A full inventory of what Veritus does — from the enrichment pipeline and the ML model to the dashboard, the rules engine, and the integration surface. If something here isn’t clear, ask: info@veritus.uk.
Enrichment signals
Every check runs through every signal, every time. The model decides how much weight each signal carries for the final verdict — you don’t have to.
Syntax, MX records, disposable-domain detection, role-account detection (info@, sales@), free-provider classification, and an estimated account-creation age from public registration signals.
E.164 parsing for 240+ countries, mobile vs landline vs VoIP classification, carrier lookup, country-of-registration check against the form country.
UK postcode validation via Royal Mail PAF-equivalent data plus 30+ international postal systems. Deliverability score, region match, premise-level confidence.
Geolocation, ASN lookup, datacentre/hosting-provider detection, VPN/proxy/Tor exit-node lists refreshed hourly, residential-proxy heuristics.
k-anonymity lookup against billions of leaked credentials via Have I Been Pwned. Only the first five chars of the SHA-1 are sent; the password itself never leaves your browser.
Geographic alignment of IP country, phone country, address country and form locale. Mismatches are flagged but not auto-blocked — the model decides whether they matter.
Time-to-fill, paste vs type, keystroke cadence, focus-change patterns, hidden-honeypot interaction. Widget-only; not available via API.
Scoring & verdict
Gradient-boosted decision trees trained on a labelled corpus of confirmed real and confirmed fraud signups. Calibrated probability output, scaled to a 0–100 score.
Every score comes with a list of human-readable reasons: ip.tor_exit, email.young (3d), geo.mismatch (GB/RU). Defensible, auditable, explainable.
Drag the block and review thresholds in your dashboard. A/B-test the impact on conversion vs fraud rate side by side, per signup form, with no code change.
Every confirmed verdict becomes a training label. Your accumulated allows and blocks retrain a customer-specific model layer nightly, so Veritus learns your patterns.
p50 73 ms, p99 under 150 ms end-to-end including all third-party enrichment lookups. Cached enrichments served from Redis. Stale-while-revalidate where appropriate.
If the Veritus API is unreachable for any reason, the widget defaults to allow rather than blocking real customers. Configurable per form: choose fail-open, fail-closed, or fail-to-review.
Dashboard & controls
Every check streamed to your dashboard in real time. Filter by verdict, score range, country, form, or reason code. Click any row for the full signal breakdown.
Pattern-match by email, domain, IP, ASN, or phone prefix. Apply globally (admin only), to your whole customer account, to a specific domain, or to a single form.
Signups scoring between your review and block thresholds are held for human review. Approve or reject in one click; decisions feed back into training.
Push every verdict to your endpoint as it happens. Signed payloads, HMAC-SHA256 signatures, retries with exponential backoff. Use it to drive your own ops dashboards or Slack alerts.
Issue separate live and test keys, scope them per form or per environment, revoke them instantly when a developer leaves. Full audit log of every key’s usage.
Different signup forms (signup, password reset, contact, newsletter) can have different thresholds, different rule scopes, and different fail behaviour. Configure each independently.
Infrastructure & integration
Two nodes (UK + Helsinki). PostgreSQL streaming replication, Redis master/replica, mutual TLS between nodes. Either fails, scoring keeps flowing — no DNS change, no manual cutover.
All scoring, all training data, all customer data in the UK. No US data residency, no Cloud Act exposure. GDPR-aligned by default.
One <script> tag. WordPress, Webflow, Wix, Squarespace, plain HTML. Hooks any <form> tagged data-veritus="signup".
POST /v1/score with a JSON payload, get a JSON response. Bearer-token auth. Idempotency keys. Versioned URL path so we can evolve without breaking you.
A drop-in plugin for WP Forms, Gravity Forms, Contact Form 7, WooCommerce checkout, and the core WP registration form. No JS pasting, no theme edits. Coming Q3 2026.
We score what you send us; we don’t track users across the web. No third-party cookies set by the widget. No persistent identifiers. The widget’s payload is minimal and documented.
No credit card, no trial countdown, no expiry. Every account gets 1,000 fraud checks per month for life. Upgrade when you outgrow it.