Cocos Keeling Islands registered website sells credit card details stolen by hackers for as little as £8.
Accessible openly on the Internet, the Rescator.cc website works similarly to eBay.
The website’s customers can select a country from which a credit card of their desire should come from, choose between Visa, MasterCard and American Express and pick a bank. They then pay for their purchase with the virtual currency Bitcoin. It costs about £8 to obtain a standard card and around £12 to get a gold card.
"Pay using anonymous payment ... buy dumps (hacker slang for credit card data) from around the world and use it,” the site's owner told Channel 4 News in an anonymous online chat.
“This is virtually untraceable. We've got thousands of feedback on various forums (sic). We don't need to prove anything to anyone."
According to Channel 4 News, the website offers credit card data of all major British banks including HSBC, Barclays, Royal Bank of Scotland and Lloyds.
Many credit card owners, as well as the banks, may be completely unaware that their cards have been compromised, such as Joanne Smith, who only learned about the breach from Channel 4 News.
"It's actually not a card I use often, that's why I was quite taken aback by it,” Smith said. “As soon as I saw it was this card I was really shocked. It doesn't make you feel very secure that someone knew my name out there, someone had my card details. It makes you feel very vulnerable."
Web addresses of the Cocos Keeling Islands, a territory in the Indian Ocean halfway between Australia and Sri Lanka, are managed by US technology company Verisign, the same firm that oversees the .com and .net domains.
Verisign told Channel 4 News that it "takes all reports very seriously and responds to lawful court orders from courts of competent jurisdiction. We respond within our technical capabilities".