dcsimg
Preventing aggressive users from registering multiple accounts?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Bryan_Conzone
Posted On:   Tuesday, July 13, 2004 08:36 AM

The question must be common, however, I have not found any good solid answers in my online research. The problem I am trying to solve is how to best prevent aggressive users from registering multiple accounts deliberately? What are the best validations to try and prevent this? One case example would be that there is a user "John Smith" who signed up for an account on shoppingsite.com. User: jsmith Pass: Address: 1 Smith Lane   More>>

The question must be common, however, I have not found any good solid answers
in my online research.

The problem I am trying to solve is how to best prevent aggressive users from
registering multiple accounts deliberately?

What are the best validations to try and prevent this?



One case example would be that there is a user "John Smith" who signed up for an account on shoppingsite.com.


































User: jsmith
Pass:
Address: 1 Smith Lane
City: New York
State: NY
Zip: 11201
Email: jsmith@jsmith.com
Phone: 555-555-5555

Later in time John Smith's account is blocked for some type of illegal activity
that goes against the user agreement. However, John Smith just figures "hey
I can register another account with a different name", etc. Like follows:



































User: jsmith2
Pass:
Address: 2 Smith Lane
City: New York
State: NY
Zip: 11201
Email: jsmith2@jsmith.com
Phone: 555-555-4444

Now as a site admin I am faced with the problem that there can be one person
with any number of accounts and everytime one gets blocked they can just go
and create another.


The obvious simple checks for duplicate users would be steps like:


- can't have multiple users register with the same email address.

- can't have multiple users register with the same username.


However, beyond this what should be done and how? The following are a couple
of examples that I have heard of but nothing concrete:


- There is some system that you can put into place that will verify that the
city a user enters is actually in the state and zip code that is also entered.
(this would help prevent users from randomly putting in data that matches a
general criteria)

- Checking that nothing exists in the database with the same "firstname",
"lastname", "address", "city", "state",
"zip" combinations.


With so many free email systems out there and anyone could find a valid address
anywhere in the country even if it's not there own, any confirmation emails
send they would be able to respond to. How can you best keep these type of users
from not registering multiple times of your site? I don't know if there is a
foolproof method, but at least something close.


Now if we could do something like matching the persons social security #, with
the name entered, and the address entered, and a credit card number in their
name I think that would be a good method, but I don't see that happening any
time soon :-)


Any help any of you can provide would be great! Thanks.


Bryan


 

   <<Less
About | Sitemap | Contact