A Russian man believed to be one of the most prolific sellers of stolen credit card data was arrested over the weekend in France, U.S. Department of Justice (DoJ) announced this week.

Vladislav Horohorin, 27, of Moscow faces U.S. charges of access device fraud and aggravated identity theft in an indictment that was unsealed this week, following his arrest by French authorities in Nice.

Horohorin, who went by the alias “BadB,” used online cybercrime forums including “CarderPlanet” and “carder.su” to sell stolen credit card information, known as “dumps,” to buyers around the world, according to a news release from the DoJ.

“The network created by the founders of CarderPlanet, including Vladislav Horohorin, remains one of the most sophisticated organizations of online financial criminals in the world,” Michael Merritt, U.S. Secret Service assistant director for investigations, said. “This network has been repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community.”

Horohorin advertised the availability of stolen credit card information on various cybercrime forums and directed potential buyers to create accounts at a fully-automated dumps vending website that he operated called “dumps.name.” The website, which was hosted outside of the U.S., assisted in the exchange of funds for stolen credit card information.

Potential buyers were directed to credit their dumps.name account with funds using WebMoney, a Russian-based online currency service, prosecutors said. The purchaser would then access the dumps.name website and pick out which stolen card data they wanted.

Horohorin, a citizen of Israel and the Ukraine, was the subject of an undercover investigation by U.S. Secret Service agents, who negotiated the sale of numerous stolen credit card dumps. French law enforcement authorities, working in conjunction with U.S. authorities, arrested Horohorin as he was attempting to board a flight to Moscow.

Horohorin currently is being detained in France pending extradition to the United States.

He faces a maximum penalty of 10 years in prison and a $250,000 fine for the charge of access device fraud and two years in prison and a fine of up to $250,000 for the aggravated identity theft charge. 

“Cybercriminals who target U.S. citizens should not fool themselves into believing they can elude justice simply because they commit crimes outside of our borders,” Lanny Breuer, assistant attorney general of the DoJ’s Criminal Division, said.