36 website domains, used to sell compromised card data, have been taken down following a day of action on Wednesday to target online criminals by SOCA working with the FBI and US Department of Justice.
The sites, identified as specializing in selling stolen payment card and online bank account details, used e-commerce type platforms known as Automated Vending Carts (AVC’s) allowing criminals to sell large quantities of stolen data quickly and easily. Visitors trying to access these sites are now directed to a screen indicating that the web domain has been seized by law enforcement.
SOCA has been tracking the development of AVCs and monitoring their use by cyber criminals, who support payment card and online banking fraud on a global scale. Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, SOCA has recovered over 2.5 million items of compromised personal and financial information over the past 2 years.
The recovered data has been passed to UK and overseas financial institutions to help prevent potential fraud taking place against the accounts and mitigate the impact of large-scale data thefts.
SOCA has also been gathering evidence on cyber criminals operating AVCs and yesterday morning arrested two men suspected of making large scale purchases of compromised data from such sites.
In addition, the UK’s Dedicated Cheque & Plastic Crime Unit (DCPCU) seized a number of computers suspected of being used to facilitate Fraud Act offences and acting on information supplied by SOCA, an AVC operator based in Macedonia has been arrested by the Macedonian Ministry of Interior Cyber Crime Unit.
“This operation is an excellent example of the level of international cooperation being focused on tackling online fraud,” commented Lee Miles, Head of Cyber Operations for SOCA. “Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime.”
For several years, cyber criminals have been stealing large volumes of compromised financial information (bank account, credit and debit card details) and selling them in bulk to a growing market of online fraudsters.
The last 18 months has seen criminals increasingly adopting e-commerce platforms to facilitate the sale of stolen data. The emergence of automated vending carts has enabled criminal groups to sell data in larger volumes and more quickly than they were previously able to do.
The impact of this criminal trade is widespread and affects not only the individuals whose financial details are stolen but also the businesses that have the frauds perpetrated against them and the financial institutions that provide the services. Ultimately, the only people who benefit are the fraudsters.