Three men have been arrested and 36 criminal websites selling credit card information and other personal data shut down as part of a two-year international anti-fraud operation, police have confirmed. The Serious Organised Crime Agency (SOCA), working with the FBI and US Department of Justice, as well as authorities in Germany; the Netherlands; Ukraine; Australia and Romania, swooped after identifying the sites as specialising in selling card and bank details in bulk. The move comes as a blow to what is a growing black market for stolen financial data. Detectives estimated that the card information seized could have been used to extract more than £500m in total by fraudsters. SOCA claimed it has recovered more than two and a half million items of compromised personal and financial information over the past two years. “The authorities have shut down 36 websites but it is difficult to know how many other people had access to that data. They could spring back up somewhere else if a gang is not eradicated completely,” said Graham Cluley of internet security firm Sophos. He added: “This is big business and, just as in any legitimate company there are people who specialise in different things, so there are those who actually get their hands on the personal data and those who sell it on; they are not often the same person.” An investigation by The Independent last summer found that scammers were making a “comfortable living” getting their hands on sensitive information and selling it online. Card details were being offered for sale for between 4p and £60 per card – depending on the quality – according to one source in the business. Some cards would be sold with incomplete or unreliable information; others ready to use. Some of the card details for sale on the websites shut down by SOCA were being sold for as little as £2 each. Investigators said that the alleged fraudsters were using Automated Vending Carts, which allowed them to sell large quantities of stolen data. They are said to be a driver of the growth in banking fraud over the last 18 months because of the speed with which stolen data can be sold. Lee Miles, Head of Cyber Operations for SOCA said: “This operation is an excellent example of the level of international cooperation being focused on tackling online fraud. Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime.” An alleged operator in Macedonia was one of those arrested, while two British men accused of buying the information were also detained. Britain’s Dedicated Cheque & Plastic Crime Unit also seized computers suspected of being used to commit fraud.