1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

one account per person - possible?

Discussion in 'General Business' started by everyday, Jun 21, 2006.

  1. #1
    Hi all

    I'm in the early stages of planning a web service. Because of the nature of the service, it's going to be targetted by scammers. To make life harder for them, i need to enforce a 'one account per person' rule. I know I'll never be able to acheive that but I want to make it as hard as possible.

    I thought about using credit card verification but I dont like it for several reasons:

    1) it'll put people off signing up
    2) I've made several enquiries and have yet to find a payment processer who can provide address verification for more than 2 or 3 countries. This'll mean a different payment processor for every country I want to operate in
    3) Prepaid credit cards are getting more and more common.

    does anyone know of any other options? The solution needn't be perfect, just one which makes it difficult to sign up a large number of accounts. I have other anti-scammer measures which I'll be putting in place too.

    thanks for reading
    damien
     
    everyday, Jun 21, 2006 IP
  2. Crazy_Rob

    Crazy_Rob I seen't it!

    Messages:
    13,157
    Likes Received:
    1,366
    Best Answers:
    0
    Trophy Points:
    360
    #2
    What type of service are you selling (if you don't mind me asking)?
     
    Crazy_Rob, Jun 21, 2006 IP
  3. -Abhishek-

    -Abhishek- Regaining my Momentum!

    Messages:
    2,109
    Likes Received:
    302
    Best Answers:
    0
    Trophy Points:
    0
    #3
    ^^ SAA
    You cant enforce OAPP system, but you may warn you members that if you dind two logins from the same IP they'd be banned and stuff!
    As asked by Rob, may I know what kind of services we are talking about here?
    Abhishek
     
    -Abhishek-, Jun 21, 2006 IP
  4. aboyd

    aboyd Well-Known Member

    Messages:
    158
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    138
    #4
    Do email, and verify the email address. So after they sign up, send an email to their account, with a link they have to click to confirm. You process those clicks, and flag them in the database as legit, verified accounts. Anyone who does not verify their account does not get access, and is eventually dropped from the database.

    If you track the email addresses and don't allow duplicates, that's getting close to your goal. It's not perfect, of course.

    -Tony
     
    aboyd, Jun 21, 2006 IP
  5. everyday

    everyday Guest

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    thanks all for your suggestions.

    I don't want to say exactly what kind of service I'm working on but it's a financial product which is why I know it'll be a target for scammers. It's also why there has to be a bigger barrier to entry than a unique email or ip address. Something that can't be faked easily or acquired en masse. I think I'll have to stick with credit card verification. It's the only viable option at the moment
     
    everyday, Jun 21, 2006 IP
  6. shamess

    shamess Well-Known Member

    Messages:
    1,127
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    185
    #6
    Email addresses are really a terible way to make OAPP, since I own every address from allroundnews.co.uk and its redirected to my gmail, I have infinate email address. Then of course there's '+ tags' for gMail, and gMail allows dots in your email address, so in reality, I own millions of variations of my email address.

    If your product is financial, wouldn't the user having a credit card be a good idea anyway? Also, I suppose you could snail mail the user an activation code... Its more time taking and expecive but unless the user has a lot of places to live, there's no way they can make multiple accounts.
     
    shamess, Jun 22, 2006 IP
  7. randomlande

    randomlande Peon

    Messages:
    118
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #7
    It's really easy to get email addresses. The IP method seems best
     
    randomlande, Jun 22, 2006 IP
  8. shamess

    shamess Well-Known Member

    Messages:
    1,127
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    185
    #8
    I've not idea how Ip addresses work, but to my understanding, don't ISPs rotate IP addresses periodically? So IP method wouldn't really work, ne?
     
    shamess, Jun 22, 2006 IP
  9. Wyla

    Wyla Well-Known Member

    Messages:
    924
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    140
    #9
    Make a system of different barriers.
    First and foremost, get email verfication. Next IP, Next CC, Next Address.

    What you can do, is just allow a certain IP to access a part of your site. So they login through IP and not username/password
     
    Wyla, Jun 22, 2006 IP
  10. Crazy_Rob

    Crazy_Rob I seen't it!

    Messages:
    13,157
    Likes Received:
    1,366
    Best Answers:
    0
    Trophy Points:
    360
    #10
    Can you explain that a bit more?
     
    Crazy_Rob, Jun 22, 2006 IP
  11. aboyd

    aboyd Well-Known Member

    Messages:
    158
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    138
    #11
    IP, yes. But "not username/password," no.

    Do both. Log them in via username/password, and track not only that, but the IP as well. Lithium software does this. They have a forum software product. I might login via my laptop at home. Then I take the laptop to work, and login there, but it blocks me. It sees I'm at a new place, and it requires me to reauthenticate.

    -Tony
     
    aboyd, Jun 23, 2006 IP
  12. falcondriver

    falcondriver Well-Known Member

    Messages:
    963
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    145
    #12
    if you have some javascript and php skill, try this:

    make your signup-form and add a javascript which gets all the browser properties possible, like language, screen resulution, colours, os and version, browser and version - all this stuff and add it in a hidden field to your form.

    write all this values in one variable, something like
    
    $browservar=$os.$osversion.$browser.$browserversion.(everything you got)
    
    PHP:
    to make this string shorter and easier to handle, get the
    md5($browservar)
    PHP:
    add this value to an extra field in your user database.
    you can have about 11.000 different md5's for all the computers out there (but some more common than others; winxp with ie6 should be the most common), so if you get a lot of sign ups with the same md5 then there could be something wrong.

    here is a free database to translate ip-adresses to countries, but this could be useless if some spammers use proxies:

    http://www.maxmind.com/app/geoip_country

    hope this helps (on my hunt for green rep) :)
     
    falcondriver, Jun 23, 2006 IP
    Crazy_Rob likes this.