SOCA raids 'e-commerce-style' card data sites

The Serious Organised Crime Agency and the FBI have had 36 websites taken down because they were being used to sell stolen bank card data.

Three people were arrested as law enforcement agencies in the UK, US and Macedonia shut down 36 websites that were acting as online shops for stolen bank card data. Image credit: Sophos

SOCA said on Thursday that the domains were removed in a "day of action" that also involved the US Department of Justice (DoJ). As part of this, British police arrested two men for allegedly buying large amounts of data from the sites, while Macedonian authorities arrested one person in that country.

"The sites, identified by SOCA as specialising in selling stolen payment card and online bank account details, used e-commerce type platforms known as Automated Vending Carts (AVCs) allowing criminals to sell large quantities of stolen data quickly and easily," the agency said. "Visitors trying to access these sites are now directed to a screen indicating that the web domain has been seized by law enforcement."

It added that it has been working with the FBI, along with law enforcement agencies in Germany, the Netherlands, Ukraine, Australia and Romania, to recover stolen banking data and return it to the banks, so that they can avoid further fraud.

As a result of that collaboration, which has been going on for the last two years, about 2.5 million items of data have been passed to financial institutions, with estimated potential losses of £500m being avoided. The potential losses associated with the data from the 36 newly shut sites will be on top of that figure, according to a SOCA spokesman.

The agency refers to the sites, which were effectively standard e-commerce-style services, as 'automated vending carts', or AVCs. Its spokesman said it does this because the term 'e-commerce' "implies legitimacy", but pointed out that their similarity to online shops has increased over the last 18 months.

They mirror standard e-commerce sites in terms of how they are presented online and how you use them.

– SOCA

"They mirror standard e-commerce sites in terms of how they are presented online and how you use them," he said. "It's a departure from how stolen data used to be sold, which was via criminal forums [and in the form of] slightly difficult-to-understand data."

"These are now sold on e-commerce-type platforms which provide search menus and images of retailers' logos. You can just click and check out," he explained.

Security firm Sophos Labs has posted a video showing how the new-style sites work.

SOCA also said on Thursday that the UK's Dedicated Cheque & Plastic Crime Unit (DCPCU) had seized several computers as part of the 'day of action', suspecting that they had been used to "facilitate Fraud Act offences".