Without relying on any document issues from government, without excluding disabled person, and without requiring the admin to personally know each users.<p>Using credit card doesn't tell if two accounts are created by distinct person. And it exluced person without credit card.<p>There are some (incomplete) approach to check if the user is a person or a bot, but not if the users are distinct person as of my knowledge.
The way I've seen this done is usually to outsource it to some third party like <a href="https://network.id.me/platform/identity-verification/" rel="nofollow">https://network.id.me/platform/identity-verification/</a> that does the verification by proxy, handles all the compliance and privacy stuff, and then tells the website operator "this user is verified as a _______".<p>I don't <i>think</i> your documents get shared with the website directly, just your verification status, but I'm not 100% sure about that.<p>And I think the verification process mixes and matches ID checks, employment records, credit records, text messages, etc., kinda like how a bank asks you "Which of these streets, if any, did you ever live on?". There are different questions for different kinds of verifications.
Not AFAIK and with websites that make <i>AI</i> easier and easier it will be exceedingly more difficult to enforce such things. I think the site and it's services or products would have to be designed to incentivize one-person to one-account meaning that having more accounts would be a loss of benefits and just adding friction, effort and wasted time. Or conversely staying on one account and making more purchases and more customer reviews from that account means more discounts and benefits, maybe even some type of <i>automated</i> voting influence over what products and/or services get discounts that week meaning the site favors the real accounts that use the site the most.
You'd require a secure biological hash like the stuff worldcoin is doing (iris biometrics). Otherwise I don't see how this doesn't end in a detection-circumvention arms race.
If you can tie login to a person's phone (passkey, google authenticator, text message, etc) than you can raise the bar. Most abuse is by a very small number of people who will not make it difficult to detect (like cycling through accounts during batch processing, many accounts from the same ip). Logs will be your friend and you really only care about the worst offenders, the rest won't be worth the time, effort, false positives
Nope. Almost everybody has more than one device (laptop, phone, and maybe a tablet) with more than one IP (both home wifi and phone data). Everyone has multiple email addresses.<p>You could get by with requiring a unique phone number, but that still risks excluding users, and can get expensive if you intend on catering to an international audience. Even in that case, some people may have a landline and a cell phone, or they may use a friend/spouse/relative’s phone to circumvent your limits.