Hello @antonic93
We are aware of this problem. But we have pretty solid prevention method that should fully mitigate the problem.
The latest version of the plugin introduces a native reCAPTCHA integration specifically designed to block automated abuse and card-testing activity at the PayPal payment endpoints. If you don’t have it yet update the plugin.
This version combines invisible reCAPTCHA v3/v2 captcha for potential bots or automated requests to protect to the PayPal payment endpoints. The protection is active on both the classic and block-based checkout and helps prevent automated card testing and other forms of malicious activity that can result in random declines or failed transactions. Unlike general CAPTCHA plugins, this implementation specifically protects the PayPal endpoints, so we recommend using it instead of third-party CAPTCHA solutions.
After installing the update, go to: WooCommerce → Settings → Integration → WooCommerce PayPal Payments CAPTCHA
Or open directly: /wp-admin/admin.php?page=wc-settings&tab=integration§ion=wppc
From there, generate your Site Key and Secret Key using the Google reCAPTCHA admin console and paste them into the corresponding fields. Once saved, the CAPTCHA will silently protect the checkout process without disrupting legitimate users.
Documentation is also available here: https://woocommerce.com/document/woocommerce-paypal-payments/fraud-and-disputes/
If you need any help during setup feel free to reach out.
Kind Regards,
Krystian
