Same problem here. We've been under attack since this afternoon and now we're into the evening. Our Payflow account has been shut down twice as a result. The one thing I can be certain of is that many proxies are being used in our case with multiple IP addresses. How does one deal with this? We're literally dead in the water.

Hello @HussainBaig @devstar 

That's a very serious issue.

Did you come along with this article for the same?

https://onilab.com/blog/paypal-payflow-pro-magento-carding-vulnerability/

https://www.linkedin.com/pulse/magento-20-payflo-pro-carding-hack-manu-mayank/

Yep. Trying to find a solution. I was able to thwart the attack by using unorthodoxed methods which I won't share here publicly because I think hackers are also reading this stuff (it's all fun and games to them). But I need a permanent solution. I am reaching out to an extension provider to see if they can come up with a way to deal with it.

Has anyone found a solution to this?  

I know it is happening to others..

We have a solution that is now in the One Step Shopping Cart we use which integrates reCaptcha. That stopped our carding attacks dead. Seems to be the only way.

Which extension did you implement? I dont know of any that place recaptcha on checkout. 

This one: https://aheadworks.com/one-step-checkout-extension-for-magento-2

Once we implemented it, all carding stopped dead.

reCapcha in Cart

I am getting hit right now and Paypal just suspended all transactions.

I noticed i did not have Google reCAPTCHA "enable on Paypal PayflowPro payment form" enabled. I just enabled it now with the reCAPTCHA v2("I am not a robot") . Does anyone know if this will be an  effective solution?