cancel
Showing results for 
Search instead for 
Did you mean: 

Magento Credit Card Carding Attack on PayPal Payflow Pro

Magento Credit Card Carding Attack on PayPal Payflow Pro

Hi Guys,


Since yesterday our website is being targeted for Carding and we are not sure how to deal with it. I have been working since yesterday to try to prevent this. Our website is Magento ver. 2.4.2.


Can someone shed some light into how to protect our website and prevent this?

Regards,
Hussain

8 REPLIES 8

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

Same problem here. We've been under attack since this afternoon and now we're into the evening. Our Payflow account has been shut down twice as a result. The one thing I can be certain of is that many proxies are being used in our case with multiple IP addresses. How does one deal with this? We're literally dead in the water.

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

Hello @HussainBaig @devstar 

That's a very serious issue.

Did you come along with this article for the same?

 

https://onilab.com/blog/paypal-payflow-pro-magento-carding-vulnerability/

https://www.linkedin.com/pulse/magento-20-payflo-pro-carding-hack-manu-mayank/

 

 

Was my answer helpful? You can accept it as a solution.
175+ professional extensions
Need a developer?Hire Magento Developer

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

Yep. Trying to find a solution. I was able to thwart the attack by using unorthodoxed methods which I won't share here publicly because I think hackers are also reading this stuff (it's all fun and games to them). But I need a permanent solution. I am reaching out to an extension provider to see if they can come up with a way to deal with it.

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

Has anyone found a solution to this?  

 

I know it is happening to others..

 

 

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

We have a solution that is now in the One Step Shopping Cart we use which integrates reCaptcha. That stopped our carding attacks dead. Seems to be the only way.

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

Which extension did you implement? I dont know of any that place recaptcha on checkout. 

 

 

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

This one: https://aheadworks.com/one-step-checkout-extension-for-magento-2

 

Once we implemented it, all carding stopped dead.

reCapcha in CartreCapcha in Cart

Re: Magento Credit Card Carding Attack on PayPal Payflow Pro

I am getting hit right now and Paypal just suspended all transactions.

I noticed i did not have Google reCAPTCHA "enable on Paypal PayflowPro payment form" enabled. I just enabled it now with the reCAPTCHA v2("I am not a robot") . Does anyone know if this will be an  effective solution?