I am using the PayPal MassPay API to award cash rewards to game winners in our application. It is against the rules for a player to try to win more than once per day. When I send a winner his/her cash, he provides an email address which I then use with MassPay/PayPal to deliver the award.
The problem is that people cheat by:
Creating multiple PayPal accounts with different email addresses
Playing (and winning) the game under these different email addresses, thereby skirting the rule that you should be able to win just once per day.
The different email addresses resolve to the same "real name" (first and last name) when I review the PayPal transaction logs, but by then it's too late -- the cheater has effectively won twice and collected.
One solution would be to query PayPal first, to get a first name, last name, and zip code from a user's email address. Presumably, this information would resolve to the same values for the multiple email addresses that the cheater is using. If I find two email addresses with the same name and address (zip code), I could flag this as potential fraud BEFORE paying out the second time.
I can't see a way, through the various API's exposed by PayPal, to ask, "is it very likely that these two different email addresses resolve to the same person (or same street address)?"
Any suggestions would be very much appreciated!