We're looking for a good way to stop fraud on our website. We have a site with constant traffic coming in - we have regular access to the normal info (IP, session, cookies etc), plus info that the users have provided.
We need to be able to detect duplicate users in real time. Basically, people are coming in pretending to be different people in order to earn money on each account. We have to stop duplicate users and robots from entering our system.
To stop or slow robots, we implemented a CAPTCHA. This helped a bit.
To try preventing duplicate accounts, we created an IP trending system. It temporarily (and silently) suspended any account with duplicate activity within the past 10 minutes. It also incremented a "duplicate" counter on all accounts with activity on that IP - this flag lights up accounts quickly if they have too much duplicate activity.
However, the above fix doesn't work when someone comes in a day later. It also doesn't work if people use proxy servers or different IP's. It generates tons of false positives with AOL accounts (and other ISP's that use shared IP addresses). Is there anything else that we can do to help slow or stop duplicate and robotic fraud in real time?
If we can stop them in real time, we can keep our advertisers happy (fraud never happens). If we can stop them within a few days, we can at least stop payment to these duplicate accounts, making it pointless to keep trying.
Any help on an automated solution detecting this fraud will be appreciated.