An online free-trial anti-abuse system design.

I am currently selling time based access passes to an online service at micro payment prices.

After payment the customer gets a set of credentials that is only valid for the purchased period. When the access pass expires the customer has to buy a new set of credentials. So basically the credentials are one-time(period) use only.

I would like to offer a free-trial of x minutes to this service so potential customers can realise it works fine, possibly increasing total sales.

My question is, how would you stop abusers?

That is, people should only be allowed to try for free once, and if that is not possible at least make them go through a process/test which (as in shareware) is too cumbersome or annoying for them to keep trying it.

Obviously there is always someone who will bypass it. I am looking for a solution for the majority of people who are either not IT savvy, time constrained, or simply too lazy to bother abusing it, instead of simply paying the tiny fee.

I have some approaches in mind but would like to be inspired by other people too.

The service is developed with LAMP.

If you look around, everybody who gives out free trials binds them to a credit card - not to charge them, but to verify the user's identity. That's about the only feasible way to prevent abuse I can think of.

Any other idea will depend on the kind of service you are offering. StackExchange for example can offer a 45 day trial without a credit card no problem, simply because the effort to build a SE site is so huge, starting multiple trial periods (and having to configure a new site and build a new community every time) just wouldn't work.

Something similar could be unique login names that you can register during your trial period, and would have to give away if you don't convert it into a pay subscription, things like that. Really depends on the nature of your service.

Thanks Pekka, but none of the three options apply in my case. 1) I do not have the customer's card details, only the payment processor has them. 2) There is no concept of session or "coming back". They simply have access to use the service for the paid period and that is really it. 3) Credentials are system generated random unique IDs which are "thrown away" after use.

mr-euro 2010-02-16 22:30:18

@mr-euro I see. Well that makes it really difficult, then... Short of actually faxing some ID, I can't think of anything to prevent abuse, and even that can be faked easily. Maybe you'll have to add some personalization feature that people would miss when ending a free trial period.

Pekka 2010-02-16 22:36:08

@mr-euro What you're describing actually encourages abuse. You'll want people to create a user account on your site that acts as a container for the time-based access passes.

Sonny 2010-02-16 22:53:50

It needs to be kept in the "online" world though, so faxing is excluded. Anyhow it would be an administrative burden. The service is currently fully automated with no sys-admin interaction at all (apart from when something breaks). Thx though.

mr-euro 2010-02-16 22:54:05

@Sonny Even if I created a more personal account, how would that block a customer simply creating a new free trial...?

mr-euro 2010-02-16 22:57:38

@mr-euro It wouldn't block abuse, just not encourage it. If I visited the site with no user account was greeted with two options, free trial or purchase time, why would I ever purchase time? If I have a user account and get a free trial with that user account, I'd be more likely to purchase access once that runs out. A person could create multiple accounts to get more free trials, but that would require them to do that work to get it.

Sonny 2010-02-16 23:50:52

@Sonny There is no such concept of user account for the service. It is simply a pass the customer buys. Think of it as a ticket to an event. I do not need to know who buys the ticket, how it is paid for, or who uses it. It is simply available for that period only, whether it is used or not. My question in a nutshell is, how could I give out a free ticket, but somehow limit access to those free tickets to only one per customer. Or at least make it cumbersome enough to get the free ticket, that people would prefer to simply pay the tiny fee instead.

mr-euro 2010-02-17 10:16:34

@mr-euro I understand that you don't do it currently. I'm recommending a user account system as a solution to your problem.

Sonny 2010-02-17 17:28:07

Hey, this is a good idea. Would +1 but out of votes.

Pekka 2010-02-16 22:55:22

Although very easy to circumvent, a simple cookie is perhaps enough to deter the majority of people from abusing a free trial. Thx.

mr-euro 2010-02-16 22:56:06

ansaurus

tags:

views:

answers:

An online free-trial anti-abuse system design.

related questions