PayPal Community

TS2188 · ‎Nov-28-2024

Using WooCommerce PayPal Payments - had a problem with repeated fake orders exploiting a vulnerability with the PayPal button. Added a captcha to the checkout which prevents the bots placing orders through Apple Pay and Google Pay (via Paypal). However, the Paypal button itself can be clicked even if the Captcha has been ignored, so the Paypal button is vulnerable and we can't prevent spam orders. The orders are spaced about 15 minutes apart, for the cheapest items in our store. From multiple IPs: 1[Removed. Phone #s not permitted] [removed] IPs are from all over. Germany, UK, Hong Kong, etc We've had to disable Paypal on all our sites until we can find a solution. Seems to be an issue with the Plugin but who do we contact to fix it?

https://woocommerce.com/document/woocommerce-paypal-payments/#get-help directed us to Paypal.

Thanks, hope someone can help 🙂

AlexDon75 · ‎Dec-05-2024

Unfortunately the extra fraud protection from Paypal didn't stop them so for now we've turned Paypal advanced card processing off. This means we can only accept payments via Paypal, google pay and Apple. Customers can obviously still use credit/debit card through the paypal option.

This has stopped all of the fake order attempts.

We did have a couple of fake orders actually complete with payments being made. We contacted Paypal about these and they were refunded along with the fees. Paypal however have charged us the full order values as a chargeback. They are looking into this so do check your Paypal accounts!

Castle_Willow · ‎Dec-09-2024

@AlexDon75 Do you mind me asking how you managed to contact Paypal? I have the same issue but have gone round in circles trying to find how to report the fake order!!

AlexDon75 · ‎Dec-09-2024

I've been phoning them. I tell the automated reply that I want to refund a transaction and if that doesn't get me through to a human I say speak to advisor.

They refund any fake orders straight away including fees but check your end of month statements for any chargebacks made by Paypal.

DanO-EWO · ‎Dec-06-2024

Ditto - we're having the same exact issue as you've described, down to the exact format of the email. Advanced Card Processing is the culprit I'm told and there might be a new release in a few days. We're not ready to turn off our CC processing right now, but getting close. Seems like the only sure way to get this to stop.

kippertie-store · ‎Dec-06-2024

Same exact issue here. Very hard to defend against as the presence of the smart button is all that is required for the bot to exploit. All orders have the same format to the email, but even if I require account creation and ban the email format with a script the orders still come through - this is clearly a vulnerability in the PP / Woo system and not acceptable.

RuthM1 · ‎Dec-06-2024

I was having the same problem. Over 290 failed orders since November 30. They all had the same pattern. Used credit cards, fake address, city used where the company name usually appears, addresses don't validate, and email is firstname.lastname.randomnumber-at-gmail.com . No orders over $40USD. I added reCAPTCHA on the checkout page but they still came through.

I have now disabled Advanced Card Processing from WooCommerce PayPal Payments plugin and the failed orders have stopped. It has been 19 hour since the last failed order.

I don't know where the bug is but this fixed the immediate problem.

-- Ruth

Himalayan · ‎Dec-08-2024

Mee too, website based in Germany - over 50 fake orders in 2 hours, all with fake UK addresses.

But I can not find "Advanced Card Processing" in Woo Commerce --> Settings --> Payments

this option does not exist in my Paypal plug in

Castle_Willow · ‎Dec-09-2024

We have also had this problem for the same time period, though thankfully none today. I put the Cloudflare Turnstile Recaptcha, took off the guest checkout option and they still kept coming. However, one got through as a valid order and 'paid' via Paypal, but it was only when checking the address I realised it wasn't a complete address and of course emailing the customer to check it resulted in a bounce on the email.

I have seen on this forum that people have said to issue the refund, but if I don't get the fee back, we are losing out as sellers. I have looked at flagging the transaction but there is no option on the support, it only seems to assume I am a buyer or that someone has been fraudulent on the account itself.

Is there any way to report the transaction to Paypalk themselves, I have gone round in circles on support. I don't really want to be out of pocket for a fake order, even it is only £1.20. And I don't want a chargeback to rear its head as someone else reported!

AlexDon75 · ‎Dec-09-2024

Ring Paypal. They'll refund the fees and the transaction. They are aware of the issue and are apparently investigating it.

RuthM1 · ‎Dec-09-2024

Phase two has started. One of the fake entries that made it through to PayPal via credit card has disputed the charge. What do they get out of this scam? Will the refund be made to a real PayPal account or was a stolen credit card used? I understand PayPal will refund the entire thing including the fee, but what do the scammers get out of this?

-- Ruth

PayPal Community

Problem with repeated fake orders with the PayPal Woocommerce Plugin

Haven't Found your Answer?