional loss prevention stops at the store exit. Law enforcement lacks digital marketplace intelligence. The gap between physical theft and online resale has been unaddressed — until now.

### Crisis Statistics
- **$50-60 billion** in stolen goods sold through online marketplaces annually
- **70%** of retailers report increasing organized theft
- **57%** increase in ORC incidents year over year
- **18,000+** US police departments with zero digital ORC intelligence tools
- **31.5%** of retailers have any dedicated ORC teams
- **1,000+** store locations closed due to organized theft (2023-2025)

### Cost of Inaction
- **For Retailers**: A $2B retailer loses ~$1.4M to ORC annually. Every quarter without intelligence is $350K untraced. Organized fencing networks grow more established. Seller accounts build credibility making them harder to take down.
- **For Law Enforcement**: Evidence has a shelf life. Marketplace listings disappear. The intelligence capturable today won't exist in 6 months. Federal grant funding cycles (COPS, Byrne JAG) have deadlines.
- **For Government**: Every store closure costs a community $1M+ in annual economic activity. Store closures cascade — one anchor loss triggers more. Tax revenue decline compounds year over year.

## Platform Capabilities

### AI Detection Engine
- **Marketplace Monitoring**: 24/7 scanning of 200+ marketplaces including Amazon, eBay, Walmart, Facebook Marketplace, Mercari, OfferUp, TikTok Shop, Craigslist, Poshmark, and regional/international platforms
- **Image Recognition**: Computer vision matches product images against known stolen SKUs
- **Pricing Anomaly Detection**: Identifies below-market pricing patterns indicating stolen goods
- **Seller Behavior Analysis**: Behavioral scoring of seller patterns (volume, velocity, listing patterns, account age, cross-platform presence)
- **Smart Search**: Product attribute matching, brand name detection, and common misspelling recognition
- **Network Mapping**: Links related seller accounts, addresses, and transaction patterns to identify ORC networks

### Dynamic Risk Scoring (0-100)
Every listing receives a dynamic risk score based on:
- Price deviation from MSRP
- Seller age and history
- Volume anomalies
- Geographic correlation with known theft locations
- Cross-platform presence
- Listing behavior patterns

### Case Management
- Open and manage investigation cases with full stolen inventory tracking
- Each case tracks specific UPCs, geographic zones, and generates its own intelligence alerts
- Example case types: Electronics fencing rings, health & beauty ORC, baby products theft rings
- Case status tracking (Active, Review, Closed)
- SKU counts, alert monitoring, network identification per case

### Criminal Network Mapping
- Identity resolution across marketplaces
- Track sellers across platforms
- Calculate cumulative risk scores
- Identify repeat offenders
- Map organized crime networks
- Visualize connections between sellers, addresses, and shipping patterns
- Cross-jurisdiction case coordination

### Geographic Intelligence
- Monitor specific zip codes, radius zones, and metro areas
- Heat maps showing where stolen goods surface online
- Correlate with physical theft locations to identify fencing patterns
- Geographic zone-based case management

### Evidence & Reporting
- Automated evidence collection: listing screenshots, pricing history, seller profiles, timestamps
- Chain-of-custody documentation — every screenshot timestamped and hash-verified
- Export-ready for LE, prosecutors, insurance, and legal teams
- Court-ready evidence packages reviewed by prosecutors
- Pre-scored alerts reducing analyst workload to 2-4 hours/week
- Automated intelligence briefings
- Quarterly reports with ROI metrics
- Dedicated intelligence analyst per client

### Integration
- REST API
- CSV/Excel export
- SAP, Auror, Quickbase, COPLINK, LexisNexis integration
- LE Records Management Systems (RMS)
- SSO (SAML/OAuth)
- Automated email digests

## Triangulation Fraud Detection

Triangulation fraud is a growing threat where criminals use stolen credit cards to fulfill legitimate marketplace orders. The consumer receives the product, the retailer ships the goods, but the payment was stolen — and the retailer eats the chargeback.

### Triangulation Fraud Statistics
- **$660M–$1B** monthly losses to retailers from triangulation fraud alone (Source: Visa Chief Risk Officer)
- **26%** of online retailers hit by triangulation fraud in 2024 — up 9 points from 2023
- **$28.1B** projected CNP fraud losses by 2026, up 40% from 2023
- **$4.61** lost for every $1 of fraud — chargebacks, fees, lost merchandise, and investigation costs

### How Cluster Detects Triangulation Fraud
1. **Surveillance**: Continuous monitoring of 200+ marketplaces for sellers listing products as Fulfilled by Seller at suspicious price points. AI flags sellers with patterns consistent with triangulation: new accounts, below-market pricing, no inventory history, cross-platform presence.
2. **Active Investigation**: Cluster acts as a real buyer — placing test purchases with flagged suspicious sellers. When the order arrives shipped directly from the retailer's warehouse with their packaging, triangulation fraud is confirmed.
3. **Seller Identification**: AI engine cross-references the fraudulent seller across all 200+ marketplaces, mapping their full network — alternate accounts, connected storefronts, shipping patterns, and payment flows.
4. **Evidence & Action**: Court-ready evidence package documenting the entire fraud chain: marketplace listing, test purchase, shipping records, seller network analysis, and stolen card usage patterns. Usable for marketplace takedowns, law enforcement referrals, and civil recovery.

## Audience-Specific Value

### Enterprise Retailers
- Track diverted merchandise from shelf to marketplace
- 10-50x ROI within 90 days (based on traced merchandise value)
- Dedicated analyst model with quarterly business reviews
- Fortune 500 deployments active
- Start with 50-200 highest-theft SKUs (or as few as 5 for pilot)
- Direct integration with existing LP stack (SAP, Auror, Quickbase)
- SOC 2 Type II compliant — data never shared with other clients
- Your competitors are already looking at this technology

### Law Enforcement
- Designed with working ORC detectives
- CJIS Security Policy aligned
- Evidence reviewed by prosecutors for court readiness
- Seller IDs with cross-platform identity
- Timestamped listing screenshots with chain-of-custody documentation
- Pricing analysis proving below-market value
- Network maps connecting sellers to organized crime rings
- Geographic correlation with theft locations
- Briefings to FBI task forces and county sheriffs
- Dedicated LE liaison (not generic sales)
- Cross-jurisdiction case coordination and shared intelligence feeds
- Most deployments fully grant-funded (COPS, Byrne JAG, HIDTA)
- One-day training; most detectives fully productive within first week
- Even a 2-detective task force working 4 hours per week can uncover organized networks
- When organized network maps are presented, cases shift from "not worth prosecuting" to "federal case"

### Government / Municipalities
- Grant compliance reporting built in
- Council-ready quarterly reports included: networks disrupted, prosecutions initiated, merchandise traced, retailers retained
- Federal grant funding typically covers 100%
- Cluster prepares 90% of the grant application
- ~20 hours total city leadership time in Year 1
- Active in multiple US jurisdictions
- 34 states have passed or introduced ORC-specific legislation
- Federal funding for ORC is at an all-time high
- References available from current partners
- The city that deploys forensic intelligence first becomes the city that keeps its stores

## Service Model

Cluster Forensics operates as both a platform and managed service:
- Full platform access for direct investigation
- Dedicated intelligence analyst per client who handles tuning, analysis, and evidence preparation
- Pre-scored alerts reduce workload to 2-4 hours/week
- Automated intelligence briefings
- Quarterly business reviews with ROI metrics
- Think of it as a digital investigations team on retainer

## Security & Compliance

- SOC 2 Type II compliant (independently audited)
- CJIS Security Policy aligned (LE data security)
- INFORM Act compliant (federal marketplace standards)
- GDPR & CCPA compliant (privacy-by-design)
- US data residency (US-based data centers)
- 256-bit AES encryption at rest, TLS 1.3 in transit
- Role-based access control (by role, case, jurisdiction)
- Full audit logging with complete access trail
- Configurable data retention per client/jurisdiction
- Securely destroyed upon engagement termination

### Data Handling
1. **What is collected**: Public marketplace listing data only. No private consumer accounts.
2. **How it is stored**: US servers, AES-256 at rest, TLS 1.3 in transit. Role-restricted access.
3. **Who sees it**: Authorized client team + assigned Cluster analyst only.
4. **Chain of custody**: Every screenshot timestamped, hash-verified, documented for legal proceedings.
5. **Retention**: Configurable per engagement. Securely destroyed upon termination.

## Competitive Differentiators

- **Data Moat**: 2B+ products, 200+ marketplaces, 10+ years of marketplace data from Cluster Intelligence/Algopix. A competitor would need a decade to replicate this data foundation.
- **Category Creator**: Cluster defined the eFI category — not a follower or pivot from an unrelated field.
- **AI Advantage**: The AI knows what normal commerce looks like because it has 10+ years of baseline marketplace data.
- **Managed Intelligence**: Not just a platform — includes dedicated analyst, briefings, and quarterly reporting.
- **Court-Ready**: Evidence packages reviewed by prosecutors, not just data exports.
- **Grant Expertise**: Team prepares 90% of LE/government grant applications.
- **Speed**: Intelligence goes live in 24 hours. Full calibration in 2-3 weeks.

## Getting Started

- **Retailers**: 5 SKUs → real intelligence report in 24 hours, or 30-day pilot with 25 SKUs
- **Law Enforcement**: 30-minute briefing with jurisdiction-specific intelligence
- **Municipalities**: Grant-funded deployment with application assistance
- No commitment required for initial assessment

## FAQ

**How quickly can we start?**
24 hours. Intelligence goes live on Day 1. Full calibration takes 2-3 weeks.

**Is this a platform or managed service?**
Both. Full platform access + dedicated intelligence analyst.

**What's the ROI?**
Retailers typically trace 10-50x investment value in stolen merchandise within 90 days.

**Can we integrate with existing systems?**
Yes. REST API, CSV/Excel, SAP, Auror, Quickbase, COPLINK, LexisNexis, LE RMS, SSO, automated digests.

**How much does it cost?**
Varies by scope. LE: most deployments grant-funded. Municipalities: grant funding typically covers 100%. Retailers: custom proposal after initial briefing.

**Which marketplaces do you monitor?**
200+ including Amazon, eBay, Walmart, Facebook Marketplace, Mercari, OfferUp, TikTok Shop, Craigslist, Poshmark, and regional/international platforms.

**What's the time commitment?**
2-4 hours per week reviewing pre-scored alerts. The AI handles 24/7 scanning. Your dedicated analyst manages calibration, briefings, and quarterly reports.

**Can we do a pilot?**
Yes. Retailers: 5 SKUs → real intelligence report in 24 hours, or a 30-day pilot with 25 SKUs. Law enforcement: 30-minute briefing with jurisdiction-specific intelligence.

**Our DA won't prosecute retail theft cases.**
Cluster changes the equation. Organized network maps showing multi-platform, multi-state fencing operations with INFORM Act violations shift the calculus from "not worth it" to "federal case."

**We're a small police department.**
A 2-detective task force working 4 hours per week can uncover organized networks that manual investigation would miss entirely.

## Contact

- General: info@clusterforensics.com
- Law Enforcement: le-partnerships@clusterforensics.com
- Government: government@clusterforensics.com
- Media: press@clusterforensics.com
- Website: https://clusterforensics.com
- LinkedIn: https://www.linkedin.com/company/cluster-forensics

## Last Updated

March 2026