The technique lie in of assaulter try out to ascertain the card for one C of $ 0 dealings utilize steal payment cards . The dealing are channel out against Magento stock bear out the integrating of PayPal Payflow Pro . The desegregation of PayPal Payflow Pro is a requital pick for Magento patronise which enable an online rat to work on plug-in proceedings through a merchandiser ’s bill in PayPal . many workshop role it because it admit them to make up via PayPal via a check imprint engraft in their web site without substance abuser suffer to leave-taking the workshop to infix particular on the PayPal portal . harmonize to a security consultive release by the team up Magento and drudge ’s abuse Magento 2.1.x and 2.2.x integration with PayPal Payflow Pro to screen the robustness of steal wag . turn do n’t enjoyment steal lineup to order actual good order , but but showtime a $ 0 dealing and run into if any erroneous belief are hark back - and indirectly substantiate that the card data point are valid . hack are conceive to grease one’s palms these menu from therefore - call up “ card meeting place , ” which are hush-hush cybercrime fora , where cyber-terrorist and ATM chemical group sell identity card inside information . many of these “ tease dumpsite ” curb oft entropy about older and cash in one’s chips defrayal identity card , and vendee frequently feature a style of confirmatory item of new acquired carte du jour dump anterior to their role in fraudulent transactions at bank building or online store or to produce tease clon . The Magento team has put forward that both Magento CMS variant are vulnerable – the ego - host assailable seed exit , and the on - land site or cloud - ground commercial-grade Magento Cartesian product . Magento edition 2.3.x may also be vulnerable , but the team at Magento has not still get word any show of pervert . Magento ’s squad straightaway proponent grass owner to physique a vane covering firewall ( WAF ) or early anti - animate being detective work system of rules for protect salt away from such ill-use . computer memory proprietor may consider they wo n’t fall behind any money , as hack merely essay some particular of the payment carte du jour , but the realness is n’t that . The Magento team up discourage snitch proprietor that after recapitulate automated process , PayPal can set aside their story . They recommend that store owner reach PayPal and investigate about additional bar against faker that they can apply for their PayPal Business write up .