Smart Buttons on Single Product causing a surge of Failed Orders

Question

Smart Buttons on Single Product causing a surge of Failed Orders

bighippo999 opened this issue a month ago · 3 comments

Describe the Bug

We've had the Smart Buttons enabled for Single Product pages since forever without issue. But the last few days we've been seeing a lot a failed orders. There's some commonalty amongst them:
the email address {name}.{6 digits}@gmail.com
they all have a company name
they all have a phone number
they are all ordering single products not variable products.

We use cloudflare, WAF, cloudflare turnstile and a few other security measures, but these are all getting through.
It appears that the buy now button on single product pages has no/little protection except that it doesn't appear for variations until options are select. It's getting clicked by whatever bots and they're giving fake info to the PayPal popup window which does ask for company a phone number (we don't require it). Via the cart/checkout would trigger form verification on our end and turnstile should prevent it, but the paypal popup is outside of our control.

To Reproduce

It's impossible to say how to reproduce. but we're seeing this across multiple websites.

Expected Behavior

PayPal to do a better job of detecting these junk order attempts on their form and stop submitting them as failed orders. It would be better still if the buy now button could have some protection, i.e it's not an issue on variable products.

Actual Behavior

Lots of orders that are failing, but it's making the queues much much harder to work, we have to delete these failed orders in order to see the real orders. but they just keep coming.

Environment

WordPress Version - 6.7.1
WooCommerce Version - 9.4.2
Plugin Version - 2.9.4

Additional Details

Out of around 100 failed orders, it's not just a handful of IP addresses, or browser types, anything that we could firewall.
So we've had to turn off the buy now button on single products and that appears to have stopped it. but it's a feature we and customers do like, so we'd like to be able to turn it back on.

Answer 1 · 2024-12-04T21:41:15.000Z

I think we may be getting a few reports like these.

References:

9116596-zen
9128512-zen
9120487-zen

Answer 2 · 2024-12-05T06:47:04.000Z

Hello @bighippo999

We are aware that there has been an increase in such attacks recently, mainly involving credit cards. However, its first one regarding the use of the single product page button, but it makes sense. We'd like to investigate it further along with the logs.

While we value your input and feedback, GitHub is predominantly used for our development activities. For a prompt and detailed response, we kindly ask that you reach out directly to our [support team](https://woocommerce.com/document/woocommerce-paypal-payments/#get-help).

When you contact our support team, please include a copy of your [WooCommerce system report](https://woocommerce.com/document/understanding-the-woocommerce-system-status-report/). This will help us get to the bottom of your issue more quickly.

We'll be closing this GitHub issue for now. However, once you reach out to our support team, rest assured they'll be ready to assist you with your concerns. Thank you for your understanding!

Kind regards,
Krystian