After 17 months of secretly working with financial institutions and international law representatives from other nations, the Australian Federal Police on Thursday announced it had thwarted a Romanian-based gang of credit card fraudsters, detaining 16 people and eventually arresting seven of them in Romania.

Among those arrested was Gheorghe Ignat, a Greco-Roman wrestling champion.

The gang and its illegal maneouverings first came to the attention of the AFP in June 2011 when an Australian financial institution tipped off the organisation of the suspicious transactions it had discovered in one of its client's credit card activities.

"Banks have advanced monitoring systems to prevent fraud and in this case, they contacted customers when suspicious transactions occurred. Often, banks will take immediate action to protect the account, stop transactions and cancel cards when it is confirmed that fraud may have been perpetrated," Steven Münchenberg, Chief Executive of the Australian Bankers' Association, said in a statement.

As the investigation ensued, it was discovered that the fraudulent transactions not only happened within Australian shores, but also in Europe, Hong Kong, the U.S., and other parts of the world. It was then the AFP decided to enlist the help of law enforcement agencies from other countries to pin down the organisation.

"This is the largest data breach investigation ever undertaken by Australian law enforcement," said Commander Glen McEwen, manager for Cyber Crime Operations at the AFP.

"Without the cooperation of 13 other countries, along with Australia's banking and finance sector, we would not have been able to track these illegal transactions to the criminal network in Romania."

The syndicate had illegally accessed 500,000 Australian credit cards, of which 30,000 had been used to conduct fraudulent transactions worth more than A$30 million. The gang got hold of the data of the half million Australians from 46 small businesses like petrol stations and grocery stores.

Moreover, the same credit card details were sold by the gang to other criminals around the world.

As a consequence, small Australian businesses have been advised to strengthen their security measures so as not to allow the incident to happen again.

Nigel Phair, director of the Centre for Internet Safety at the University of Canberra, admitted to ABC News he was not surprised by the massiveness of the heist.

"We are susceptible. We are a good economy, we are ripe for the picking for these international criminals," he said.

But the theft could have been prevented if only small businesses invest on their IT infrastructure.

"Well, the issue is they spend next to no money on any IT security. It's the reality with it all is that the bigger the organisation, the more backing they have internally to abide by payment card industry data security standards and the majority of small businesses just don't," Mr Phair said.

And it is quite unfortunate that in the small to medium category, most of those businesses don't adhere to safety practices, he said.