Enforcement for bot abuse & ban evasion

Make bans cost more
than a new email.

lemma.id gives websites an identity-rooted enforcement layer for bot abuse, fraud, and ban evasion. Your existing systems detect suspicious behavior. lemma.id lets you bind risky accounts to a verified human, block site-private PPIDs, and require fresh IDV when abuse is confirmed.

Most users never see verification. Suspicious users do. Local signed proofs keep routine checks fast and private.

Checking credentials...

Raises the cost of the next account
Detection stays yours — enforcement gets teeth
Friction only on suspicion

Built for platforms where banned users come back: marketplaces, ticketing platforms, games, social apps, SaaS products, free trials, rewards programs, and any product where banned users return faster than you can remove them.

Example

A scalper creates 500 accounts. Your bot system catches 200 and bans them. Tomorrow, the same operator returns with new emails, SIMs, and proxies. With lemma.id, those accounts can be tied back to the same verified-person root, so the operator must pass fresh IDV instead of cheaply rotating infrastructure.

How lemma.id works

Most platforms can already detect abuse. The hard part is making the penalty stick. lemma.id adds the missing enforcement layer: bind accounts to a verified person, then make a banned user pay to come back.

1

Bind

Accounts link to a verified-person root, exposed to your site only as a site-private PPID. One human, one root — across resets and resource rotations.

2

Detect

Your existing fraud and abuse tooling flags bad behavior. lemma.id doesn't replace your detection — it gives your decisions teeth.

3

Enforce

Block the person and require fresh IDV to return. Swapping email, SIM, or IP won't mint a clean new account.

Before and after lemma.id

Before

Bot detected → account banned → attacker rotates email, SIM, or proxy → new account, free

With lemma.id

Bot detected → account tied to verified-person root → site-private PPID blocked → must pass fresh IDV to return

Master + Derived Credentials

Issue one master proof at lemma.id, then derive per-site credentials that preserve user privacy across domains.

PPID-Bound Privacy

Pairwise identifiers are derived per site, preventing simple cross-site correlation of user identity.

Local Verification Path

The SDK validates Ed25519 signatures, claims, and expiry without requiring a server call on each check.

Site-Scoped Blocking

Operators can block abuse immediately at the site level with deterministic check responses.

Network Revocation Review

Escalate severe abuse to network-wide revocation through an evidence-backed admin approval flow.

Simple Integration

Add a script tag and call verify() to get a fast human verdict plus PPID for your local policies.

Verification flow

Verification Happens In-Context, Not On Lemma

Users never have to travel to lemma.id. The SDK triggers verification in-flow on whichever site the user is on, the IDV provider runs there, and the signed credential lives in the user's browser wallet — not on a Lemma server.

First-time user, on any site

1

User on any site

Site loads the lemma.id SDK and calls verify().

2

Browser wallet check

SDK checks the user's browser wallet for an existing verified-human credential.

3

IDV issuer flow

None found. SDK launches in-context verification with an IDV issuer (Stripe Identity today).

4

Wallet stores credential

Signed master credential is written to the user's browser wallet — not to Lemma servers.

5

Site decision

Site receives a local Ed25519 verdict and a site-private PPID.

Returning user — any Lemma-enabled site

1

User on any site

SDK calls verify().

2

Browser wallet

Existing master credential is found locally.

3

Derive site PPID

Wallet derives a site-private credential from the master + this hostname.

4

Local verify

Ed25519 signature + revocation freshness checked entirely in-browser. No round-trip to Lemma.

5

Site decision

Site receives verdict and PPID for local policy.

The wallet works like a physical driver's license: issuers sign once, sites verify locally, and users carry the credential. Sites can't correlate you with each other — each sees only a site-private PPID. The issuer can recognize the same person across re-verification, and that's exactly what makes a ban enforceable.

Where lemma.id fits

Bans that actually stick

Wherever a ban is only as good as the cost of the next account. lemma.id binds accounts to a verified person, so blocked users can't rotate cheap resources to return.

Marketplaces

Stop banned sellers and scammers from re-listing under a fresh account the moment you remove them.

Dating & social

Break up repeat catfish, harassment, and ban-evasion rings — while keeping identity site-private.

Gaming

Make cheaters and smurfs pay to rebuild after every ban instead of starting over for free.

Reviews & UGC

Dismantle coordinated fake-review and sock-puppet networks that rebuild faster than you can remove them.

Fintech & rewards

Shut down bonus abuse and multi-accounting by tying each enrollment to one verified person.

Ticketing & releases

Raise the cost for scalpers who treat CAPTCHA as a line item and farm accounts at scale.

What lemma.id does and doesn't do. It raises the cost of a fresh identity from roughly zero to the cost of passing IDV again. That breaks the economics of high-volume, low-value abuse. It is not designed to stop a funded attacker willing to buy a verified identity for a single high-value target — it's designed to make everyday abuse stop paying.

The network effect

Enforcement that compounds across sites

Every site gets standalone value on day one — no network required. But because the person-root is shared, a verified human carries their proof across Lemma-enabled sites, and confirmed network-wide abuse can be revoked everywhere at once. The same identity can't simply start fresh somewhere else either.

Verify Once

Users complete one IDV verification in-flow on whichever site they're on — no detour to lemma.id. The signed master credential is stored in the user's browser wallet.

Derive Per Site

The wallet bridge derives a site-bound credential on first request, so each integration gets its own PPID and privacy boundary.

Two-Tier Revocation

Sites can block instantly at the domain level, then escalate to evidence-based network revocation for coordinated abuse response.

Integrate in two lines
<script src="https://lemma.id/sdk/ishuman-verifier.js"></script>
<script>new IsHumanVerifier({ siteId: 'your-site-id' }).verify();</script>
Get Verified Add to Your Site See Demo

IDV-issuer verified • Ed25519-signed • Site-private PPIDs

What lemma.id is not

Clear boundaries build trust. lemma.id is an enforcement layer — not a full fraud stack replacement.

Not bot detection

Your existing tools find suspicious behavior. lemma.id makes the consequence stick.

Not a global public identity

Each site sees only a site-private PPID — not one reusable ID across the web.

Not permanent punishment

Enforcement is tiered: site block, fresh IDV, then network revocation for severe abuse.

Not a full fraud replacement

Works alongside your risk stack — device fingerprinting, velocity rules, and behavior models.

What it is: an enforcement layer that makes repeat abuse harder to reset.

Give Your Bans Teeth

Add identity-rooted enforcement, step-up IDV on suspicion, and site-private privacy with a production-ready SDK and API — without running your own KYC stack.

Get Verified Watch Demo View docs

Bind • Detect • Enforce