Cybercriminals have found a new way to exploit stolen payment cards. Allegedly, they now abuse the payment systems of Magento online shops to assess stolen debit/credit cards. This affects all Magento online stores supporting PayPal Integration.
Magento Online Shops Under Attack
Hacker groups are exploiting Magento online shops to check the validity of payment cards. The attack is ongoing in the form of a massive campaign in the wild, targeting online stores.
Allegedly, the fraudsters abuse a feature of Magento online stores to check the stolen debit and credit cards for a valid status. Precisely, this affects online sites supporting PayPal Payflow Pro integration – a feature employed by online stores for smooth payments from PayPal accounts.
The campaign was noticed after observing multiple attempts of $0 transactions with stolen payment cards against Magento stores. As stated by ZDNet,
“Crooks aren’t using the stolen cards to place orders for real products, but merely initiating a $0-sized transaction and see if it returns any errors –and indirectly confirm that the card details are valid.”
Magento team confirmed the campaign, highlighting that it precisely targets the PayPal integration feature in Magento 2.1.x and 2.2.x versions. Regarding Magento 2.3.x versions, Magento has not noticed any active exploits yet. However, they do not rule out the possibility of the vulnerability of these versions to this campaign.
What You Should Do
For now, Magento recommends all users, especially, the store owners to employ robust security measures to protect their online shops. They advise using WAF, bot detection systems, and anti brute force measures to prevent any abusive events.
Besides, they also warn the store owners about the possible suspension of their PayPal accounts owing to recurrent automated operations. Thus, they may contact PayPal to know about any active security measures to avoid such happenings.