I created a support ticket with the reCAPTCHA for WooCommerce team, and after applying their recommended configuration changes another fraudulent order following the same pattern as usual appeared over the weekend, which ended up making approximately a dozen transaction attempts with different credit card info. The I13 support team indicated they believed this attack was the work of a malicious human actor, which IP blocking has already failed to address since the originating IP changes each time.
Assuming these orders are not the work of a bot, what options are left to me as a site administrator to address repeated credit card fraud?
