I tried it out. Yes they do support a live check, but it seems... inadequate? The first Google search result for "disposable email address" yields https://temp-mail.org, and an email addressed created with that service is not recognized as disposable.
When we were having our stolen card testing it was from people using made up gmail handles and ELV handled those easily. I guess it views temp-mail emails (and probably others) as real, which is unfortunate.
I’ve run into this problem before and there’s ways to stop it. Sure your email blocklists work to an extent assuming they’re up to the minute accurate (which they’re not).
I’d look into fingerprinting (https://github.com/fingerprintjs/fingerprintjs), block by ASN if it makes sense for your business (does OVH really need access to my SaaS?), use an active disposable email checker and possibly flag risky orders for manual payment capture if at all possible.
Thanks! I actually just ran into another problem with ELV, a request to their "single email verification" API timed out repeatedly. So not a good experience so far, will probably not keep using it.