Did anyone else receive this email? We use Paypal Payflow for credit card processing.
I'm unclear on whether we have to change anything in Opencart to support this - in particular the code "170" that they mention, or, if this is transparent and will work OK?
We are on 188.8.131.52
Here is a more detailed article about it as well": https://www.paypal.com/us/smarthelp/article/ts2243
Payflow Carding Prevention
Due to significant fraudulent carding attacks occurring across the
industry, Visa and MasterCard are looking at possible fines for merchants
who don't take the appropriate actions to prevent carding; see
http://www.paypal.com/us/smarthelp/article/ts2243 for more information on
To help in this regard, we'll be releasing a Carding Module in the coming
weeks and wanted to inform you of this new feature so that you can begin
to implement controls into your website to handle the new result code that
will be returned. This feature will be auto-enabled when it goes live.
Sometime in late June; we’ll begin to monitor for a high-level of declines
and invalid information such as expiration date or invalid Card Security
Code (CSC) and if the number of declines exceeds the threshold set by
PayPal, the carding module will be triggered.
Once the carding module is triggered, the following will occur:
1. 1. An email will be sent to all ADMIN users on the account informing
them of the attack. Please see reminder below.
2. The account will be blocked, and all transactions will be rejected.
3. A Result Code of 170, with the message of “Fraudulent activity
detected: Carding”; RESULT=170, RESPMSG=Fraudulent activity detected:
Carding, will be returned on ALL transactions while the account is being
To unblock your account, you can temporarily disable the carding module by
performing the following actions:
1. Log into Manager at https://manager.paypal.com.
2. Click Account Administration
3. Under Manage Security, click Carding Prevention
4. To allow transactions to be accepted again, under Carding Prevention
Status, select Not Blocked.
Within a few minutes, transactions will begin to be processed as normal.
If any transactions received a result code of 170, they can be resubmitted
if necessary either by performing a Reference Transaction or resending the
transaction as a new one.
Important note: If you don’t take the appropriate action to prevent
high-velocity attacks (carding), your account will be blocked again.
Please be aware that you're responsible for any transactional fees imposed
by PayPal, or your bank for carding attacks. This service is being
implemented to help minimize the impact and to warn you of possible
fraudulent activity and to help reduce possible fees.
If your account is using an application that's not subject to carding;
such as card present (in-person) transactions, or offline billing
applications, then the likelihood of this service being triggered is
remote. However, if your business model generates a high number of valid
declines or invalid transactions within a short period of time, please
contact your Account Manager or email Payflow support at
mailto:email@example.com?subject= with the following verbiage
(the request must come from an ADMIN user on the account.):
"By opting out of the Payflow Carding Prevention Service for the account
<merchant login id>, I <full name> understand and agree that I will be
held fully responsible for all fees associated with any fraudulent
activity on my account from either my bank or PayPal. In accordance with
the Payflow Gateway Services Agreement, all fees are due immediately and
• Administrators (ADMIN Users) are the only users who will receive
notification of suspension of the account due to carding. Please log into
the PayPal Manager and verify the ADMIN users on the account to make sure
the information like name, email and so on are correct and/or add any new
administrators as needed.
• The Primary and Secondary contacts in PayPal Manager will be deprecated
in the future. Please make sure to validate that these contacts are an
administrator under Manage Users.
• The Carding Module is not a full solution and is only a tool to help
minimize carding attacks and it's important that you implement other
measures into your website as mentioned in the FAQ above in conjunction
with this service.
• Keep an eye out for an Alert in PayPal Manager with the actual date to
production as we get closer to rolling out this feature.
Who is online
Users browsing this forum: No registered users and 8 guests