British and US authorities have moved to seize 36 domain names associated with websites being used to traffic in stolen payment card data. The UK's Serious Organised Crime Agency (SOCA) said in a release issued today that the sites used Automated Vending Carts, a type of Web e-commerce software that allowed criminals to rapidly sell large volumes of credit card and banking account data.

According to a report by Computerworld UK's Anh Nguyen, two men in Britain were arrested on April 24 in a connected case. They were alleged to have made large-scale purchases of stolen payment data from AVC sites, and an AVC site operator in Macedonia was arrested by the Macedonian Ministry of the Interior's Cyber Crime Unit.

According to SOCA, the agency has been monitoring the development and use of AVC sites worldwide. Its efforts, in concert with the FBI and law enforcement agencies in Germany, the Netherlands, Ukraine, Australia, and Romania, resulted in the recovery of 2.5 million "items of compromised personal and financial information" over the past 2 years. The agency claims that the identification of those exposed details prevented more than £500 million ($809.3 million) in financial fraud.

But the moves make barely a dent in the ongoing trade in credit card and bank payment data. Many sites allowing for the anonymous transfer and sale of such data, such as the Russian website undercover.su, are still operating in the open. Romanian hackers who stole payment data from Subway point-of-sale systems between 2008 and 2011, used public filesharing services to transfer credit card data to fraud-minded customers.