Posted - 05/31/2019 : 21:41:34
Got this from Paypal. I have seen what appeared to be carding at my website once and it pretty much ended with the multiple purchases IP blocking. Anybody not using the multiple purchases IP blocking should take notice of this one.
Anything else that can be done to prevent such a thing?
Does Paypal respond back with a code on a bounced transaction so that any user that may have fatfingered a value can be sent some sort of generic 'An error was detected in your account credentials"?
Due to significant fraudulent carding attacks occurring across the industry, Visa and MasterCard are looking at possible fines for merchants who don't take the appropriate actions to prevent carding; see here for more information on Carding.
To help in this regard, we'll be releasing a Carding Module in the coming weeks and wanted to inform you of this new feature so that you can begin to implement controls into your website to handle the new result code that will be returned. This feature will be auto-enabled when it goes live.
Sometime in late June; we’ll begin to monitor for a high-level of declines and invalid information such as expiration date or invalid Card Security Code (CSC) and if the number of declines exceeds the threshold set by PayPal, the carding module will be triggered.
Once the carding module is triggered, the following will occur:
1. An email will be sent to all ADMIN users on the account informing them of the attack. Please see reminder below.
2. The account will be blocked, and all transactions will be rejected.
3. A Result Code of 170, with the message of “Fraudulent activity detected: Carding”; RESULT=170, RESPMSG=Fraudulent activity detected: Carding, will be returned on ALL transactions while the account is being blocked.
To unblock your account, you can temporarily disable the carding module by performing the following actions:
1. Log into Manager at https://manager.paypal.com.
2. Click Account Administration
3. Under Manage Security, click Carding Prevention
4. To allow transactions to be accepted again, under Carding Prevention Status, select Not Blocked.
Within a few minutes, transactions will begin to be processed as normal. If any transactions received a result code of 170, they can be resubmitted if necessary either by performing a Reference Transaction or resending the transaction as a new one.
Important note: If you don’t take the appropriate action to prevent high-velocity attacks (carding), your account will be blocked again.
Please be aware that you're responsible for any transactional fees imposed by PayPal, or your bank for carding attacks. This service is being implemented to help minimize the impact and to warn you of possible fraudulent activity and to help reduce possible fees.