Hacker groups and online fraudsters are abusing a feature of Magento online shops to test the validity of stolen debit and credit card numbers, ZDNet has learned.
The technique consists of attackers attempting hundreds of $0 transactions with stolen payment cards to check a card’s validity.
The transactions are executed against Magento stores that support the PayPal Payflow Pro integration.
The PayPal Payflow Pro integration is a payment option available on Magento shops that allows an online store to process card transactions via a PayPal merchant (business) account.
Many stores use it because it allows them to receive payments via PayPal using a checkout form embedded on their sites and without users leaving the store to enter details on the PayPal portal.