International Credit Card Data Theft Operation Revealed

Posted 6.29.12 by

A two-year FBI operation led to the arrest of 24 credit cardholder data thieves from eight different countries – the crime ring, dubbed “Operation Card Shop,” involved the buying and selling of stolen identities, credit cards, counterfeit documents and hacking tools, according to

One defendant sold malware with remote access tools that allowed hackers to view and remotely control an infected computer. If the user visited a banking website and logged into their account, the hacker could record and use the information to access their account and resources.

Another hacker stole data from internal databases of banks, hotels and several online retailers, and mistakenly sold the credit cardholder data to an undercover FBI agent. Another defendant had information for more than 50,000 credit card accounts that he used to sell counterfeit encoded credit cards. One hacker sold information he stole by hacking into an online hotel booking site – including cardholder names, addresses, Social Security numbers, birthdates, mother’s maiden names and bank account information.

The massive crime ring exemplifies the need to secure databases and credit cardholder data by using a multi-layered approach – the requirements of PCI DSS compliance address many vulnerabilities and areas that can be secured with the right technology. PCI technical requirements include (but might not be limited to):

If you outsource your application and data hosting to a PCI compliant hosting provider that can prove their attestation of compliance, you can ensure credit cardholder data is safe in PCI compliant data centers. What’s a PCI compliant data center? It’s one that has all of the needed physical and logical security in place, and has been audited and found to be in full compliance.

For additional PCI resources, read:
What is PCI Compliance?
Levels of PCI Compliance
PCI Compliant Hosting Guide
Who Needs to Be PCI Compliant?
Risk Assessments for the PCI Compliant Cloud

Manhanttan U.S. Attorney, FBI Assistant Director in Charge Announce 24 Arrests in Eight Countries as Part of International Cyber Crime Takedown

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.