Ask HN: limiting new account registrations

If you're really that concerned about multiple users, I think doing the CC check would be the way to go.<p>The larger question I think you should be asking, however, is why this guarantee is so important. You're setting up a huge barrier to new sign-ups - if I came upon a site asking for my CC details, even if it was through PayPal, it would take a hell of a lot for me to move forwards and not lose interest in the service. So you had better make sure that your product is so compelling that it will cause your users to get up from their computers, go get their wallet, and give you their CC number; be warned, this is one hell of a threshold. If you've gone that far, however, I wouldn't bother refunding the money - almost all users who you've engaged enough to get their credit card number won't mind giving you a nickel or so for your services, which you'll probably need to cover the costs of your CC fees anyways. If you do this, I'd 100% go with PayPal - it's easy, and it provides me (the user) with some degree of reassurance that you're not just going to steal my CC number.<p>Even if you do this, however, you still need other checks. I have three different credit cards, all hooked to different addresses and with using different variations of my name. Many banks allow users to generate one-time credit card numbers for online purchases. Multiple people could live at the same address and have cards, and they could even have the same names (like when sons are named after their fathers). Don't forget to analyze how important it is not to have duplicated, or conversely, how much of a problem it would be to have them - as this gets higher, you're going to have to make some tradeoffs (for example you could make a rule that says only one registration per household, and accept that you'll be losing out on users where there is more than one party in the household who wants to use your service).<p>As a point of comparison, the last service that I signed up for that needed this severe of a uniqueness guarantee - the old ICANN@large, anyone? - did a web-based signup, which led to a code getting mailed to you. Additionally, they restricted it to one-signup-per-household, and didn't accept PO boxes.<p>Bottom line is that this is a difficult problem, which generates a very high barrier to entry. So if you've done the analysis and concluded that it's 100% necessary to do this, you may as well embrace it and charge a bit.

Generally speaking, if somebody wants multiple accounts, they can get them easily enough. It would help to know a little bit more about why you're trying to block multiple signups.<p>I'm in the US, and I write checks to my customers. We're required to submit information to the IRS on a quarterly basis, so we collect payee identification, which is either a Social Security number or Employer Identification Number. It's one thing to lie to an Internet company, its another to lie to the IRS. That discourages a lot of people from trying to game the system. Perhaps there's a similar mechanism available in the UK.<p>Focus on detection. Scoring new accounts for possible/probable fraud, and flagging them for review works wonders. Scaling this approach requires more human effort, but it's worth it when you get in to large dollar amounts.<p>It also helps to have some leverage in your terms of service.

SMS isn't a very good solution. Only slightly better than a simple e-mail verification. There are a number of services that would allow someone to receive texts on unique phone numbers. I'm assuming you have a good reason to limit accounts which means inevitably someone thinks they have a good reason to get around your limit.<p>This might be a silly suggestion but I would prefer, as a user, to be asked to submit a photograph of myself holding up a sign with some unique keyword you generate when the user attempts to signup. I honestly think this is less off putting than exchanging CC information. Depending what type of site you're doing it could actually be a fun mysterious way to promote it.

Why is the SMS confirmation code method less stringent than a CC check?

Maybe an email account that should be unique... i.e. a school or employer? @google.com or @berkeley.edu. Although people might have multiple schools/employers or a mix of both. This also might not work for certain demographics (ones without email!) but I am not sure who your audience is.

The only way I know of to prevent duplicate accounts is to give people a code to redeem that is tied to a physical address. In other words, mail them a post card with a redemption code on it and only mail one card to one address. I'm sure this can be readily abused too though!

This is almost certainly overkill, but you can do what Google does for services like adsense. They deposit a small amount of money in your bank account, like $0.02 and then you have to tell them what the amount was for verification.

Out of curiosity, why is it so important to prevent users from signing up multiple times? Is it a scaling issue, or...? I ask, because there may be an alternative (and less invasive) way of reaching the same goal.

In the USA it's really easy to get a business bank account. Just go into the bank and tell them you want a business bank account and they will set you up with a free business account. Is it harder in the UK?

&#62; For a project I'm working on I need to make sure as far as possible that users are not able to signup multiple accounts.<p>For your convenience or theirs?

Actually, if you want to be <i>really</i> stringent, you should charge a small fee without any refund. I take it you don't want to go that far, though.

I have 2 credit cards.

Paypal?