[RESOLVED] Phoney User Registrations - [Advice Needed]

[modpluz]

Hello Guys and Compliments of the Season,
Please i have a website where people register for free and get free SMS(send free SMS to any user across the globe).

When you register, you get 5 free SMS units, then you'll have to purchase more SMS units after exhausting your free units.

Here's my problem, i have found out that some users are creating multiple accounts just to get more free SMS units.

So my question is: How do i stop this from happening?

i already check for duplicate email address and mobile number.

What else do i need to do to stop these type of users?

Thanks

[si_the_geek]

You can't stop them, all you can do is make it harder for them - which will persuade some of them not to bother, and some to not do it so often. If you aren't careful, you will also persuade (or force) legitimate users to not sign up.


In addition to the things you are checking already, you could check the IP address that they are using to register.

This is not entirely reliable, as some ISP's give out a different IP address each time you connect to the internet (and then give your previous IP address to somebody else). There are also situations like schools and internet cafes, where it is expected that over time multiple people will re-use the same IP address.

So if you do check it, you should only block people if the IP address has been used multiple times (say 5 or more).


Another thing you could do is to make the registration process a bit harder, by adding extra CAPTCHA or email steps etc.

This is really only worth considering if you have people using programs to register, because the effect on manual registrations will affect all users - so you will probably lose lots of valid users too.

[Shaggy Hiker]

Every store that sells anything of value has to deal with shoplifting, and you are no different. Before you dive into more extreme measures, make sure that the loss you are suffering is worth the cost of a partial solution. Some businesses just write-off a portion, others implement policies that cause serious backlashes. You are going to have to strike the balance that works best for you.

[mendhak]

May also help if you disallow those temporary-email sites like mailinator, which they might be using.

If you're checking for their mobile phone numbers, are you verifying the numbers as well, such as sending a code which they need to enter to activate their account?

[modpluz]

Thank you for your replies,

In addition to the things you are checking already, you could check the IP address that they are using to register.

yeah, i thought about that but am really concerned about those legitimate customers that will be signing up from an internet cafe(just as you mentioned above).

At the moment, i check for mobile number(activation code is sent to this number which makes it's practically impossible to use duplicate/fake number).

i also check for duplicate email as i mentioned in my original post above, but i am thinking of taking this a step further by sending account password to this email address(after activation of course).

Although, i know this will seems like a daunting task for legitimate users and i might end up losing some real good customers, but i think its something i have to deal with for now.

Please i am open for more suggestions.
Thank You

[NeedSomeAnswers]

i also check for duplicate email as i mentioned in my original post above, but i am thinking of taking this a step further by sending account password to this email address(after activation of course).

Although, i know this will seems like a daunting task for legitimate users and i might end up losing some real good customers, but i think its something i have to deal with for now.

Not at all, loads of sites make you activate by sending you an email and asking you to click on the enclosed link to verify yourself.

I think that this is perfectly reasonable kind of behaviour for a sign-up process, users will have had to do something similar for facebook/myspace & virtually any other social site on the net !

[Nightwalker83]

Another thing you could do is to make the registration process a bit harder, by adding extra CAPTCHA or email steps etc.

This is really only worth considering if you have people using programs to register, because the effect on manual registrations will affect all users - so you will probably lose lots of valid users too.

Yes, however, most lazy people can't be stuffed doing the same thing more than once or twice. Legitimate users won't mind having to fill out a security check password, etc if it means they aren't getting ripped off by people abusing the system.