News

Magento: PayPal $0 Dollar Transaction Issue

Various cybercrime groups and online fraudsters use Magento’s integration with PayPal to check the relevance of stolen payment cards. The scheme is that the attacker is trying to make hundreds of transactions worth $ 0.

Such attacks are made on Magento stores that support integration with PayPal Payflow Pro. Integration with PayPal Payflow Pro is an option available to online stores that use Magento to process transactions using a PayPal business account.

Many stores use this feature, as it allows you to receive payments through PayPal, while the user does not leave the store site to enter data on PayPal.

The Magento team released an official statement claiming that cybercriminals use integration with PayPal Payflow Pro to check the validity of payment cards. Affected versions of Magento 2.1.x and 2.2.x.

Magento version 2.3.x may also be vulnerable, but the researchers did not find evidence of a real attack on it.

Fraudsters initiate transactions in the amount of $0 (zero), and then look at whether any errors are returned. If such errors are returned, this indirectly confirms that the stolen card is currently relevant.

Experts believe that such cards are purchased by fraudsters on the forums of relevant subjects. Often there you can find cards, which have long expired. This is what makes cybercriminals check the relevance of the maps.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

12 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

12 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

12 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

13 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

16 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

16 hours ago