An international law enforcement operation known as “Chargeback” has dismantled three major fraud and money laundering networks that allegedly victimised around 4.3 million credit cards in 193 countries. The operation revealed losses exceeding €300 million (approximately $344 million) with attempted damages of more than €750 million ($861 million).
The networks operated between 2016 and 2021 and used stolen credit card data to create about 19 million fraudulent online subscriptions on websites offering pornography, dating services, or streaming content, according to Europol. They set monthly fees at around €50 to avoid triggering chargebacks and employed intentionally vague transaction descriptions to escape detection.
Investigators say the rings relied on sophisticated infrastructure that included shell companies in the UK and Cyprus. These firms were used to channel fraudulent transactions through compromised payment service providers, notably in Germany. The networks drew in German intermediaries, executives, and even compliance officers who allegedly assisted in exchange for payments.
Law enforcement agencies carried out coordinated raids on 4 November 2025 across multiple countries, including Germany, the United States, Canada, Singapore, Luxembourg, Cyprus, Spain, Italy, and the Netherlands. More than 18 suspects were arrested, and more than €35 million in assets were seized.
The authorities noted that instead of one-off theft, the fraudsters had built stable and long-term revenue streams. By leveraging stolen cards to support fake subscriptions, the groups avoided many of the usual red flags that alert banks and fraud detection systems. Some experts called it a transition from classic card skimming to subscription-based fraud.
From a victim’s perspective, the scheme posed unique challenges. Cardholders often saw recurrent payments from seemingly legitimate services and found that the description on their statements did not raise suspicion. Because the charges were set low and repeatedly applied, many victims did not realise they had been defrauded until control of the card was lost or chargebacks were denied.
Payment experts say that recurring subscription abuse is more difficult to disrupt than one-time fraud. Once a compromised card is added to a subscription service, the fraud network can continue drawing small amounts over long periods. By the time the cardholder identifies the issue, the funds may have been moved through multiple intermediaries and jurisdictions, complicating recovery.
For banks and payment providers, the case underlines the need for closer monitoring of low-price recurring transactions and anomalies in merchant behaviour. Security analysts recommend reviewing merchants that show high approval rates for payments, limited customer cancellation options, or that use obscure merchant names. These can be early indicators of structured subscription fraud.
Credit card users can protect themselves by regularly inspecting their statements and looking for unfamiliar recurring charges, even if each individual amount is small. It is also wise to use cards that offer notifications on every transaction and to promptly report unfamiliar subscriptions. If direct cancellation fails, changing the card and updating automatic payments is advisable.
The “Chargeback” operation highlights how payment fraud continues to evolve. Criminal groups now focus on building complex subscription networks, behind which they hide large-scale stolen-card activity. Because the fraud crosses multiple countries and payment systems, international coordination remains vital in disrupting these networks.
For millions of cardholders and payment service providers around the world, the operation serves as a reminder that even small-value transactions can form part of a much larger fraud apparatus. Authorities stated that despite the arrests and asset seizures, new networks can be established quickly without constant vigilance.