I haven’t had this problem, but I saw it reported. The problem is bots making purchases using invalid credit card credentials. The poster wondered how this could be mitigated and the reply was to use the plugin Advanced noCaptcha & invisible Captcha with invisible captcha enabled.
It is directly on the checkout page and blocks orders that it registers as bots.
I looked up the plugin (it is the WP repository) and it describes itself as being able to show noCaptcha or invisible captcha on various pages, including WooCommerce, Login, Register, Lost Password, Reset Password, etc.