Ask HN: Hit by fraudulent stripe payments on our SaaS platform

We are a low code platform for building internal tools. We have an open signup via gmail or you can create a company account. Since last two days we are seeing an unusal pattern of payments from newly created accounts. In our world -> this cant happen as unless some one makes something working and needs end users to use it there is no real need to subscribe to a paid plan. They were mostly all gmail signups or temp emails. IP address detected by Stripe suggest they are all random. (must be IP spoofed)

things we did so far:

1) activated stripe radar and decreased risk profile to filter weed

2) added captcha to our payment page

inspite of the above we kept getting fraudulent payments. This suggests that we have been hit by a manual attack as the attackers are able to circumvent captcha. However scale at which this is happening doesn’t seem manual But given the randomness of time element between each payment try, it starts seeming manual.

Question is - are there a set of best practices we are missing to thwart this in either case of attack being manual or automated?