homepage Welcome to WebmasterWorld Guest from 54.166.84.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Attempted merchant account hacking
payment processor charging me for hacking attempts!
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4426644 posted 8:06 pm on Mar 8, 2012 (gmt 0)

I'm having a problem with some nitwit from Norway that keeps attempting to charge things, for unknown reasons, directly to my merchant account at my payment processor. Don't know why they're using my account ID but suspect maybe they're just scanning for IDs that will allow them to validate cards. It's always small odd amounts too, like $1.20, or $3.38, almost as if they were attempting to verify the CC is valid before defrauding it elsewhere for a larger sum of money without being detected too early.

I have all IPs to my merchant account processor blocked except those coming directly from my server, so they aren't succeeding, they are always rejected and declined.

However, the credit card processor is charging me for those declines, declines for transactions I'm not sending, transactions beyond my ability to control being sent directly to their servers.

I wrote to them today and asked quite bluntly why they were charging CHARGING ME for someone attempting to hack THEIR service, of which I have no control?

Has anyone else had this problem and how did you resolve it?

 

thorsten iceland

5+ Year Member



 
Msg#: 4426644 posted 1:44 pm on Mar 15, 2012 (gmt 0)

incrediBILL, it's not like this issue with Payflow Pro is it?

(This thread at another board from Jan 2011 reported an issue with upgraded Payflow Pro accounts experienced during Dec 2010):

[webhostingtalk.com...]

I am a customer of the Payflow Pro payment gateway. Originally I was a user of the Payflow Link gateway since 2002, but then in 2009 I upgraded to Payflow Pro, as I saw the Payflow Link gateway was very insecure and is too easy to exploit.
...
Then last month [Dec 2010] I received over 21,000 fraudulent transactions through may Payflow Pro account. Someone was using my merchant account to test if credit cards were valid.
...
I spent days and days trying to communicate with people at PayPal, and they all denied there was any problem.
...
Finally I got to testing my Payflow Pro login ID with the old Payflow Link gateway (using a simple html "form" with my login ID). Surprisingly I was taken to a Payflow Link page to enter my credit card details, and at the top was my old business logo which I hadn't used in two years, and which was still being saved in the PayPal database even though I wasn't a customer of Payflow Link.
...
Response Eric F 01/07/2011 09:50 AM
Hi,

In regards to this issue there was no security exploit, the issue is that when your account was upgraded from Payflow Link to Payflow Pro, there was bug which allowed your account to still process as Payflow Link and as stated we have since fixed this bug to not allow this to happen again.

Thank you for your patience.

Sincerely,
Eric F
Merchant Technical Services
PayPal, an eBay Company

jwolthuis

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4426644 posted 11:09 am on Mar 16, 2012 (gmt 0)

Quick question: Does your payment processor require credentials in order to perform a charge? It's not clear from your posting how they are able to authenticate as you.

bwnbwn

WebmasterWorld Senior Member bwnbwn us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4426644 posted 5:13 pm on Mar 16, 2012 (gmt 0)

I assume they are going through the cart or is the processor available by searching for an ID number.
You said this
directly to my merchant account at my payment processor
why I ask.
I had the problem and had to get a cart to stop access to the gateway. They will not stop and it only gets worse you will be added to a board and all of a sudden u have 100's a day. At .25 per it adds up really fast.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved