Back in the UK, the broker continued to supply card details to one of the undercover reporters by email.
Nearly all of the names, addresses and post codes sold to the BBC team were valid. But most of the numbers attached to them were invalid - often out by a single digit.
However, about one in seven of the numbers purchased were valid - active cards still in use by UK customers. Their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.
The BBC team contacted the owners of these cards and warned them that their details were now being bought and sold in India.
Three of those customers had, within hours of each other, bought a computer software package by giving their credit card details to a call centre over the phone.
Within hours of making the purchase, their details were fraudulently sent on to the reporters.
One of the victims said he was "disturbed" at what had happened.
Allan Little telephones the fraudster to confront him about what we found
The software was made by Norton, which is part of the Symantec corporation.
Symantec, which launched an investigation after being informed of the the undercover probe, said the leak had come from a single source which has now been removed.
In a statement it said: "We are investigating how this incident happened and will take any appropriate steps to address any opportunities for improvement in our processes.
"We have engaged with the local law enforcement officials in India and will cooperate fully with that investigation. We are in the process of reviewing all possible options to manage this third party call centre, including moving away from it."
A spokeswoman stressed that "rigorous security measures" are put in place at call centres. For example, staff are not allowed to take electronic devices, memory sticks, pens or pencils to their desks. Internet and email access is also banned.
Saurabh Sachar, the seller, denied any wrongdoing or illegal activity.
When told that he had been filmed taking money from undercover reporters, he said they had borrowed that money from him and were paying it back.
He said the piece of paper handed over to undercover reporters contained "some directions" and a "kind of balance sheet".
And, when accused of providing credit card details he said they were "not correct". Mr Sachar also denied sending more details by e-mail.
Credit and debit card fraud cost the UK banking industry £609 million in 2008 - a rise of 14% on 2007.
Much of that fraud comes from transactions where the card is not physically present, such as telephone or internet sales.
The UK and the EU have stringent Data Protection laws. India has recently tightened up its rules governing the use of Information technology, but it has no data protection legislation.
"India is only paying lip service to data protection," the Data Protection lawyer Pavan Duggal told BBC News.
"We don't yet have a dedicated legislation on data protection. Until such times as India comes across with strong stringent provisions on data security we will have instances like this keep on happening."
The huge expansion in credit card use in recent years has produced a new kind of fraudster - one that will try to exploit any opportunity to reach into almost any credit or debit account that is used to make telephone purchases.
This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.