Comment by imdavidsantiago

Sounds like automated chargeback abuse, maybe for card testing or just to exploit your payment/dispute setup. We’ve dealt with similar stuff.

A few things that helped us: – Browser fingerprinting (FingerprintJS or even basic user agent + behavior tracking) – Logging full headers + TLS fingerprints — IPs rotate, but some other patterns leak through – Introduce small friction in the payment flow (e.g. lightweight CAPTCHA or JS challenge) – Look at timing patterns — automation tends to work in strict intervals

PayPal support is notoriously slow for anything that’s not cookie-cutter. Try emailing merchanttechsupport@paypal.com — they’ve been more useful in escalated cases.

This kind of thing is more common than you’d think, especially for platforms selling digital goods.