- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using WooCommerce PayPal Payments - had a problem with repeated fake orders exploiting a vulnerability with the PayPal button. Added a captcha to the checkout which prevents the bots placing orders through Apple Pay and Google Pay (via Paypal). However, the Paypal button itself can be clicked even if the Captcha has been ignored, so the Paypal button is vulnerable and we can't prevent spam orders. The orders are spaced about 15 minutes apart, for the cheapest items in our store. From multiple IPs: 1[Removed. Phone #s not permitted] [removed] IPs are from all over. Germany, UK, Hong Kong, etc We've had to disable Paypal on all our sites until we can find a solution. Seems to be an issue with the Plugin but who do we contact to fix it?
https://woocommerce.com/document/woocommerce-paypal-payments/#get-help directed us to Paypal.
Thanks, hope someone can help 🙂
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm also having the same issue. Submitting a ticket to WooCommerce about this today. We'll see what I hear back. Disabling PayPal Payments isn't really an option for this site as it's the only payment method we use. So this is very frustrating.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All the fake orders we receive are paid via credit/debit card and have occurred since we added Paypal advanced card processing. Does anyone get payments made through other methods such as Apple or Google?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is not happening with other payment methods as they have different security processes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have had this response from Paypal Payments Support:
From the plugin's perspective, as long as the orders are being declined, that means both the PayPal system and the plugin are doing their job in preventing fraudulent transactions. Unfortunately, there's not much more we can do from the plugin side if the transactions are failing.
However, there are several actions you can take to help mitigate attempted fraud:
- Enable 3D Secure: If you use the Advanced Card Processing feature, enabling 3D Secure can add an extra layer of verification, making it more difficult for unauthorized users to process transactions with stolen card information.
- Activate FraudNet: In the plugin settings, go to the Connection tab and enable FraudNet. This PayPal service uses advanced fraud detection technology to identify and prevent fraudulent activities.
- Set Payment Intent to Authorize: Changing the payment intent to "Authorize" allows you to manually review transactions before they are finalized. This gives you the chance to verify orders and void any that seem suspicious before capturing the funds.
- Use Additional Security Measures like ReCaptcha: You can use a ReCaptcha plugin to add another layer of security. This plugin has been tested and works well with PayPal Payments. You can find it here: ReCaptcha for WooCommerce.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using ReCaptcha for WooCommerce but it's this free version - https://en-gb.wordpress.org/plugins/recaptcha-woo/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We also have recaptcha but fake orders can get through. 3D secure is set for when required at the moment. We have added some extra filters today through Paypal fraud protection under the business tools such as address and postcode match to see if it helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are having the same issues. Somehow multiple orders are coming through as "processing" even though no payment was actually received. We noticed on our end that for some reason all the orders have the "company name" equal to the "billing city". We have run security scans and there is no vulnerability on our end. It looks like all the orders say Payment via Credit or Debit Card. Paypal payments is our only transaction system. Do we need to turn it off and get something else?

Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Problem with repeated fake orders with the PayPal Woocommerce Plugin in Security and Fraud
- I want to fight a dispute in Security and Fraud
- Customers payment status for a subscription plan is pending in Transactions
- Are calls from Cork (Ireland) legit from Paypal in Security and Fraud
- Customer debited but I did not receive anything on my account in Transactions