0

Scenario - a user has come to the site multiple times over a period of 6 months. 72 logins over 10 different IP's.

We have identified them as a fraud, and have suspeneded their account. But they could always come back with a different email.

Now this isn't simply to prevent a random user from being an A*hole .. its actually that they used our service to solicit funds through our service (think Kickstarterish).

Any best practices, considering they probably will have a new IP next time they visit?

4

1 回答 1

1

You can never be absolutely 100% sure, there is no fingerprinting on the internet and even that can be fooled.

IP is just an address, it is perfectly legal to have more than one. The same with emails - it is legal to have mail boxes.

Generally, the best you can do is something similar to what PayPal is doing when registering users, require a valid on-line payment method (card/bank account), charge a nominal fee to this account with unique reference, activate user account ONLY when they entered the unique reference from the payment, refund the payment after a period of time. And obviously store and don't allow reuse of the same on-line payment method (card/bank account) - I would suggest to store a hash instead of actual card/account numbers to avoid any privacy issues.

于 2012-08-01T15:19:12.673 回答