Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Magento Records vs. PayFlow Pro Records - total fraud? 
 
Periculi
Sr. Member
 
Total Posts:  249
Joined:  2009-02-03
 

We just set up the Payflow Pro gateway and hooked it to our merchant account a couple days ago.

This morning there is a ‘declined’ charge coming from the ID and User we created for Magento.

Looking into it further - the PayPal records show a billing name, shipping address, and other order type information.

Magento Admin DOES NOT HAVE THIS ORDER

So - How is someone using the unique user we created for Magento for our merchant gateway to make an order that isn’t in Magento?

The Magento site is fully SSL, and it hasn’t even seen much traffic - we just started going live and have had a few visits - and now we have our first mystery fraud.

How is it that Magento can be so easily spoofed into sending a transaction?  This potentially really bad news for anyone using magento community version and a on-site payment method.

Thankfully the transaction was declined because of missing some information - but the real issue is how someone got the User ID for our merchant gateway from Magento so easily.  bad Magento!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top