Overview
- Investigators report 4.3 million compromised cards across 193 countries used to set up more than 19 million bogus subscriptions, causing over €300 million in confirmed losses and about €750 million in attempted charges.
- Raids coordinated across nine countries searched more than 60 locations and led to 18 arrests, with the wider case targeting 44 suspects and 29 sites searched in Germany.
- The scheme allegedly ran from 2016 to 2021 via some 2,000 fake websites and roughly 500 shell companies, charging small monthly amounts with cryptic booking texts for supposed streaming, dating and entertainment services.
- Prosecutors suspect four major German payment processors were compromised to push the transactions, including a case involving bespoke laundering software; media have named Payone, Unzer, Nexi Germany and Wirecard, which investigators have not officially confirmed.
- More than €35 million in assets were secured in Germany and Luxembourg, the probe was triggered by FIU pattern analysis, BaFin measures curbed activity since 2021, and authorities have issued guidance for cardholders on checking statements and seeking chargebacks.