Problem with repeated fake orders with the PayPal Woocommerce Plugin

Go to solution
TS2188
Contributor
Contributor
Posted on
‎Nov-28-2024 08:43 AM

Using WooCommerce PayPal Payments - had a problem with repeated fake orders exploiting a vulnerability with the PayPal button. Added a captcha to the checkout which prevents the bots placing orders through Apple Pay and Google Pay (via Paypal). However, the Paypal button itself can be clicked even if the Captcha has been ignored, so the Paypal button is vulnerable and we can't prevent spam orders. The orders are spaced about 15 minutes apart, for the cheapest items in our store. From multiple IPs: 1[Removed. Phone #s not permitted] [removed] IPs are from all over. Germany, UK, Hong Kong, etc We've had to disable Paypal on all our sites until we can find a solution. Seems to be an issue with the Plugin but who do we contact to fix it?

https://woocommerce.com/document/woocommerce-paypal-payments/#get-help directed us to Paypal.

 

Thanks, hope someone can help 🙂

Login to Me Too
Login to Reply or Kudo
32 REPLIES 32

Go to solution
dedlobster
New Community Member
‎Dec-01-2024 06:57 AM

I'm also having the same issue. Submitting a ticket to WooCommerce about this today. We'll see what I hear back. Disabling PayPal Payments isn't really an option for this site as it's the only payment method we use. So this is very frustrating.

Login to Me Too
Login to Reply or Kudo

Go to solution
JT2312
Contributor
Contributor
‎Dec-01-2024 12:36 PM

Yes something needs to be fixed 

Login to Me Too
Login to Reply or Kudo

Go to solution
JT2312
Contributor
Contributor
‎Dec-01-2024 12:39 PM
Good luck! I’ve detailed the problem and all I got was a long generic response telling me using the plug in means I’m responsible for security The fraud is bypassing something that captcha doesn’t work .
Login to Me Too
Login to Reply or Kudo

Go to solution
AlexDon75
Contributor
Contributor
‎Dec-02-2024 01:17 AM

All the fake orders we receive are paid via credit/debit card and have occurred since we added Paypal advanced card processing.  Does anyone get payments made through other methods such as Apple or Google?

Login to Me Too
Login to Reply or Kudo

Go to solution
JT2312
Contributor
Contributor
‎Dec-02-2024 01:35 AM

this is not happening with other payment methods as they have different security processes.

Login to Me Too
Login to Reply or Kudo

Go to solution
MoeOo
Member
Member
‎Dec-02-2024 01:24 AM
moeoo3826@gmail com
Login to Me Too
Login to Reply or Kudo

Go to solution
TS2188
Contributor
Contributor
‎Dec-02-2024 02:20 AM

We have had this response from Paypal Payments Support:

 

From the plugin's perspective, as long as the orders are being declined, that means both the PayPal system and the plugin are doing their job in preventing fraudulent transactions. Unfortunately, there's not much more we can do from the plugin side if the transactions are failing.

However, there are several actions you can take to help mitigate attempted fraud:

  • Enable 3D Secure: If you use the Advanced Card Processing feature, enabling 3D Secure can add an extra layer of verification, making it more difficult for unauthorized users to process transactions with stolen card information.
  • Activate FraudNet: In the plugin settings, go to the Connection tab and enable FraudNet. This PayPal service uses advanced fraud detection technology to identify and prevent fraudulent activities.
  • Set Payment Intent to Authorize: Changing the payment intent to "Authorize" allows you to manually review transactions before they are finalized. This gives you the chance to verify orders and void any that seem suspicious before capturing the funds.
  • Use Additional Security Measures like ReCaptcha: You can use a ReCaptcha plugin to add another layer of security. This plugin has been tested and works well with PayPal Payments. You can find it here: ReCaptcha for WooCommerce.
Login to Me Too
Login to Reply or Kudo

Go to solution
TS2188
Contributor
Contributor
‎Dec-02-2024 02:23 AM

We are using ReCaptcha for WooCommerce but it's this free version - https://en-gb.wordpress.org/plugins/recaptcha-woo/ 

Login to Me Too
Login to Reply or Kudo

Go to solution
AlexDon75
Contributor
Contributor
‎Dec-02-2024 02:28 AM

We also have recaptcha but fake orders can get through.  3D secure is set for when required at the moment.   We have added some extra filters today through Paypal fraud protection under the business tools such as address and postcode match to see if it helps.  

Login to Me Too
Login to Reply or Kudo

Go to solution
bearblend
Contributor
Contributor
‎Dec-03-2024 01:20 PM

We are having the same issues. Somehow multiple orders are coming through as "processing" even though no payment was actually received. We noticed on our end that for some reason all the orders have the "company name" equal to the "billing city".  We have run security scans and there is no vulnerability on our end. It looks like all the orders say Payment via Credit or Debit Card. Paypal payments is our only transaction system. Do we need to turn it off and get something else? 

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.