The idea, according to reports, was for the cybercriminals to use fake credit cards that had been doctored with stolen details so that they could obtain cash and buy expensive items.
Debit and credit card details belonging to customers at US banks were said to be intended for use in the crime. Hackers accessing the phone lines between cash machines and banks would have obtained these details and transferred them on to the magnetic strips of the cards.
US cards do not use the chip-and-pin system, and instead rely on being swiped.
The BBC's investigation took it to an internet forum where the alleged plan was being organised. Posters asked for information about self-service checkouts, mentioning supermarkets Asda and Tesco. The checkouts are supposedly preferred as there is no face-to-face contact with a cashier, who might detect a fake card handed over by a mule.
According to the BBC, the ringleader said he would obtain details from 2,300 cards, and is quoted as saying: “Its (sic) shopping spree guys help me out and I will take care of you.”
The incriminating information has been passed on to the Dedicated Cheque and Plastic Crime Unit at UK-based payment organisation Apacs.