Large number of Failed orders

  • Resolved simplyniknaks

    (@simplyniknaks)


    3 months, 4 weeks ago

    Last few days I have been having a large amount of Failed orders. I highly suspect it is an attempted hack as the order details are suspect (postcode does not correspond to street, telephone number begins with a 9 or 6 even though uk address, unusual customer names, etc).

    However, every so often an order goes through and payment processed. Yet when I check the details it did not pass Address Verification or CVV verification. How can this happen?

    I have both the official Paypal and woocommerce payments plugin on my site but I cant tell which was used to process the payment (although it was Paypal ultimately that processed it) – but either way with no address or CVV verification how come payment was accepted?

    Any ideas how to stop it? I have added the Cloudfare Turnstile plugin in an attempt to stop these orders but is there anything else I can do such as settings in the Paypal or woocommerce payments plugin?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support shahzeen(woo-hc)

    (@shahzeenfarooq)

    Hi there!

    First, it’s important to ensure that your payment gateway settings are configured to require Address Verification System (AVS) checks and CVV verification to help prevent unauthorized transactions.

    To assist you further, could you please provide more details about the exact payment methods you’re using? If you’re using any payment plugins, I recommend contacting the plugin provider to confirm if you need to enable AVS and CVV checks in the plugin settings.

    Alternatively, you can consider using the WooCommerce Anti-Fraud plugin to help manage and prevent fraudulent orders:
    WooCommerce Anti-Fraud Plugin.

    Let me know if you need more assistance!

    Thread Starter simplyniknaks

    (@simplyniknaks)

    Me getting large numbers of failed orders seems to have stopped so I am assuming the Cloudfare Turnstile plugin is doing its job and stopping bots from getting to the checkout/payment pages

    However, as I said previously, although most orders went to failed because payment did not pass fraud checks, there are a few that did go through, despite the details of the order saying No against both AVS and CVV checks. It is these I am now worried about.

    I am using both the woopayments and woocommerce paypal payments plugins

    Both seem to be configured correctly with fraud protection turned on. However, the orders that did go through are not in the woopayments transaction log – but they are in my Paypal account. So I am taking from this it is the Paypal plugin that accepted payment despite it not passing AVS and CVV checks. For now I have disabled the Paypal plugin and wont be taking Paypal payments.

    Plugin Support shahzeen(woo-hc)

    (@shahzeenfarooq)

    Hi there!

    Thank you for providing detailed information about the situation. It’s great to hear that the Cloudflare Turnstile plugin is helping to mitigate bot-related issues at the checkout.

    It does seem like the PayPal plugin may not be enforcing AVS and CVV checks as strictly as expected, leading to some payments being processed despite failing these checks. Since these transactions appear in your PayPal account but not in the WooPayments transaction log, it’s likely that the PayPal plugin handled them independently.

    Disabling the PayPal plugin is a reasonable step to prevent further issues while you investigate. I would also suggest contacting the plugin’s support team to inquire if there are any specific settings that need to be activated to prevent such orders.

    Thank you

    I have had the same issue. I will try removing paypal and adding Cloudfare as well, but what did you do with the money in PayPal from the few transactions that went through?

    I do have a website for training foreign-based dental graduates for 2 day, 4 and 6 day bench test programs. I did receive a lot of failed orders in my system due to allowing direct debit and credit cards in the Paypal as an “advanced processing option”. (I did turn it off now and no new spams).

    To delete the Orders, what I did was to install a plugin called AdminerEvo. I then exported all data from the table wp_orders in a csv file using the tool.

    I then ran a SQL command to delete all “wc-failed” orders and boom, it is fixed.

    DELETE
    FROM     eHoRa_wc_orders where status = 'wc-failed'
    LIMIT 2000

    • This reply was modified 2 days, 23 hours ago by rthasma. Reason: Make the link to open in a new tab
Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.