Recommendation for Website Security

Hello. We are currently using the order forms that are within Infusionsoft. We have these integrated into our website and customers can place orders via the forms. Paypal is our processor.

All of a sudden over the last week we have received a ton of invalid credit cards. Paypal notifies us of the issue and then voids the transaction. According to them there is nothing they can do on there end- they recommend security on the site. Since the order pages are hosting on Infusionsoft’s server I’m not sure what the best option is- any recommendations?