Police have arrested two men arrested and shut down 36 web domains used to sell compromised credit and debit card data, as part of an initiative by the UK's Serious Organised Crime Agency (Soca), working with the FBI and US Department of Justice.

The men, who were arrested earlier this week, were suspected of making large-scale purchases of data about cards from the sites, which specialised in selling stolen payment card and online bank account details.

Soca says that they used e-commerce type platforms known as Automated Vending Carts (AVCs) which let criminals sell large quantities of stolen data quickly and easily.

People trying to access these sites are now directed to a screen indicating that the web domain has been seized by law enforcement.

Along with the arrests, the UK's Dedicated Cheque & Plastic Crime Unit (DCPCU) seized a number of computers suspected of being used to facilitate offences under the Fraud Act

Acting on information from Soca, an AVC operator based in Macedonia has been arrested by the Macedonian Ministry of Interior Cyber Crime Unit.

Soca has been tracking the development of AVCs and monitoring their use by criminals who support payment card and online banking fraud on a global scale.

Working with the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police and the Romanian National Police, Soca has recovered over 2.5m items of compromised personal and financial information over the past two years.

The recovered data has been passed to UK and overseas financial institutions to help prevent potential fraud taking place against the accounts and mitigate the impact of large-scale data thefts.

The potential international fraud prevented by the identification of this detail is estimated at being in excess of £500m.

Charlie Abrahams, vice president of MarkMonitor, which provides brand protection services online, said: "This is excellent progress, although the challenge for law enforcement is that internet crime typically crosses so many jurisdictions ? consumer in one country, website hosted in a second, perpetrator in a third, etc.

"Brand owners themselves have the core responsibility to educate and protect their customers from the risks that go along with the benefits of transacting online."

Lee Miles, the head of cyber operations for Soca said: "This operation is an excellent example of the level of international cooperation being focused on tackling online fraud.

"Our activities have saved business, online retailers and financial institutions potential fraud losses estimated at more than half a billion pounds, and at the same time protected thousands of individuals from the distress caused by being a victim of fraud or identity crime."

For several years, cyber criminals have been stealing large volumes of compromised financial information (bank account, credit and debit card details) and selling them in bulk to a growing market of online fraudsters.

The past 18 months has seen criminals increasingly adopting e-commerce platforms to facilitate the sale of stolen data.

The emergence of automated vending carts has enabled criminal groups to sell data in larger volumes and more quickly than they were previously able to do.