Magento: PayPal $0 Dollar Transaction Issue

Daniel ZimmermannMarch 27, 2019

0 365 1 minute read

Various cybercrime groups and online fraudsters use Magento’s integration with PayPal to check the relevance of stolen payment cards. The scheme is that the attacker is trying to make hundreds of transactions worth $ 0.

Such attacks are made on Magento stores that support integration with PayPal Payflow Pro. Integration with PayPal Payflow Pro is an option available to online stores that use Magento to process transactions using a PayPal business account.

PayPal Payment Methods — Many stores use this feature, as it allows you to receive payments through PayPal, while the user does not leave the store site to enter data on PayPal.

The Magento team released an official statement claiming that cybercriminals use integration with PayPal Payflow Pro to check the validity of payment cards. Affected versions of Magento 2.1.x and 2.2.x.

Magento version 2.3.x may also be vulnerable, but the researchers did not find evidence of a real attack on it.

Fraudsters initiate transactions in the amount of $0 (zero), and then look at whether any errors are returned. If such errors are returned, this indirectly confirms that the stolen card is currently relevant.

Experts believe that such cards are purchased by fraudsters on the forums of relevant subjects. Often there you can find cards, which have long expired. This is what makes cybercriminals check the relevance of the maps.

Sending

User Review

0 (0 votes)

Comments Rating 0 (0 reviews)

User Review

Daniel Zimmermann

Related Articles

Operator of the proxy botnet Russian2015 pleaded guilty

Microsoft: Azure platform hit by 2.4 TB / sec DDoS attack

Russian Hackers Launched a Massive Spear-Phishing Campaign

Attackers have stolen from Waydev GitHub and GitLab OAuth tokens

Leave a Reply Cancel reply