diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index 1bc3776801c..566d74c764a 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -453,6 +453,26 @@ class WC_Form_Handler {
 		if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) {
 			wc_nocache_headers();
 
+			// Test rate limit.
+			$current_user_id = get_current_user_id();
+			$rate_limit_id   = 'add_payment_method_' . $current_user_id;
+			$delay           = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 );
+
+			if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) {
+				wc_add_notice(
+					/* translators: %d number of seconds */
+					_n(
+						'You cannot add a new payment method so soon after the previous one. Please wait for %d second.',
+						'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.',
+								$delay,
+						'woocommerce' ),
+					'error'
+				);
+				return;
+			}
+			
+			WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay);
+
 			$nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
 
 			if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) {
diff --git a/includes/class-wc-rate-limiter.php b/includes/class-wc-rate-limiter.php
new file mode 100644
index 00000000000..5a582160125
--- /dev/null
+++ b/includes/class-wc-rate-limiter.php
@@ -0,0 +1,79 @@
+<?php
+/**
+ * Provide basic rate limiting functionality via WP Options API.
+ *
+ * Currently only provides a simple limit by delaying action by X seconds.
+ *
+ * Example usage:
+ *
+ * When an action runs, call set_rate_limit, e.g.:
+ *
+ * WC_Rate_Limiter::set_rate_limit( "{$my_action_name}_{$user_id}", $delay );
+ *
+ * This sets a timestamp for future timestamp after which action can run again.
+ *
+ *
+ * Then before running the action again, check if the action is allowed to run, e.g.:
+ *
+ * if ( WC_Rate_Limiter::retried_too_soon( "{$my_action_name}_{$user_id}" ) ) {
+ *     add_notice( 'Sorry, too soon!' );
+ * }
+ *
+ * @package WooCommerce/Classes
+ * @version 3.9.0
+ * @since   3.9.0
+ */
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Rate limit class.
+ */
+class WC_Rate_Limiter {
+
+	/**
+	 * Constructs Option name from action identifier.
+	 *
+	 * @param $id
+	 * @return string
+	 */
+	public static function storage_id( $id ) {
+		return 'woocommerce_rate_limit_' . $id;
+	}
+
+	/**
+	 * Returns true if the action is not allowed to be run by the rate limiter yet, false otherwise.
+	 *
+	 * @param $id Identifier for the action
+	 * @return bool
+	 */
+	public static function retried_too_soon( $id ) {
+		$next_try_allowed_at = get_option( self::storage_id( $id ) );
+
+		// No record of action running, so action is allowed to run.
+		if ( false === $next_try_allowed_at ) {
+			return false;
+		}
+
+		// Before allowed next run, retry not allowed yet.
+		if ( time() <= $next_try_allowed_at ) {
+			return true;
+		}
+
+		// After allowed next run, retry allowed.
+		return false;
+	}
+
+	/**
+	 * Sets the rate limit delay in seconds for action with identifier $id.
+	 *
+	 * @param $id Identifier for the action.
+	 * @param $delay Delay in seconds.
+	 * @return bool True if the option setting was successful, false otherwise.
+	 */
+	public static function set_rate_limit( $id, $delay ) {
+		$option_name = self::storage_id( $id );
+		$next_try_allowed_at = time() + $delay;
+		return update_option( $option_name, $next_try_allowed_at );
+	}
+}
diff --git a/tests/unit-tests/util/class-wc-rate-limiter.php b/tests/unit-tests/util/class-wc-rate-limiter.php
new file mode 100644
index 00000000000..f57c0f024ae
--- /dev/null
+++ b/tests/unit-tests/util/class-wc-rate-limiter.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * File for the WC_Rate_Limiter class.
+ *
+ * @package WooCommerce\Tests\Util
+ */
+
+/**
+ * Test class for WC_Rate_Limiter.
+ * @since 3.9.0
+ */
+class WC_Tests_Rate_Limiter extends WC_Unit_Test_Case {
+
+
+	/**
+	 * Run setup code for unit tests.
+	 */
+	public function setUp() {
+		parent::setUp();
+	}
+
+	/**
+	 * Run tear down code for unit tests.
+	 */
+	public function tearDown() {
+		parent::tearDown();
+	}
+
+	/**
+	 * Test setting the limit and running rate limited actions.
+	 *
+	 * @since 2.6.0
+	 */
+	public function test_rate_limit_limits() {
+		$action_identifier = 'action_1';
+		$user_1_id = 10;
+		$user_2_id = 15;
+
+		$rate_limit_id_1 = $action_identifier . $user_1_id;
+		$rate_limit_id_2 = $action_identifier . $user_2_id;
+
+		WC_Rate_Limiter::set_rate_limit( $rate_limit_id_1, 1 );
+
+		$this->assertEquals( true, WC_Rate_Limiter::retried_too_soon( $rate_limit_id_1 ), 'retried_too_soon allowed action to run too soon.' );
+		$this->assertEquals( false, WC_Rate_Limiter::retried_too_soon( $rate_limit_id_2 ), 'retried_too_soon did not allow action to run for another user.' );
+
+		sleep(1);
+        $this->assertEquals( true, WC_Rate_Limiter::retried_too_soon( $rate_limit_id_1 ), 'retried_too_soon did not allow action to run after the designated delay.' );
+        $this->assertEquals( true, WC_Rate_Limiter::retried_too_soon( $rate_limit_id_2 ), 'retried_too_soon did not allow action to run for another user.' );
+	}
+
+}