I have noticed a strange issue recently on the Magento checkout. The same thing occurs whether I am using the default onpage Magento checkout, or if I am using the lotusbreath onepage checkout extension.
When I go to the checkout, there is a credit card form, in place of where you would usually have a list of payment methods (PayPal, Pay In Store, Sage Pay etc.). I can not see these other options now.
When I load the page, I do see them load, very briefly, but they are immediatley replaced by this form. I have disabled all payment methods, apart from pay in store, sag pay and paypal. Sage pay takes the user to their website to process payments, so the form does not belong to that.
Where could this come from?
Best Answer
This sounds like your site has been hacked. I'm sure this credit card form is displayed via JavaScript and sends entered credit card data to some unknown server far away, stealing your customers credit cards.
Take the site offline immediately and then start investigating the PHP code and other files, as well as configurations where scripts could have been added (often in System > Configuration > Design).
Then change passwords, make sure, that all security patches are applied and server software is up to date.
You will also have to notify your customers about this exploit, if people were trying to buy on your site while this form was in place.
See also: What should you do with the hacked installation?