3

The website that I am currently designing has run into a bit of a snag - basically my client has mad it clear that he needs a one person = one account feature, now I'm not the best at analytic's (despite my programming background) so I could really use some suggestions.

We are programming in PHP, and I'm 100% aware that there isn't a solution that would 100% prevent the problem, but I need as close to the 100% as I can get and so far I have tried...

  1. Placing cookies to the users browser. Workaround - Switch browser.
  2. Tracking IP. Workaround - change IP, reset router etc. (Also, more than one user per IP is permitted).
  3. Using analytic's to try and track actions such as Account A being logged out, then a minute later account B logging in from the same IP. (This seemed to be the most effective, but it took a few people to keep it going so I'd like to automate it as much as possible or if possible eliminate the need for manual monitoring.

The problem is that the users of my clients site will be paid depending on different actions and my client has already decided on a $10 minimum withdraw amount, and payments will be handled via PayPal.

So basically multiple account usage could cost my client a lot of money if the site goes live without these features.

I would also like to keep this back-end (possible cron-tab). Just to be clear.

Any help/input/suggestions at all will be massively appreciated.

Tah

PS- I have already checked out this question (Account verification: Only 1 account per person) which is where I got the idea for point 3 from.

Community
  • 1
  • 1
Dom
  • 7,135
  • 1
  • 11
  • 13
  • 2
    Implementation three is what a lot of social networks like Instagram, Twitter, etc. use to track duplicate accounts, though they have advanced algorithms that track usage behavior as well as IP logins. I work with many networks that also pay users and the majority require a SSN to legally track taxes, etc. if the payees are US-based, so this should be implemented and then can be used to track duplicate accounts. Also, you will have duplicate accounts requesting payment to (likely) the same PayPal address, which will help identify them. – Chrysus Apr 25 '13 at 16:48
  • Yes the registration system we have currently will check the persons submitted PayPal address against our database to ensure that each paypal address is only linked to one account.. however, can't users just create multiple paypal accounts and then deposit it all into a single 'master' account? – Dom Apr 25 '13 at 16:53
  • Yes, they can create up to 2 accounts (Personal and Business) and add multiple e-mail addresses to each account, however, beyond that it is often very hard to create any more accounts because the accounts will get limited for one reason or another. So that's definitely not an end-all, but just another measure. Also, you could also just require user's login via PayPal (through their API). This way you get the ID of the PayPal account (so even the use of different e-mail addresses returns the same account ID) and can block duplicate sign ups. – Chrysus Apr 25 '13 at 17:05
  • @PatrickGolden Ah yes, I forgot about the PayPal [Express Checkout API](https://www.x.com/developers/paypal/development-and-integration-guides#ec). Can use this to confirm a users email address and require them to use the same email as their PayPal account! Thanks for your help, I'll let you know of the solution I finally implement! – Dom Apr 25 '13 at 21:39

2 Answers2

1

The only way to really prevent a person from signing up for multiple accounts would be to ask them for personal information specific to them. I ran into this issue and ended up having to track social security numbers to prevent multiple accounts. Granted, the project I was working on was for a school and the school already had this information. Also, for a new user signing up, it wasn't unusual to them to give this information.

Reading some of the comments, I can say that even if PayPal had a way to track duplicate accounts, it is highly unlikely that you would be granted access to this information, even just to say "yes this is a duplicate" or "no it is not a duplicate".

I really think SSN would be your best bet.

Sugitime
  • 1,818
  • 4
  • 23
  • 44
  • I think that paypal have their own methods for detecting multiple accounts, so having a minimum payment amount after linking their paypal account will hopefully give paypal a bit of time to deactivate the account in question. – Dom Apr 25 '13 at 22:34
  • But if I create 2 accounts on your website and I have 2 paypal accounts, how will you know I am just 1 person? I doubt paypal would release that information. – Sugitime Apr 25 '13 at 22:50
  • But paypal try to keep 1 account per person, which means that your bank account can only be linked to one paypal accoun, and as my site requires paypal auth, you wong be able to sign up with an email/paypal account that is already in use on my site. – Dom Apr 25 '13 at 22:59
  • Yes thats true, but what I am saying is that even though PayPal has this information, it is very unlikely that they will share it with anyone else. – Sugitime Apr 25 '13 at 23:00
  • I'm not requiring them to share it with me, hopefully they will ban/suspend the multiple accounts on their own site of their own accord, meaning that they will no longer be able to process payments on my site :) – Dom Apr 26 '13 at 08:14
  • They do not, as an fyi. I have multiple accounts. I have for years. – Sugitime Apr 26 '13 at 15:13
0

AFAIK iovation uses a set of tracking methods, including Flash cookies and browser fingerprinting to track the users and the devices used. Although budget-wise it might not be your best option, you may consider the techniques themselves.

I'd suggest the business to create incentives for using a single account, which might pay off better than (costly?) fancy tracking software.

ptrk
  • 1,800
  • 1
  • 15
  • 24