 Posted - 01/04/2024 : 04:59:48
Hi Vince/everyone, We've recently been hit with some kind of exploit attack where we get 1000s of orders placed with random names, addresses and IPs. Braintree have come back with various recommendations but their main point is regarding the SDK version used. From what I can see, the 'inccart.php' code still calls 3.14.0 They have suggested we need to update to a later version, at least 5.5.0 or higher. Can we simply change the call from the code to a later PHP library or is there a lot more variables to change? For reference https://github.com/braintree/braintree_php/blob/master/CHANGELOG.md and https://developer.paypal.com/braintree/docs/reference/general/server-sdk-migration-guide/phpquote:
... it appears that the 3D Secure authentication was not completed successfully. This occurred because the Lookup was initiated before the Device Data was collected (error code 2270). To fix this, you'll basically need to (i) update your client to the latest version of our JS SDK and (ii) set the collectDeviceData option to true when calling verifyCard(). Starting from Braintree v3.94.0, this option facilitates additional device data collection, reducing lookup failures and authentication challenges for customers. Please refer to our recommended settings for specific information.
quote:
We recommend watching our SDKs on Github to stay informed about the latest versions and ensure you are using Braintree Web with the proper CSP directives.
Thanks for any help. | 
All Forums
Braintree SDK out of date - Site subject to attack