Among the organisations the three allegedly targeted were Heartland Payment Systems, a card payment processor; 7-Eleven, a US convenience store company and Hannaford Brothers, a supermarket chain.
Prosecutors said the suspects targeted large corporations by scanning the list of Fortune 500 companies and exploring corporate websites before setting out to identify vulnerabilities.
One of the methods employed was to carry our surveillance at retail locations to identify the type of card machines used before hacking through the firewalls or security software of the computer networks supporting the retailer.
They would then seek to sell the data to others who would use it to make fraudulent purchases, prosecutors said.
The stolen information was allegedly sent to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.
Gonzales, a 28-year-old from Miami who is already in federal custody, was charged in May 2008 by authorities in New York for his alleged role in the hacking of a computer network run by a national restaurant chain.
He is expected to appear in court to answer the charges next month.