|Attempted merchant account hacking|
payment processor charging me for hacking attempts!
I'm having a problem with some nitwit from Norway that keeps attempting to charge things, for unknown reasons, directly to my merchant account at my payment processor. Don't know why they're using my account ID but suspect maybe they're just scanning for IDs that will allow them to validate cards. It's always small odd amounts too, like $1.20, or $3.38, almost as if they were attempting to verify the CC is valid before defrauding it elsewhere for a larger sum of money without being detected too early.
I have all IPs to my merchant account processor blocked except those coming directly from my server, so they aren't succeeding, they are always rejected and declined.
However, the credit card processor is charging me for those declines, declines for transactions I'm not sending, transactions beyond my ability to control being sent directly to their servers.
I wrote to them today and asked quite bluntly why they were charging CHARGING ME for someone attempting to hack THEIR service, of which I have no control?
Has anyone else had this problem and how did you resolve it?
incrediBILL, it's not like this issue with Payflow Pro is it?
(This thread at another board from Jan 2011 reported an issue with upgraded Payflow Pro accounts experienced during Dec 2010):
|I am a customer of the Payflow Pro payment gateway. Originally I was a user of the Payflow Link gateway since 2002, but then in 2009 I upgraded to Payflow Pro, as I saw the Payflow Link gateway was very insecure and is too easy to exploit. |
Then last month [Dec 2010] I received over 21,000 fraudulent transactions through may Payflow Pro account. Someone was using my merchant account to test if credit cards were valid.
I spent days and days trying to communicate with people at PayPal, and they all denied there was any problem.
Finally I got to testing my Payflow Pro login ID with the old Payflow Link gateway (using a simple html "form" with my login ID). Surprisingly I was taken to a Payflow Link page to enter my credit card details, and at the top was my old business logo which I hadn't used in two years, and which was still being saved in the PayPal database even though I wasn't a customer of Payflow Link.
|Response Eric F 01/07/2011 09:50 AM |
In regards to this issue there was no security exploit, the issue is that when your account was upgraded from Payflow Link to Payflow Pro, there was bug which allowed your account to still process as Payflow Link and as stated we have since fixed this bug to not allow this to happen again.
Thank you for your patience.
Merchant Technical Services
PayPal, an eBay Company
Quick question: Does your payment processor require credentials in order to perform a charge? It's not clear from your posting how they are able to authenticate as you.
I assume they are going through the cart or is the processor available by searching for an ID number.
You said this
why I ask.
|directly to my merchant account at my payment processor |
I had the problem and had to get a cart to stop access to the gateway. They will not stop and it only gets worse you will be added to a board and all of a sudden u have 100's a day. At .25 per it adds up really fast.