Fraudulent Charges

Hello, it has been reported to us that multiple customers of ours have been the victims of stolen credit card numbers and fraudulent charges after purchasing from our store. On one such occasion, a customer received his new card and only made purchases from us, which is pretty strong evidence that we are the source of the stolen numbers.



Regarding Our Procedures:



We use regular 256 bit encryption, I am the ONLY person who works for the company, and I have recently changed all passwords for server root, cpanel and the cs-cart installation. We use PayPal as our credit card processor.



Does anyone know how to track where the security breach is coming from? If not, does anyone know who we might contact that specializes in detecting such breeches? Any help would be most appreciated.



Aubrey Clark

Take a look at this thread to see if it helps

Might want to look at this thread posted back in May: http://forum.cs-cart…35877-new-hack/



I've been getting a lot of security calls and this is he most common intrusion. If you have Wordpress running in a sub-directory of your store, get it under a different account and in its own document root. Almost every site I've looked at with this intrusion has Wordpress within the same cpanel account as cs-cart.



And if this is your intrusion and you are NOT monitoring file changes within your site on a daily basis, suggest you purchase our EZ Admin Helper addon and set it up to monitor your files every night for new/modified/deleted files within your site. Very cheap insurance.