Hackers abuse Magento PayPal integration to test validity of stolen credit cards

From zdnet.com


Hacker groups and online fraudsters are abusing a feature of Magento online shops to test the validity of stolen debit and credit card numbers, ZDNet has learned.

The technique consists of attackers attempting hundreds of $0 transactions with stolen payment cards to check a card’s validity.

The transactions are executed against Magento stores that support the PayPal Payflow Pro integration.

The PayPal Payflow Pro integration is a payment option available on Magento shops that allows an online store to process card transactions via a PayPal merchant (business) account.

Many stores use it because it allows them to receive payments via PayPal using a checkout form embedded on their sites and without users leaving the store to enter details on the PayPal portal.

Read more…