Hack cost me £2160. Because Visa Demand Investigation
Posted: Tue Aug 02, 2016 5:18 am
Scumbag got an email EVERY time credit card details entered on my website....
Hi All
I'll be brief, basically my site got hacked. They (rather clever but most annoying person) placed just 3 lines of code into the PayPal Pro Payment mod.
These simple three lines dropped him an email whenever someone entered credit card details using PayPal Pro payment (the one where people enter the values actually on your website, in my opinion this is the least effort for the customer in most cases, and they just choose paypal express if wanted).
However, that's bad, and VISA are now DEMANDING I get a 'PFI Lite' (PCI Forensic Investigation). Otherwise I'll be blacklisted.
They (PayPal) don't state what 'blacklisted' means; me as a person, the business, what?
I may be in for fines from Visa too. Around £2000 is what the PFI people are saying.
Has anything like this happened to you?
I have trustwave scanner, and virus scanner and what I though was a locked down setup on a business (Shared) server (£35/month).
I really feel if this happened to me, It really could happen to you.
And given I had no idea that I would be liable for such a bill, from Visa of all people, I thought I should share.
If you have PayPal Pro, you are at risk of this bill too.
What are you doing to prevent this happening to you?
Thanks for your feedback and support...
Hi All
I'll be brief, basically my site got hacked. They (rather clever but most annoying person) placed just 3 lines of code into the PayPal Pro Payment mod.
These simple three lines dropped him an email whenever someone entered credit card details using PayPal Pro payment (the one where people enter the values actually on your website, in my opinion this is the least effort for the customer in most cases, and they just choose paypal express if wanted).
However, that's bad, and VISA are now DEMANDING I get a 'PFI Lite' (PCI Forensic Investigation). Otherwise I'll be blacklisted.
They (PayPal) don't state what 'blacklisted' means; me as a person, the business, what?
I may be in for fines from Visa too. Around £2000 is what the PFI people are saying.
Has anything like this happened to you?
I have trustwave scanner, and virus scanner and what I though was a locked down setup on a business (Shared) server (£35/month).
I really feel if this happened to me, It really could happen to you.
And given I had no idea that I would be liable for such a bill, from Visa of all people, I thought I should share.
If you have PayPal Pro, you are at risk of this bill too.
What are you doing to prevent this happening to you?
Thanks for your feedback and support...