I'm not sure that I'm in the right forum for this. I'll describe my problem and if the moderator moves me, so be it.
We released a monetization platform that is doing very well and getting a lot of adoption. It allows users to complete surveys or sign up for products on game sites and at game news portals. You can see a version of it here: www.mmoabc.com (requires registration). Click the "rewards" tab to see one of our platforms and the "store" tab to see another.
The point behind this platform is to allow advertisers to make money by gaining customers and the publisher to make money by sending traffic to the advertisers where they receive a commission from us (we pass through the bounty). In any event, there are a lot of free offers that users are allowed to do where they can earn a virtual currency based on the value that the free offer pays out. These may be surveys (or sales paths that seem like surveys), lead gen, etc. There are also paid offers.
As you can imagine, free offers are popular with users who want to get a bigger sword (who doesn't want a bigger sword?) so they can battle it out on their favorite game. But, here's the problem...
Fraud is massive! What users do is create multiple accounts on a game and do the surveys over and over again with different accounts. This allows them to go into the game and trade virtual items between their characters so that they build up character strength and features. As soon as any one user ID completes an offer, I remove it from the iframe so the user never sees it again. I also geo-target the offer based on the user's IP address. But, when the user creates multiple accounts, they see the offer over and over again despite any other measures I take (other than the geo-targeting). This causes advertisers to get upset as they know that the same user is doing the offer multiple times. I need a good way to find out if this is the same user trying to do the offer +n times.
I am hoping someone can assist me in coming up with thoughts on how to do this. Here's what I thought of:
1. Ban the offer from that IP address. Problem: I could be banning the offer from millions of users who share an IP address (AOL users for example all have the same IP address as do any users on the same network).
2. Install an ID cookie. Problem: Very easy to remove cookies.
Other than those two ideas, I'm stuck. Does anyone have any suggestion on how I can test a user as unique via their browser, or some other factor?
Sharing of information is the policy. However, if we collect the information from the user, how do we ensure it's really that user? For instance, we have a lot of free dating offer submits. The users will create multiple email accounts and just sign up over and over again. What are your thoughts?
We developed Access Manager precisely for this reason. AM ties your user to their pc nic mac address, presents login frame (which talks to your database) and upon good authentication launches a browser into your site. We are in the process of generalizing the application to be used with many different web login environments (currently only asp and php supported).