Out-Law News 1 min. read

Websites selling individuals' stolen bank and card details shut down


More than 30 websites domains used by criminals to sell stolen credit and debit card and online bank account information have been shut down following an international collaboration by law enforcement bodies.

The UK's Serious Organised Crime Agency (SOCA) said criminals had used "e-commerce type platforms known as Automated Vending Carts" to sell stolen details via the domains. Following investigations by the agency, assisted by the FBI and law enforcement bodies in Germany, Holland, Ukraine, Romania and Australia, 36 domains were seized.

SOCA said more than 2.5 million items of "compromised personal and financial information" had "recovered" during the past two years of its investigation. 

"The emergence of automated vending carts has enabled criminal groups to sell data in larger volumes and more quickly than they were previously able to do," SOCA said in a statement. "The impact of this criminal trade is widespread and affects not only the individuals whose financial details are stolen but also the businesses that have the frauds perpetrated against them and the financial institutions that provide the services. Ultimately, the only people who benefit are the fraudsters."

SOCA said the joint action had helped prevent banks, businesses and retailers being defrauded out of more than £500 million.

"This operation is an excellent example of the level of international cooperation being focused on tackling online fraud," Lee Miles, head of cyber operations for SOCA, said in a statement. "Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime."

The agency also said its officers had arrested two men suspected of buying data from automated vending cart (AVC) sites on a "large scale".

"In addition, the UK’s Dedicated Cheque & Plastic Crime Unit (DCPCU) seized a number of computers suspected of being used to facilitate Fraud Act offences and acting on information supplied by SOCA, an AVC operator based in Macedonia has been arrested by the Macedonian Ministry of Interior Cyber Crime Unit," it said.

Under the Fraud Act in the UK it is an offence if a person "dishonestly makes a false representation and intends, by making the representation" to either "make a gain for himself or another, or to cause loss to another or to expose another to a risk of loss".

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.