Q: I noticed a zero dollar transaction on my credit card statement initiated by your company “Qoppa Software”. Could you please explain why you are validating my credit card?
A: Payflow Link, our payment processor gateway, owned by Paypal was attacked twice:
- Monday September 29 2014
- Monday October 13 2014
About the attacks
It seems that hackers have been using Payflow Link Gateway, our payment processor gateway, owned by Paypal, to validate credit cards. Both times, we were the ones noticing the attacks on Monday morning due to the high volume of order notifications received from PayFlow. We immediately reported the attacks to Paypal. Both times, about 8,000 $0 transactions had already been run in only a few hours.
The attack did not initiate from our website, the hackers were directly processing transactions with Payflow and apparently simply using our account name. It was quite surprising and frustrating for us to hear from Paypal that they had no way to stop this kind of attacks. Apparently, it is not possible in their current system to setup any security filter for zero dollar transactions. We were appalled that they did not have even basic alerts or filter mechanism to prevent or stop this kind of attacks.
We were also told that this is a typical attack. There has been many security breaches in the last few months, hackers get a hold of a list of credit cards and try to validate them so they can resell them at a better price.
Could you have contacted me?
We had no way to contact victims of the attacks. The only information we received about the victims (through order notifications) were what seemed to be fake mailing and email addresses which had most probably been auto-generated by the hackers. There was no way we could have contacted anyone. Paypal could have followed the chain up to the victims attacks to inform their banks but it does not seem that they have done that.
What should I do?
We encourage you to contact your bank or credit card company immediately and cancel your credit card, which has obviously been compromised.
We apologize for the inconvenience that this is causing you but unfortunately, we are, like you, victim in these attacks. We are just on the other vendor side, instead of being on the customer side. Our business has suffered greatly on the days of the attacks with our website being brought down and us having to spend a lot of time and effort to resolve the issue.
Was Qoppa’s customers information compromised?
No. These attacks have not affected Qoppa’s customers at all. The attacks are external, they did not initiate from our website and our customers information was not compromised. In any case, there is no way our customers information can be jeopardized as we do not keep any financial information in our records, we always redirect customers to purchase through secure online payment processors. The hackers were simply using our account name with Payflow link, that’s all.
Interested in knowing what our company does?
Qoppa Software is specialized in PDF tools for end-users and / or for developers. Our well-known software, called PDF Studio, is a great alternative to Adobe Acrobat® on Windows, Mac and Linux that costs less than 1/3 of the price.