Fraud Protection Advice

Resolved yoizen
(@yoizen)

1 month ago

Hello,
as the title says, I’m seeing this message in my WooCommerce dashboard:

“Fraud protection is now required — enable today. Card networks like Visa and Mastercard now require fraud prevention controls, and non-compliance may result in fines and processing restrictions. Please enable reCAPTCHA in your PayPal Payments settings.”

In the PayPal Payments configuration I only see the option to enable Google reCAPTCHA.
Is there a way to use Cloudflare Turnstile instead?

I already have Turnstile enabled on my website using the “Simple CAPTCHA Alternative with Cloudflare Turnstile” plugin, and it is active on the WooCommerce checkout, but the warning message is still displayed.

Am I safe using Turnstile for checkout, or could I have issues such as payment restrictions from PayPal if I don’t enable Google reCAPTCHA?

Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support Krystian Syde
(@inpsydekrystian)

1 month ago

Hello @yoizen

Currently, PayPal Payments for WooCommerce only supports Google reCAPTCHA as a built-in fraud protection option. Documentation is available here in case you decide to enable it: https://woocommerce.com/document/woocommerce-paypal-payments/fraud-and-disputes/

From a functional and compliance perspective, it is up to you which protection you use on your site. There is no enforcement on PayPal’s side that requires Google reCAPTCHA specifically to be enabled in the plugin.

The warning message in the WooCommerce dashboard is tied only to the Google reCAPTCHA toggle in the PayPal Payments settings. If you want to remove that notice, the only way to do so is to enable Google reCAPTCHA there. Some merchants choose to run both reCAPTCHA and Turnstile in parallel, which is also fine from a PayPal perspective.

Kind Regards,
Krystian

Thread Starter yoizen
(@yoizen)

1 month ago

So, if I understand correctly, I won’t have any issues like restrictions from PayPal if I use Turnstile. The only “problem” I would have is that the advice banner will stay on the WooCommerce dashboard, right?

Plugin Support Krystian Syde
(@inpsydekrystian)

1 month ago

Hello @yoizen

I want to be clear upfront that I cannot act as a compliance authority or speak on behalf of PayPal, Visa, or Mastercard directly. My role here is limited to the PayPal Payments plugin from a development and integration perspective.

This notice is intended for cases where merchants are heavily targeted by fraudulent or automated card testing attempts. If Cloudflare Turnstile is already doing its job and effectively blocking those attempts, there is no practical risk from a PayPal integration point of view.

As an alternative, you can also run both Cloudflare Turnstile and Google reCAPTCHA in parallel.

For absolute certainty on compliance wording from Visa or Mastercard, I would still recommend confirming this directly with PayPal Merchant Support, as they are the party that enforces and interprets those requirements at the account level.

Kind Regards,
Krystian

Thread Starter yoizen
(@yoizen)

1 month ago

Hello Krystian,

thank you for the detailed explanation and for clarifying the scope of the notice. That helps a lot.

I appreciate the insight regarding Turnstile and the context around the warning message. I’ll take your suggestion into account and, if needed, will also reach out to PayPal Merchant Support for an official confirmation.

Thanks again for your time and support.

Kind regards,
Alex

Plugin Support Krystian Syde
(@inpsydekrystian)

1 month ago

Hello @yoizen

No worries, always happy to help.

If this helped and you’re happy with the support or plugin, feel free to leave a quick review on WordPress. It means a lot to us and shows that we are needed.

Kind regards,
Krystian

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.