MDVA-31282: double authorization on Paypal PayFlow Pro
The MDVA-31282 patch solves the issue when double authorizations occur on Paypal PayFlow Pro in Adobe Commerce. The double authorizations also have the effect of bypassing PayFlow Pro’s fraud filters and doubling transaction fees. This patch is available when the Quality Patches Tool (QPT) 1.0.7 is installed.
Affected products and versions
The patch is created for Adobe Commerce version:
- Adobe Commerce on cloud infrastructure 2.3.5-p2
Compatible with Adobe Commerce versions:
- Adobe Commerce (all deployment methods) 2.3.2 - 2.3.3 and 2.3.5 - 2.3.6
magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.Issue
Double authorizations occur in PayPal PayFlow Pro in Adobe Commerce that have the effect of bypassing PayFlow Pro’s fraud filters and doubling transaction fees.
Prerequisites:
Configure PayPal PayFlow Pro payment method.
Steps to reproduce:
- Go to the frontend as a guest customer.
- Add products to Shopping Cart from product pages.
- Proceed to Checkout.
- Specify Shipping address as an address in Country #1 (Example: UK address), and select a shipping method.
- Select PayPal PayFlow Pro as the payment method. Specify the Billing address as an address in Country #2 (Example: USA address).
- Enter credit card data, and place the order.
- Navigate to Sales > Orders in admin and observe created order.
Expected results:
- The Payment Information block displays: "Triggered Fraud Filters: RESPMSG: Under review by Fraud Service. Order is in Suspected Fraud status".
- Paypal PayFlow Pro shows a single authorization transaction as expected.
Actual results:
- The Payment Information block displays: "Triggered Fraud Filters: RESPMSG: Under review by Fraud Service. Order is in Processing status".
- Paypal PayFlow Pro shows double authorization transactions.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
- Adobe Commerce or Magento Open Source on-premises: Software Update Guide > Apply Patches in our developer documentation.
- Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in our developer documentation.
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches in our support knowledge base.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in our support knowledge base.
For info about other patches available in QPT, refer to Patches available in QPT in our developer documentation.