Paypal Getting Hacked on WooCommerce?

[Toby C]

I've had a couple of clients contact me recently about Paypal scam transactions on WooCommerce.  Sometimes Paypal blocks the transactions, but we've seen some get through (possibly stolen credit cards or maybe something else).  

Has anyone else seen an uptick in Paypal-specific scam transactions?  

Toby

[Barbara Schendel-Kent]

I have not, but following to hear what others say.

[Jodi Stammer]

I don’t use PayPal so cannot comment on any uptick. But when I have had this happen with Stripe/Woo, I installed Cloudflare Turnstile and it stopped immediately.

 

Jodi

--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/mpls-stpaul-wordpress/CAFV3fm%3Dv_hTUr_d01s77ZptMdzSTB_YLCaZA2QxJpKXB%2B%3D8JDA%40mail.gmail.com.

[Eric Celeste]

Jodi, what kind of pricing do you experience with Turnstile? I find it a bit mysterious that their pricing page shows only $0 and "enterprise" custom pricing. ...Eric

[Jodi Stammer]

Hi Eric:

I'm using the free version. I've only got it installed on two sites right now. One is e-comm, the other is not. I probably installed it on the second one because it was getting a lot of spam from Google Ads.

It says up to 20 widgets for free and 15 hostnames for each widget. I'm not really sure the difference between a widget and a hostname. I'm using one widget per site, but maybe I could have both under one widget? It's a mystery to me.

I don't know much about Cloudflare and this is currently the only way I'm using it. I know a lot of people insist on using it for their DNS and have all kinds of rules set up to fight bots. I haven't gone down that rabbit hole (yet?).

Jodi

--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mpls-stpaul-word...@googlegroups.com.

To view this discussion visit https://groups.google.com/d/msgid/mpls-stpaul-wordpress/9E7B77A4-A783-4A30-A5E0-59DC952203AE%40tenseg.net.

[Brett Wysocki]

I've been using Turnstile for a couple years now, much lighter alternative to Google's reCAPTCHA.  I use it on pretty much all forms/WooCommerce instances I manage, and I don't pay for any of it.  You can add multiple domains (even ones outside Cloudflare) to the Turnstile instances and use those keys on those domains.

On the original thread: I've also had issues with other CC processors (Stripe/Square) where users/bots were getting the cheapest item from the store and attempting to pay using what I assume were stolen CC's, we'd get like 300-ish a night for a couple days.

Used WordFence (rate limiting) & Turnstile to tamp down on repeat processors, seemed like it was too much effort for whoever targeted our eCommerce store, haven't had that issue since.  This was about 18 months ago.

I can't say I've had any issues with PayPal though.

Brett

[Justin Foell]

How much are the items they're trying to purchase? Seems like this could be fraudsters using those low-cost products to do card testing: https://chargebacks911.com/ecommerce-fraud/card-testing/

One thing you can do is require an account before they can checkout. Several other ideas here: https://woocommerce.com/document/how-do-i-prevent-and-respond-to-card-testing-attacks/