According to the latest statistics by Builtwith.com, WooCommerce shops account for about 30% of all e-commerce websites. For that very reason, the popular e-commerce platform is often under attack by fraudsters. The most problematic ones tends to be those looking to place fraudulent orders using stolen credit cards, as chargebacks in these cases lead to loss of physical products - plus a chargeback fee by your payment processor. And not to mention the risk of having a merchant account shut down due to a large number of fraudulent orders...
Since I've been dealing with these for years, these are my best tips to prevalent them (or at least slow them down).
1. Mandatory CCV2
There is no good reason not to require CCV2 at the checkout, which is a secret 3 or 4 digital code on the back of your credit card. This is one of the most basic forms of fraud prevention which works well in a lot of cases. Notably, it works best for credit card that have been stolen using skimming techniques since they usually cannot scrape credit card secret code.
2. Velocity settings
Every payment processor worth its while should have a robust anti-fraud system that includes tweaking velocity filters. In a nutshell, velocity filters allow you to limit the number of transactions on a daily or hourly basis. If you process 100 orders daily on average, having 300 orders per day should raise an alarm of two, for example. The same goes for hourly number of transactions. Play with it and find the limit after which you'll be notified and have a chance to take action before more damage is done.
3. AVS filters
AVS (Address Verification Services) is a tool that compares address details for the credit card on file with the billing details entered at the checkout page. This is another tool that will quickly help you weed out suspicion transactions if there is no full, or at least partial match. Most payment processors offer fine-tuning AVS filters to have you decline, hold or auto-approve transactions based on full, partial or no AVS match. I would recommend having it set up to at least HOLD for review transactions whose AVS filters do not match at all.
4. Google reCaptcha
I know, I know. Adding any kind of reCaptcha to the checkout page will probably lower your conversion rate. But hear me out.
If you're suffering from a high number of carding attempts, this might be the best (temporary) solution to the problem. Carding is a fraudulent practice in which a script is used to test a large number of stolen credit cards in short period of time in attempt to find out which ones are valid. This is a high priority issue as merchant processor are keen on shutting down your account if there are thousands of declined charge attempts on a daily basis on your website.
If you do not have an immediate access to tweak anti-fraud filters as recommended in the first 3 steps, then setting Google reCaptcha could be the best temporary solution. Make sure to add it to "Add payment method" page under "My account" section of WooCommerce as well! I recommend WooCommerce official Google reCaptcha plugin for this.
For more tips & tricks on WooCommerce and Wordpress, check out Woo Tales.