Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Using IP or Some Other Variable to Prevent Fraud  RSS feed

 
Al Johnston
Ranch Hand
Posts: 99
Flex Java Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm not sure that I'm in the right forum for this. I'll describe my problem and if the moderator moves me, so be it.

We released a monetization platform that is doing very well and getting a lot of adoption. It allows users to complete surveys or sign up for products on game sites and at game news portals. You can see a version of it here: www.mmoabc.com (requires registration). Click the "rewards" tab to see one of our platforms and the "store" tab to see another.

The point behind this platform is to allow advertisers to make money by gaining customers and the publisher to make money by sending traffic to the advertisers where they receive a commission from us (we pass through the bounty). In any event, there are a lot of free offers that users are allowed to do where they can earn a virtual currency based on the value that the free offer pays out. These may be surveys (or sales paths that seem like surveys), lead gen, etc. There are also paid offers.

As you can imagine, free offers are popular with users who want to get a bigger sword (who doesn't want a bigger sword?) so they can battle it out on their favorite game. But, here's the problem...

Fraud is massive! What users do is create multiple accounts on a game and do the surveys over and over again with different accounts. This allows them to go into the game and trade virtual items between their characters so that they build up character strength and features. As soon as any one user ID completes an offer, I remove it from the iframe so the user never sees it again. I also geo-target the offer based on the user's IP address. But, when the user creates multiple accounts, they see the offer over and over again despite any other measures I take (other than the geo-targeting). This causes advertisers to get upset as they know that the same user is doing the offer multiple times. I need a good way to find out if this is the same user trying to do the offer +n times.

I am hoping someone can assist me in coming up with thoughts on how to do this. Here's what I thought of:

1. Ban the offer from that IP address. Problem: I could be banning the offer from millions of users who share an IP address (AOL users for example all have the same IP address as do any users on the same network).
2. Install an ID cookie. Problem: Very easy to remove cookies.

Other than those two ideas, I'm stuck. Does anyone have any suggestion on how I can test a user as unique via their browser, or some other factor?

Thanks,
Al
 
Himanshu Kansal
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well I don't know if it's the best, but getting real world information might help. Information like maybe contact details! There can be mechanisms put in place to verify.
 
Al Johnston
Ranch Hand
Posts: 99
Flex Java Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem with collecting real info is the privacy policy of the site we're displayed on. We can only get the UID and other non-personally-identifying information.
 
Himanshu Kansal
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does the privacy-policy prohibit even storing of information in an encrypted form or only privacy i.e sharing of information?

If latter is the case, then there should not be aproblem. In the former case, something else shall be thought of
 
Al Johnston
Ranch Hand
Posts: 99
Flex Java Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sharing of information is the policy. However, if we collect the information from the user, how do we ensure it's really that user? For instance, we have a lot of free dating offer submits. The users will create multiple email accounts and just sign up over and over again. What are your thoughts?
 
george mcquade
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We developed Access Manager precisely for this reason. AM ties your user to their pc nic mac address, presents login frame (which talks to your database) and upon good authentication launches a browser into your site. We are in the process of generalizing the application to be used with many different web login environments (currently only asp and php supported).
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!