PayPal has recently informed us of increased suspicious card activity affecting merchants across the market.
This notice is to help WooCommerce stores understand the situation, take the appropriate security steps, and ensure that checkout flows remain protected.
This advisory applies specifically to stores using the PayPal Payments plugin and PayPal’s built-in fraud-prevention features. WooCommerce stores using PayPal Payments may need to update their settings or upgrade to the latest plugin version to benefit from PayPal’s fraud-prevention tools, including PayPal’s CAPTCHA feature.
Your store’s security is our priority, and we recommend reviewing the information below.
What’s happening
↑ Back to topPayPal has detected a rise in suspicious card activity occurring across the broader market. As part of PayPal’s recommended security practices, certain fraud-prevention tools within the PayPal Payments plugin – including PayPal’s CAPTCHA – can help reduce risk during checkout.
Depending on which version of the PayPal Payments plugin you are currently using, the steps you need to take may differ.
If you’re using PayPal Payments v3.3.0 or higher
↑ Back to topYou may see the following in-product notice:
PayPal detected increased suspicious card activity in market. Please enable fraud protection in your PayPal Payment settings by enabling CAPTCHA for PayPal Payments.
To To help protect your store:
- Enable PayPal’s fraud protection features by turning on CAPTCHA for PayPal Payments
- Follow the setup instructions linked within the notice
- Or go directly to your PayPal Payments settings page at:Â
admin.php?page=wc-settings&tab=integration§ion=ppcp-recaptcha
This CAPTCHA feature is provided by PayPal and configured through the PayPal Payments plugin settings. It provides an additional layer of security for your checkout and is recommended by PayPal.
If you’re using an older version of the PayPal Payments plugin (below v3.3.0)
↑ Back to topYou will receive a notice after the next plugin update is released:
PayPal Payments v3.3.0+ includes important fraud management features. Please update your PayPal Payment plugin to the latest version to help keep your checkout secure.
We strongly recommend:
- Updating to the latest version of PayPal Payments
- Reviewing the changelog and update details here:
plugin-install.php?tab=plugin-information&plugin=woocommerce-paypal-payments§ion=changelog&TB_iframe=true&width=772&height=800
Upgrading ensures your store has access to PayPal’s most current fraud-protection tools, including PayPal’s CAPTCHA.
How to keep your checkout secure
↑ Back to topRegardless of your version, here are the best practices for protecting your store when using the PayPal Payments plugin:
- Keep the PayPal Payments plugin updated to the latest version
- Enable PayPal’s fraud protection settings (including PayPal’s CAPTCHA)
- Use strong, unique passwords and two-factor authentication on your WordPress admin
- Only install plugins from trusted sources, such as WooCommerce.com or WordPress.org
- Monitor your store for unusual orders or sudden spikes in failed transactions
Need help?
↑ Back to topIf you have questions or encounter issues with PayPal Payments or PayPal’s CAPTCHA feature, please reach out to the support team.
For general WooCommerce security guidance, you can always contact our support team through your WooCommerce.com account.
Your security is our priority.