Hello @srpnutratea
If you see just a few failed orders like this, that’s expected and can happen from time to time. But if there’s a bunch of them coming in close together, especially with similar email or address patterns, then it’s likely part of fraud card testing. We’re in close contact with WooCommerce and PayPal to monitor and mitigate them. The majority of these attempts fail early in the process, and all are getting declined. But if you notice any that do succeed, let us know.
There are a few things you can do to help mitigate this:
- If you’re using Advanced Credit and Debit Card payments, it’s possible to force 3D Secure for every transaction.
- You can add reCAPTCHA or hCaptcha to your site to block automated submissions
- Make sure you’re using the latest plugin version; we implement fixes in each release.
I’m not sure what you already have in place, but if you’d like, I can share specific snippets that were successful for some users affected by this problem.
Kind Regards,
Krystian
Hi Krystian,
The weekend was quite difficult — we experienced over 40 failed payments. It appears that the WooCommerce PayPal payment plugin may have been compromised. I’ve also noticed several users reporting the same issue in the support forum.
Our website has had Cloudflare CAPTCHA enabled for a long time, so that doesn’t seem to preventing the issue. Your assistance will likely be needed to resolve this issue.
Kind regards,
SP
Hello @srpnutratea
Thank you for the message, and I’m sorry to hear about the difficult weekend.
We’re aware of the situation, and to be clear PayPal Payments plugin has not been compromised. That word suggests a breach or vulnerability in the plugin itself, which is not the case here. What you’re seeing is most likely a carding attack, a known issue where bots attempt hundreds of failed payments using stolen card details.
You’re not the only one affected. Several users have reported similar issues in the support forum, and we are actively gathering logs to help identify and block patterns associated with these attacks.
To assist you further, we would need to review your site’s debug logs. You can reach out to us directly and securely using the link below: Request Support
Please include the URL of this conversation when submitting the form so we can pick it up quickly.
Thanks again for flagging this.
Kind Regards,
Krystian
Hello @srpnutratea
Since the issue has been moved to the private support board, we consider this thread resolved.
If you still have any questions or if a new problem arises, don’t hesitate to open a new thread or reach out to our private board.
Kind regards,
Krystian
Hi Krystian,
The issue is not resolved even got out of hand.
The patch that was shared blocked other payment providers.
Kind regards,
SP
@srpnutratea what was the patch you received? We are having the same issue… Thanks!
