Human proofs for abuse-resistant accounts

Stop the same abuser
from coming back as a new account.

Human proofs let you require one verified human behind high-risk accounts, without storing ID documents or building a KYC stack yourself. Underneath is lemma.id, a proof wallet your users hold. Most users only ever need passkey continuity. When a ban has to survive a new email, SIM, device, and IP, you step up and require a human proof.

Add to Your Site See the Demo
User-held proof wallet
Step up to isHuman when risk rises
No ID documents on your servers

Built for platforms where account rotation is the actual attack. Ticketing and presale drops, marketplaces, gaming, free trials, rewards programs. Anywhere it costs an abuser almost nothing to make the next account.

Example

A scalper creates 500 accounts. Your fraud team catches 200 of them and bans them. Tomorrow the same person is back with new emails, new SIMs, new proxies. Passkeys alone can't fix this: they recognize a returning wallet, but nothing stops an abuser from making another one. If you require human proofs, coming back means passing identity verification again. Rotating emails and IPs stops minting clean accounts.

Assurance levels

One integration, three levels of assurance

You don't have to demand ID checks from everyone on day one. Start with passkey continuity, verify a signed proof on your backend where it matters, and only require a human proof for the accounts and actions where one-person-one-account is the whole point.

Passkey continuity

Recognize the same returning wallet with a stable, site-private PPID. Good for continuity and for trying the integration. Be honest with yourself about the limit, though: anyone can create another wallet, so this tier alone won't stop repeat abusers.

Signed presentation

Before creating an account or accepting a risky action, your backend checks a signed proof from the user's wallet. You get something you can actually trust server-side, and no KYC data ever lands on your servers.

isHuman

The enforcement tier. One account per verified human, which means a ban actually costs the abuser something. This is the tier to require when new-account rotation is the attack you're fighting.

For your real users

Already verified? No ceremony on your site.

A user who completed isHuman on any lemma.id-enabled site can clear your gate instantly. No ID check, no document upload, no signup friction. They already proved they're human; your site just asks for the proof.

Most fraud tools cost you conversion. This is one of the few that can improve it for returning verified users. Every new integrator makes the next signup smoother for everyone on the network.

Why teams choose lemma.id

The gap between login and KYC

A login provider tells you which account signed in. A bot tool tells you which session looks suspicious. Neither can tell you that two accounts are the same person. Human proofs fill that gap, and lemma.id keeps the proof private and verifiable on your own backend, so you don't end up running an identity database to get it.

lemma.id + your site Auth0 / Google SSO Direct KYC on your stack
Your servers store human + ~80-char PPID Email, name, shared sub ID images, name, DOB, reports
Cross-site linkability Different PPID per site Same user ID across apps You own the identity store
Return-visit checks Local, no lemma.id call Server token validation Vendor re-query or re-verify
Why you need it Private PPID binding; passkey for continuity, human proofs for Sybil resistance Great for login, weak against new accounts Strong signal, high compliance and breach burden
Same human across accounts
requires human proofs
Person-root binding: one human, one PPID New email = new account Strong, but you run KYC
Ban survives rotation
requires human proofs
Block the human root, not just the email Attacker rotates email or OAuth account Strong, but you run KYC

Full trust & data comparison →

How it works

Bind, detect, enforce

lemma.id doesn't replace your login, your fraud model, or your moderation queue. It gives those systems something durable to act on when they decide someone has to go.

1

Bind

Tie your user record to a site-private PPID. At the passkey tier that PPID means "same wallet as last time." With a human proof behind it, it means "same verified human."

2

Detect

Your existing fraud and moderation tools flag bad behavior, same as today. lemma.id never decides who's bad. It just makes sure the consequence follows the person, not the email address.

3

Enforce

Block the PPID, raise the required assurance, or demand fresh identity verification. You can also challenge without banning: site doubt forces a fresh ID check on a suspect account without a permanent block, for teams that want enforcement without false-positive risk. Once human proofs are required, a new email or a new SIM card doesn't buy anyone a clean slate.

Before

Bot detected → account banned → attacker rotates email, SIM, or proxy → new account, free

With human proofs required

Bot detected → account tied to verified human root → site-private PPID blocked → must pass fresh IDV to return

See the full verification flow and data model →

Verifiable audit stamps

Prove a verified human did it, later

After verification, stamp any action (a checkout, a post, a moderation call) with an offline-verifiable proof that a verified human performed it. The evidence lives entirely in your systems. Re-verify years later without calling lemma.id.

Stamp at the action

The SDK's stamp() helper attaches a signed credential to any event your backend records. One line at checkout, one line at account creation.

Verify offline

Your servers re-check the stamp with the same local verifier you use at signup. No network call, no vendor dependency on audit review day.

Your data, your systems

lemma.id does not store your audit logs. The stamp travels with your row. Useful for regulators, chargebacks, and "was this a human or an agent?" questions.

See stamp integration →

Developer integration

Verify a signed presentation on your backend

Most of your users start at the passkey tier and never see an ID check. Where you need one human per account, ask for isHuman at signup or on the risky action. Your backend verifies the signed presentation itself and never touches KYC data.

Recommended signup gate (isHuman when Sybil resistance matters)
<script src="https://lemma.id/sdk/ishuman-verifier.js"></script>
<script>
  const verifier = new IsHumanVerifier({ siteId: 'app.example.com' });
  const { ok, presentation } = await verifier.verifyForBackend({
    autoProvision: true,
    requiredAssurance: 'ishuman',
  });
  if (!ok) throw new Error('not_verified');
  await fetch('/api/signup', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ presentation }),
  });
</script>
View integration docs See the demo

Product boundaries

What lemma.id is not

It's worth being clear about where lemma.id fits. It sits between your login, your fraud detection, and identity verification. It doesn't replace any of them.

Not bot detection

Finding suspicious behavior is your fraud stack's job. lemma.id's job is making the ban stick once you've decided.

Not a global identity

Every site gets its own PPID for each user. There is no shared identifier that follows people across the web.

Not an identity store you run

Your servers hold a verdict and a PPID. No ID documents, no names, no dates of birth.

What it is: a way to require one verified human per account when that matters, built on a proof wallet your users hold. You get bans that stick without running an identity database. Read more about the approach →

Add isHuman to your site

The next time you ban someone, make it the last time you have to. The integration is a script tag and a backend check.

Add to Your Site Watch Demo

Bind • Detect • Enforce