What do I need to know about carding attacks, prevention, and the Payflow carding prevention module?
Payflow has implemented a carding feature designed to help merchants minimize carding attacks and their associated costs. The feature is enabled by default. The carding prevention module will monitor accounts for a high level of declines and invalid information provided. If the number of declines or invalid transactions exceeds the threshold set by Payflow, the carding module will be triggered, and the account will be blocked from processing until the block has been removed.
If your business model generates many valid declines or invalid transactions within a brief period, you can set your account to 'Whitelist'. Batch processing transactions is an example of a business model that might generate high declines and invalid transactions. However, please note that any accounts that opt out of the carding module and set their account to Whitelist are fully responsible for any fees associated with carding attacks.
Note: While this service minimizes carding attacks, please be aware that customers are responsible for any transactional fees imposed by PayPal or their bank that result from carding attacks.
What happens when the carding module is triggered?
If the carding module is triggered, the following will occur:
- An email is sent to all Admin users on the account, informing them that we have noticed an increase in declines on their account, and it has, therefore, been blocked from processing any further transactions.
- The account is blocked, and all transactions are rejected.
- While the account is blocked, result code 170 is returned for all attempted transactions, with the message of Fraudulent activity detected: Carding.
Unblocking an account
You can unblock your account by completing the following steps:
- Log into PayPal Manager.
- Click Account Administration.
- Under Manage Security, click Carding Prevention.
- To allow transactions to be accepted and return your account to normal processing, select Not Block under Enable Carding Prevention. It might take up to 5 minutes for the changes to take effect. Note: If your account is flagged for another carding attack, it will be blocked again.