We propose a decoy-pulse method to overcome the photon-number-splitting attack for Bennett-Brassard 1984 quantum key distribution protocol in the presence of high loss: A legitimate user intentionally and randomly replaces signal pulses by multiphoton pulses (decoy pulses). Then they check the loss of the decoy pulses. If the loss of the decoy pulses is abnormally less than that of signal pulses, the whole protocol is aborted. Otherwise, to continue the protocol, they estimate the loss of signal multiphoton pulses based on that of decoy pulses. This estimation can be done with an assumption that the two losses have similar values. We justify that assumption.