I help a lot of client with their ecommerce websites (mostly WooCommerce), attacks became so common recently, could be AI, but I found the best way to deal with this is to trace the patterns in access log and block the same patterns of checkout submission, this have worked really well for me. There are a lot of card testing attacks that Stripe doesn't care to handle as well as a lot of other fraud techniques, but there is always a pattern, especially automated ones. There is country, IP range, certain behavior (eg; no js, or direct api calls..etc). I really think it's easy to deal with this if you're willing to look deeper than a dashboard.