our non-profit website was recently the victim of a stolen credit card verification scam. Over several days we received many donations that were processed through our paypal pro account. Most of these transactions were rejected, but a non-insignificant number were approved. We are hoping to learn from this and prevent it in the future (although our paypal account has been locked and we are not sure when if ever we may be allowed to resume). How is it possible that false data is entered on our site yet the transaction is approved by the paypal gateway? looking at the persons name and address it is obvious that they are not valid, and most of the successful transactions come back with AVSCODE of N, which should have caused the transaction to fail. Any information on how we may prevent this in the future, and explanations of how it may have happened would be appreciated.