* disallow registration with disposable email addresses (increases the cost for fraudsters). See: https://github.com/disposable/disposable
* disallow or flag transactions depending on ip-rating services. See: https://iphub.info/api (you could cache sketchy addresses to prevent exceeding the requests/day limit)