Welcome to WebmasterWorld Guest from

Forum Moderators: buckworks

Message Too Old, No Replies

Attempted merchant account hacking

payment processor charging me for hacking attempts!

8:06 pm on Mar 8, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 99

I'm having a problem with some nitwit from Norway that keeps attempting to charge things, for unknown reasons, directly to my merchant account at my payment processor. Don't know why they're using my account ID but suspect maybe they're just scanning for IDs that will allow them to validate cards. It's always small odd amounts too, like $1.20, or $3.38, almost as if they were attempting to verify the CC is valid before defrauding it elsewhere for a larger sum of money without being detected too early.

I have all IPs to my merchant account processor blocked except those coming directly from my server, so they aren't succeeding, they are always rejected and declined.

However, the credit card processor is charging me for those declines, declines for transactions I'm not sending, transactions beyond my ability to control being sent directly to their servers.

I wrote to them today and asked quite bluntly why they were charging CHARGING ME for someone attempting to hack THEIR service, of which I have no control?

Has anyone else had this problem and how did you resolve it?
1:44 pm on Mar 15, 2012 (gmt 0)

New User

5+ Year Member

joined:July 1, 2008
posts: 29
votes: 0

incrediBILL, it's not like this issue with Payflow Pro is it?

(This thread at another board from Jan 2011 reported an issue with upgraded Payflow Pro accounts experienced during Dec 2010):


I am a customer of the Payflow Pro payment gateway. Originally I was a user of the Payflow Link gateway since 2002, but then in 2009 I upgraded to Payflow Pro, as I saw the Payflow Link gateway was very insecure and is too easy to exploit.
Then last month [Dec 2010] I received over 21,000 fraudulent transactions through may Payflow Pro account. Someone was using my merchant account to test if credit cards were valid.
I spent days and days trying to communicate with people at PayPal, and they all denied there was any problem.
Finally I got to testing my Payflow Pro login ID with the old Payflow Link gateway (using a simple html "form" with my login ID). Surprisingly I was taken to a Payflow Link page to enter my credit card details, and at the top was my old business logo which I hadn't used in two years, and which was still being saved in the PayPal database even though I wasn't a customer of Payflow Link.
Response Eric F 01/07/2011 09:50 AM

In regards to this issue there was no security exploit, the issue is that when your account was upgraded from Payflow Link to Payflow Pro, there was bug which allowed your account to still process as Payflow Link and as stated we have since fixed this bug to not allow this to happen again.

Thank you for your patience.

Eric F
Merchant Technical Services
PayPal, an eBay Company
11:09 am on Mar 16, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 6, 2005
votes: 0

Quick question: Does your payment processor require credentials in order to perform a charge? It's not clear from your posting how they are able to authenticate as you.
5:13 pm on Mar 16, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
votes: 22

I assume they are going through the cart or is the processor available by searching for an ID number.
You said this
directly to my merchant account at my payment processor
why I ask.
I had the problem and had to get a cart to stop access to the gateway. They will not stop and it only gets worse you will be added to a board and all of a sudden u have 100's a day. At .25 per it adds up really fast.