0
votes

I am using the PayPal MassPay API to award cash rewards to game winners in our application. It is against the rules for a player to try to win more than once per day. When I send a winner his/her cash, he provides an email address which I then use with MassPay/PayPal to deliver the award.

The problem is that people cheat by:

  1. Creating multiple PayPal accounts with different email addresses

  2. Playing (and winning) the game under these different email addresses, thereby skirting the rule that you should be able to win just once per day.

The different email addresses resolve to the same "real name" (first and last name) when I review the PayPal transaction logs, but by then it's too late -- the cheater has effectively won twice and collected.

One solution would be to query PayPal first, to get a first name, last name, and zip code from a user's email address. Presumably, this information would resolve to the same values for the multiple email addresses that the cheater is using. If I find two email addresses with the same name and address (zip code), I could flag this as potential fraud BEFORE paying out the second time.

I can't see a way, through the various API's exposed by PayPal, to ask, "is it very likely that these two different email addresses resolve to the same person (or same street address)?"

Any suggestions would be very much appreciated!

1
You need more than that. You need full address and date of birth. As the cops know, it is by no means uncommon for two and even three people with the same name to live at the same address: son, father, and grandfather for example.user207421
Agreed - I would need that level of detail to be absolutely certain of the person's identity. But the level of certainly that I require is much lower. If I see two "John Smiths" trying to cash out on the same day from the same address, I can block the second one until my customer service department has exchanged email with him. It's ok to be "guilty until proven innocent" in this case -- an email to customer service explaining that there really are two John Smiths sharing that address will unblock (and pay) the second, innocent, John Smith.Cambridge_One
I'm voting to close this question as off-topic because it's not constructive.EJoshuaS - Stand with Ukraine

1 Answers

0
votes

Here's an approach.

Upon sign-up have your users 'Login with PayPal'. You'll need to apply and be approved to use "LIPP". But assuming a) you wanted to integrate it, and b) PayPal gives you access, and c) your users consent to share account data with when they 'log in with PayPal', then you could check for name/address duplicates. And theoretically elect to payout or not.

https://developer.paypal.com/docs/api/#get-user-information

Additionally LIPP can provide you with the logged in users PayPal 'Payer ID' which is PayPal speak for PayPal account number. The Payer ID always stays the same, regardless of what email address the PP account holder uses to identify their PayPal account.

MassPay as an argument can take email address, Payer ID and US mobile number to identify your recipient. So, use LIPP to check for duplicate accounts, then payout only to PayerIDs via MassPay.

Let us know how it goes.

Rolf