Home / Home Users / Magento: PayPal $0 Dollar Transaction Issue

Magento: PayPal $0 Dollar Transaction Issue

Various cybercrime groups and online fraudsters use Magento’s integration with PayPal to check the relevance of stolen payment cards. The scheme is that the attacker is trying to make hundreds of transactions worth $ 0.

Such attacks are made on Magento stores that support integration with PayPal Payflow Pro. Integration with PayPal Payflow Pro is an option available to online stores that use Magento to process transactions using a PayPal business account.

PayPal Payment Methods
Many stores use this feature, as it allows you to receive payments through PayPal, while the user does not leave the store site to enter data on PayPal.

The Magento team released an official statement claiming that cybercriminals use integration with PayPal Payflow Pro to check the validity of payment cards. Affected versions of Magento 2.1.x and 2.2.x.

Magento version 2.3.x may also be vulnerable, but the researchers did not find evidence of a real attack on it.

Fraudsters initiate transactions in the amount of $0 (zero), and then look at whether any errors are returned. If such errors are returned, this indirectly confirms that the stolen card is currently relevant.

Experts believe that such cards are purchased by fraudsters on the forums of relevant subjects. Often there you can find cards, which have long expired. This is what makes cybercriminals check the relevance of the maps.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Facebook incorporates hidden codes in photos

Facebook incorporates hidden codes in photos for download

According to researcher Edin Jusupovic, social network Facebook includes hidden codes in photos uploaded by …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.