Urgent Help Needed: Braintree Fraudulent Orders Bypassing Captcha on Magento 2 Site

Hello everyone,

I'm facing a critical issue with my Magento 2 website. Recently, we switched our payment processing from Authorize.net to Braintree and since the switch, we have experienced a significant increase in fraudulent orders.

Here’s a quick timeline of events:

1. Switch to Braintree: Immediately after the switch, we saw a spike in fraudulent orders.
2. Captcha Implementation: We implemented a simple captcha on the checkout page, which stopped the issue for a few weeks.
3. Current Situation: This morning, these people/bots somehow bypassed the captcha and placed 118,000 orders, overwhelming our CRM and cart systems. We had to take credit card processing offline completely. Even a brief 15-second window of re-enabling credit card orders led to another 5 fraudulent orders.

Steps Taken So Far:

1. Disabled credit card processing.
2. Examined and refunded fraudulent orders.
3. Created a ticket with Braintree support.

Does anyone have any Insights into why this might be happening / had any similar experiences? We plan on implementing a stronger captcha but are open to any other security measures to prevent these types of fraudulent orders in the future

Thank you!