Where does IRBIS fit in an e-commerce fraud stack?

IRBIS sits between your data collection and your risk decision engine. You call the IRBIS enrichment API with a phone number, email, or IP at checkout or account registration. The API returns identity signals — carrier data, social graph, breach status, VPN detection — which your fraud model uses to score the transaction.

What signals does IRBIS return for e-commerce fraud detection?

Phone intelligence (carrier, line type, VoIP detection), email enrichment (linked accounts, social footprint depth), IP geolocation and VPN/proxy/Tor detection, phone-vs-IP country mismatch score, breach exposure status, and reverse face search for account verification.

Can IRBIS detect synthetic identity fraud?

Yes. Synthetic identities typically have thin digital footprints — a phone number with no messaging app presence, an email with no linked social accounts, or a mismatched IP location. IRBIS surfaces these signals so your risk model can flag low-confidence identities before they complete a purchase.

Is IRBIS a replacement for Stripe Radar or Signifyd?

No — IRBIS is identity intelligence infrastructure, not a fraud decisioning tool. Stripe Radar and Signifyd make the decision. IRBIS gives them better data to work with. You can call the IRBIS API to enrich transaction data before passing it to your fraud engine, or use it alongside any existing fraud prevention tool.

How fast is the API response?

IRBIS uses an async model — you POST a lookup and GET results when ready. Most enrichment results are available within 10–30 seconds. The lookupId model means your checkout flow never blocks waiting on a data lookup.

Does IRBIS work for international e-commerce?

Yes. IRBIS covers 200+ countries. This is particularly useful for cross-border e-commerce where order addresses, IP locations, and phone country codes frequently mismatch — a strong fraud signal that US-only providers miss entirely.

E-commerce Fraud · Identity Enrichment API

Stop Chargebacks Before
the Order Ships

Q: How does IRBIS help reduce e-commerce chargebacks?

IRBIS enriches customer data at checkout or account creation with phone intelligence, email graph, and IP signals. When the phone number is VoIP, the email has no social footprint, or the IP country mismatches the shipping address, your fraud model gets flagged before the order ships — stopping chargebacks before they happen.

Q: What's the pricing model?

Credit-based — you buy credits and spend them per lookup. No monthly minimum. No charge for empty responses. Free trial credits included on registration. Full details at espysys.com/pricing.

IRBIS enriches checkout and account data with phone intelligence, email graph, IP signals, and breach data. Feed your fraud engine real identity signals — not just transaction patterns.

Get Free API Key → Read the Docs

6Signal types

200+Countries

1API key

15 minTo integrate

Checkout enrichment · real-time

Customer submits at checkout

phone: "+14155552671"
email: "buyer@gmail.com"
ip: "185.220.101.x"

IRBIS enrichment call

POST /api/developer/post
ids: ["phone","real_phone","ip","breach"]

{ "line_type": "voip", "carrier": "TextNow", "social_accounts": [], "ip_country": "RO", "phone_country": "US", "country_mismatch": true, "breaches": 3 }

High fraud risk — flag for review

The problem

Transaction Data Alone Doesn't Catch Modern Fraud

Fraud models built on transaction patterns miss the signals that live in identity data. Here's what your current stack is probably getting wrong.

💳

Chargebacks from synthetic identities

A fake customer passes your checkout because the card clears and the shipping address is real. The fraud is in the identity — a VoIP phone, an email with no social accounts, an IP from a different continent.

Industry avg: 0.6% chargeback rate

👤

Account takeover at registration

Fraudsters create accounts with stolen or synthetic identities, build purchase history, then cash out with high-value orders. Standard email/password checks don't catch it — identity enrichment does.

ATO fraud up 354% since 2019

🌍

Cross-border fraud signals missed

A phone registered in Nigeria, an IP from Romania, a shipping address in New York, and a US-format name. Each check passes individually. Together they're an obvious fraud pattern — but only if you cross-reference them.

60%+ of fraud is cross-border

Identity signals

What IRBIS Returns at Checkout

Six types of identity signal — each one a data point your fraud model currently doesn't have.

📱

Phone Intelligence

id: "phone" · "real_phone"

Is the phone number real and active? Is it mobile, VoIP, or landline? Who is the carrier? Does the number appear in WhatsApp or Telegram? VoIP numbers from services like TextNow are used in the vast majority of synthetic identity fraud.

VoIP detectionCarrierActive checkMessaging apps

✉️

Email Graph

id: "email"

How many social accounts are linked to this email? A real customer typically has Facebook, LinkedIn, or at least one other platform registered to their email. A synthetic identity usually has none. Thin email graphs are one of the strongest fraud signals available.

Social footprintPlatform accountsThin graph = risk

🌐

IP Geolocation & VPN

id: "ip" · "phone_ip"

Where is the session IP located? Is it a VPN, proxy, or Tor exit node? Does the IP country match the phone's registered country? A US phone checking out through a Romanian IP is a flag that no transaction-only system catches.

VPN / proxyGeolocationCountry mismatch

🔓

Breach Exposure

id: "breach"

Has this email or phone appeared in known data breaches? Breach exposure is heavily correlated with account takeover attempts — fraudsters use leaked credential lists to test accounts at scale.

ATO signalBreach countData types

🖼️

Reverse Face Search

id: "face"

For platforms that collect ID documents or selfies at account creation, IRBIS can reverse-search the face image against online sources — catching stolen photos used to construct fake identity documents.

Photo verificationStolen image detect

👤

Phone vs Name Validation

id: "phone_name"

Cross-check the name a customer provided against the name associated with the phone number in carrier and messaging app data. A mismatch is a direct indicator of identity inconsistency at the point of purchase.

Name mismatchConfidence score

How it works

Where IRBIS Fits in Your Stack

IRBIS is identity intelligence infrastructure — it feeds your fraud engine the signals it needs to make sharper decisions.

Customer submits checkout data

Phone, email, IP, shipping address — whatever your checkout form collects

IRBIS enrichment call ← you are here

POST phone/email/IP to IRBIS API — get back carrier data, social graph, VPN status, breach count, name match score

Your fraud model scores the enriched data

Stripe Radar, Signifyd, Kount, your in-house model — IRBIS feeds them better inputs

Approve / review / block

Auto-approve clean orders, route borderline cases to manual review, block high-confidence fraud before shipping

What teams stop doing after adding IRBIS

→ Manually reviewing orders that "feel off" without data to back it up

→ Losing disputes because the chargeback evidence is only transaction-level

→ Blocking legitimate international orders due to crude country-block rules

→ Getting blind-sided by VoIP numbers that pass phone verification

→ Running four separate enrichment API contracts for different signal types

Most teams wire in the phone and email endpoints first — those two alone catch the majority of synthetic identity and ATO fraud patterns. IP and breach checks layer on top for higher-confidence scoring.

Fraud patterns

The Signals That Give Fraud Away

These are the specific combinations IRBIS surfaces — the ones that transaction data alone can't see.

📵

VoIP number + no social footprint

A TextNow or Google Voice number with zero messaging app presence and an email that has no linked accounts. Classic synthetic identity. Real customers have real phones and digital histories.

line_type: "voip" + social_accounts: []

🌍

IP country ≠ phone country

The session is coming from Eastern Europe but the phone number is registered in the US. This mismatch, combined with a VPN or proxy flag, is one of the top three signals for cross-border fraud.

ip_country: "RO" + phone_country: "US"

🔑

Breached email used at checkout

The email address appears in three data breach databases. This doesn't mean the order is fraudulent — but combined with a VoIP number or IP mismatch, it pushes a borderline order into review territory.

breaches: 3 + line_type: "voip"

🪪

Name doesn't match phone owner

The order says "John Smith" but the phone number is registered to "Maria Garcia" in carrier and WhatsApp data. A direct identity inconsistency that no transaction signal would ever surface.

phone_name_match: false (score: 0.08)

🔁

Newly created email, thin history

The email was registered recently and has no linked social profiles, no platform accounts, no digital footprint at all. Legitimate customers accumulate an email graph over months and years. Fraudsters don't.

social_accounts: [] + email_age: "days"

🛡️

Tor exit node or datacenter IP

The session IP resolves to a known Tor exit node or a datacenter ASN rather than a residential ISP. Legitimate shoppers don't route purchases through Tor. This alone is worth an automatic review flag.

ip_type: "tor" + proxy: true

How we compare

IRBIS vs Other Enrichment Options

For e-commerce fraud, the key question is which signals you can access and whether they cover international orders. Most providers fall short on both.

Signal / capability	IRBIS	Ekata	Telesign	Sift	LexisNexis	Pipl
VoIP / line type detection	✓	✓	✓ Core	Partial	✓	✗
Social footprint depth	✓	Partial	✗	Behavioral	Partial	✓
IP geolocation + VPN/Tor	✓	✓	Partial	✓	✓	✗
Phone-vs-IP country mismatch	✓	Partial	✗	✗	✗	✗
Name-vs-phone validation	✓	Partial	Partial	✗	✓	✗
Breach / dark web exposure	✓	✗	✗	✗	Partial	✗
Reverse face / photo search	✓ Unique	✗	✗	✗	✗	✗
International / non-US coverage	✓ 200+	US-heavy	✓	✓	✓	Partial
Raw signal data (not just score)	✓	Score only	Score only	Score only	Score only	Partial
All signals under one API key	✓	✗	✗	✗	✗	✗
Pay per lookup (no subscription)	✓	Enterprise	Subscription	Subscription	Enterprise	Subscription

Integration

One Call at Checkout. No Extra Infrastructure.

Add IRBIS enrichment to your existing checkout flow in a few hours. One POST request — returns the signals you need for your fraud model to make a better decision.

Checkout enrichment · cURL

# Enrich at checkout — phone + IP + breach
curl -X POST \
  https://irbis.espysys.com/api/developer/post \
  -H "Authorization: Bearer YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "searches": [
      { "id": "phone", "term": "+14155552671" },
      { "id": "real_phone", "term": "+14155552671" },
      { "id": "ip", "term": "185.220.101.47" },
      { "id": "breach", "term": "buyer@gmail.com" }
    ]
  }'

# Get lookupId back immediately
{ "lookupId": "lk_7f4c21b9e" }

# Retrieve results (10-30 seconds)
curl \
  https://irbis.espysys.com/api/developer/results/lk_7f4c21b9e \
  -H "Authorization: Bearer YOUR_KEY"

Run multiple checks in one call

The searches array takes multiple signal types in a single POST — phone, IP, and breach check in one round trip rather than three separate API calls.

Non-blocking async model

POST returns a lookupId immediately. Your checkout flow doesn't wait on the enrichment — you retrieve results asynchronously and apply them to the order risk score before fulfilment.

Works alongside your existing tools

IRBIS enriches data — it doesn't replace Stripe Radar, Signifyd, or your in-house model. Add IRBIS signals as additional features to your existing fraud scoring without changing your decision logic.

Full API documentation →

FAQ

E-commerce Fraud API — FAQs

How does IRBIS reduce chargebacks?

IRBIS enriches order data at checkout with phone intelligence, email graph depth, and IP signals. When a phone is VoIP, the email has no social footprint, or the IP country mismatches the phone country, your fraud model gets the signal before the order ships — which stops the chargeback before it happens.

Where does IRBIS fit in my fraud stack?

Between data collection and your risk decision. You call the IRBIS enrichment API with a phone, email, or IP. IRBIS returns identity signals. Your fraud engine — Stripe Radar, Signifyd, or your own model — uses those signals to score the transaction. IRBIS doesn't replace your decisioning tool, it feeds it better data.

What signals does IRBIS return for e-commerce?

Phone intelligence (carrier, VoIP detection, active status, messaging app presence), email graph (linked social accounts, platform footprint), IP geolocation and VPN/proxy/Tor detection, phone-vs-IP country mismatch, breach exposure count, and name-vs-phone match score.

Can IRBIS detect synthetic identities?

Yes. Synthetic identities have thin digital footprints — VoIP numbers, emails with no linked accounts, IP locations that don't match the phone country. IRBIS surfaces exactly these signals so your model can catch synthetic identities that pass document and card checks.

Does it work for international orders?

Yes. IRBIS covers 200+ countries. Cross-border orders are where most providers fall short — the phone-vs-IP country mismatch check is particularly useful for international fraud detection, where the phone country, IP country, and shipping address rarely all match for fraudulent orders.

Is it a replacement for Stripe Radar or Signifyd?

No. IRBIS is identity intelligence infrastructure. Stripe Radar and Signifyd make fraud decisions. IRBIS gives them richer identity inputs. Most teams call IRBIS before passing enriched data to their fraud engine — the two work together, not instead of each other.

How fast does the API respond?

IRBIS uses an async model — POST a lookup and GET results when ready. Most enrichments complete within 10–30 seconds. The lookupId approach means your checkout flow never blocks waiting for a data lookup to finish.

What's the pricing model?

Credit-based — you buy a bundle of credits and spend them per lookup. No monthly minimum. No charge if a lookup returns no data. Free trial credits on registration — no credit card required. Full details at espysys.com/pricing.

Stop Chargebacks Beforethe Order Ships