Threat Watch

Stolen Credit Cards Being Tested Through Magento/PayPal

PayPal Payflow Pro integration is a system within Magento 2.1x and 2.2x that allows for ecommerce shops to accept payments from PayPal business accounts. Attackers are abusing the platform and executing $0-dollar transactions through shops that use Magento. This is being done after purchasing stolen credit cards through dump sites or carding forums to test the validity of the card details. Right now, Magento 2.3x has not seen any activity of this nature but it does not mean that it can’t be carried out. Although it seems as if online business owners using Magento are not losing any money in this operation, that could prove to be false. PayPal will suspend an account after so many automated transaction attempts, which could ultimately lead to a loss in revenue because consumers will not be able to pay with PayPal. Remedial action has not been pledged by PayPal nor Magento at this time, but it is assumed a fix will be on its way within the coming weeks.

ANALYST NOTES

Bot detection systems or anti-brute-force systems like web application firewalls (WAF) are suggested to be used in an attempt to stop or at least detect instances of this nature. If users are concerned about their PayPal accounts they should contact them directly and ask for suggestions as to how to better secure their business accounts.