- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using WooCommerce PayPal Payments - had a problem with repeated fake orders exploiting a vulnerability with the PayPal button. Added a captcha to the checkout which prevents the bots placing orders through Apple Pay and Google Pay (via Paypal). However, the Paypal button itself can be clicked even if the Captcha has been ignored, so the Paypal button is vulnerable and we can't prevent spam orders. The orders are spaced about 15 minutes apart, for the cheapest items in our store. From multiple IPs: 1[Removed. Phone #s not permitted] [removed] IPs are from all over. Germany, UK, Hong Kong, etc We've had to disable Paypal on all our sites until we can find a solution. Seems to be an issue with the Plugin but who do we contact to fix it?
https://woocommerce.com/document/woocommerce-paypal-payments/#get-help directed us to Paypal.
Thanks, hope someone can help 🙂
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, same for us! The only way to stop it has been disabling Paypal's "Advanced Card Processing" in Woo Commerce --> Settings --> Payments
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having the EXACT same issue in Australia .
Cancelling all PayPal integration until someone speaks to me. Surely this is something that needs to be patched ASAP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I called Paypal direct and spoke to Technical support. They said it happens a lot. Advised me to refund the dodgy orders, and don’t worry about it, as the robots will probably move on to target other sites.
I've also reported that fake orders come from multiple IPs to the plugin support team via WooCommerce.
I followed the advice and re-enabled the Paypal plugin, but another of our sites has been targeted overnight. This is bad, we need a solution ASAP!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disappointing. I won't be reinstating the app until I see some sort of action to stop it happening again. or some rules we can implement as sellers to reject payments for example if the email is a bunch of numbers and looks fake. All the fake orders I have are gmails with multiple numbers in the address. thats a flag in itself.
The criminals will move on is really not a comforting answer to this problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same. All order email are the person's name (likely a fake name, most don't look like real names) - and then a period (.) followed by a random 6-digit number, then gmail.com - (for example, my latest order was from Ban [removed], with email address: [removed]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've received this reply from Paypal Payments Support:
From the plugin's perspective, as long as the orders are being declined, that means both the PayPal system and the plugin are doing their job in preventing fraudulent transactions. Unfortunately, there's not much more we can do from the plugin side if the transactions are failing.
However, there are several actions you can take to help mitigate attempted fraud:
- Enable 3D Secure: If you use the Advanced Card Processing feature, enabling 3D Secure can add an extra layer of verification, making it more difficult for unauthorized users to process transactions with stolen card information.
- Activate FraudNet: In the plugin settings, go to the Connection tab and enable FraudNet. This PayPal service uses advanced fraud detection technology to identify and prevent fraudulent activities.
- Set Payment Intent to Authorize: Changing the payment intent to "Authorize" allows you to manually review transactions before they are finalized. This gives you the chance to verify orders and void any that seem suspicious before capturing the funds.
- Use Additional Security Measures like ReCaptcha: You can use a ReCaptcha plugin to add another layer of security. This plugin has been tested and works well with PayPal Payments. You can find it here: ReCaptcha for WooCommerce.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We followed all the recommended actions from Paypal Payments Support but still received a fake order. Then we realised that all fake orders were coming from the Credit / Debit Card via Paypal option on the checkout page. We've disabled this function for the time being, to see if it resolves the problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, same for us! The only way to stop it has been disabling Paypal's "Advanced Card Processing" in Woo Commerce --> Settings --> Payments
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Me too. I'm not sure what the Advanced Card Processing added to the site but it is disabled now.
- « Previous page
- Next page »
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Issue with Updating Payment Method for Outstanding Transactions in Transactions
- I have been trying to contact support for 3 days and it says there are no support people available in Security and Fraud
- I have an e-commerce store with WooCommerce, and I have problems in Managing Account
- Paying fee via bitcoin in Security and Fraud