From zdnet.com
![magento.png](https://zdnet1.cbsistatic.com/hub/i/2018/09/12/dc45b4c6-a809-407d-af4a-581b0d22bb75/03c9239c5b11d78744bc32c91282ebcc/magento.png)
Hacker groups and online fraudsters are abusing a feature of Magento online shops to test the validity of stolen debit and credit card numbers, ZDNet has learned.
The technique consists of attackers attempting hundreds of $0 transactions with stolen payment cards to check a card’s validity.
The transactions are executed against Magento stores that support the PayPal Payflow Pro integration.
The PayPal Payflow Pro integration is a payment option available on Magento shops that allows an online store to process card transactions via a PayPal merchant (business) account.
Many stores use it because it allows them to receive payments via PayPal using a checkout form embedded on their sites and without users leaving the store to enter details on the PayPal portal.