1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to verify a user identity?

Discussion in 'Off Topic' started by erich37, Feb 16, 2012.

  1. erich37

    erich37 Well-Known Member

    I am wondering if there is a proper way of identifying a users identity?

    I am looking for some kind of solution as to verify the user-identity via his phone-number, so a user would have to confirm his registration by entering a "code" which is send to him via SMS.
    Something similar as Google is providing.

    Or probably some other solution, e.g. a user needs to provide his Passport-ID into the registration-form and is required to upload a copy of his Passport ?

    Does any of you guys have any ID-verifiction in use at your Forums? What makes sense in this regard in terms of practicability and also in terms of cost?

    Many thanks!
  2. Slavik

    Slavik XenForo Moderator Staff Member

    You looking at around 10 cents / 5 pence per user to do a sms verification system.
    erich37 likes this.
  3. kkm323

    kkm323 Well-Known Member

    the internet has always been the best way to hide your identity.. :D
  4. Ingenious

    Ingenious Well-Known Member

    Just thinking out loud really...

    With the SMS it is fairly straightforward to use an email to SMS gateway or similar (I used to use it on my website to text me when someone had registered for the members area). So when you process the user registration you can email your SMS gateway their SMS number and the code. I'm not sure how big/complex a job it would be to do that within the forum registration, or whether it would be better as a standalone page.

    As a standalone page you could have the page only available to a logged in forum member (ie. you autovalidate to a basic member level which confirms their email etc) it then gets their logged in user ID, checks they have a phone number filled in, texts them a random code and invites them to enter that code. If the code matches you could then be emailed to advise, so you can upgrade their account (unless a way exists to do that automatically). You'd need to enforce entering a phone number on registration and then making it not alterable by the user (so someone can't just keep using the same number over multiple accounts) and then check it is unique before sending the code.

    I'm not sure a passport copy is a very good idea - huge can of privacy worms - lots of manual work, still easy to fake (not to mention the ones which are such bad copies you have to contact the member).
    erich37 likes this.
  5. erich37

    erich37 Well-Known Member

    do you know if this works globally? Saying for many countries allaround the world.
    Do you know of which company is providing this service?

    Many thanks!
  6. Slavik

    Slavik XenForo Moderator Staff Member

    Ye this was the average, some countires cost more, others less, but this was around the cost.

    You are best to search for a local service to you offering it
  7. erich37

    erich37 Well-Known Member

    well, I actully do not mean the costs.... but if this system would work on a global scale.
    Say if I have a user in China, Saudi-Arabia (or Zimbabwe :eek: ) - will he still be able to receive an SMS ?
  8. mrGTB

    mrGTB Well-Known Member

    Good luck getting forum members if you used something like that, seems a bit extreme to me for any forum board. It just gives the impression you might be trying to harvest phone numbers to sell on - no offence! Think you'd find most people are very hesitant to give "Joe Blogs" their phone number running some forum board, your not exactly Google or Microsoft they can trust.

    It does work and Microsoft use it for their Hotmail service if your account gets hacked. Like mine did last week, somebody cracked the password I used and spammed with my email addess. It was closed by MS and had to go through the process of them sending my mobile a CODE I entered into a page to change email account password to re-open it once again.

    Google also use it with AdSense accounts at times when re-activating, or something. Not sure, but seen it displayed to me before from Google and used it.
    erich37 and TheVisitors like this.
  9. erich37

    erich37 Well-Known Member

    Many thanks for your comments!

    yeah, you might be right.

    But how in the world are you able to keep scammers away from your board if you want to run a website dedicated to "business people" only, engaging in a business-marketplace like e.g. Alibaba.com ?
    Reading through all the scam-stories surrounding Alibaba, then it somehow makes sense (at least for me) to put some tight controls into the Registration-process in order to avoid scammers.

    E.g. I have now blocked all registrations with anonymous e-mail-accounts like Gmail, Hotmail, etc.
    Right now I do only allow registration with a "real" Email-address or a Business-Email-address. Do you think that is o.k. or it does not make sense at all?

    I am not sure what is the best way to avoid scammers ?

    Or is it the best to just don't care about it at all? And if users of my Forum will fall for scammers, then it's their own probem ?

    How do you see this ? I am not sure what to do.
    - Either have the "Register Page" with some required fields like e.g. "Passport Number" required and "Website" required on registration ?
    - Or just have the simple default "Register Page" without any custom-user-fields to fill in?

    I am not harvesting any phone-numbers, etc, - I just want to provide a website at which users can feel safe that they are dealing with real people and not with scammers who are sitting behind proxies and trying to rip-off other people.
  10. DRE

    DRE Well-Known Member

    Craigslist has that feature.
  11. whynot

    whynot Well-Known Member

    Not really.
    I have a client(lawyer) who cannot change his lousy ISP because his email address is with them.
    (Not unique to lawyers;) )
    ragtek likes this.
  12. erich37

    erich37 Well-Known Member

    so it would be o.k. to not allow registrations with Gmail or Hotmail, etc. ?
  13. whynot

    whynot Well-Known Member

    IMO: not o.k.
    Many people prefer to use the popular Gmail,Hotmail,etc. addresses instead of their own domain.
    Unfortunately I'm one of them.
    erich37 and ragtek like this.
  14. mrGTB

    mrGTB Well-Known Member

    Me also, I never use my ISP email on forums. In fact, I don't use my ISP email for nothing now because it uses Outlook Express and spam gets through very easy unlike using Hotmail.
    erich37 and whynot like this.
  15. Anthony Parsons

    Anthony Parsons Well-Known Member

    For your specific intention of verifying business to business, that is a partly adequate solution, yes.

    Whilst people above disagree, you have clearly stated you want to keep the scamming nonsense down and maintain site integrity. Whilst this may affect a new startup, it would not drastically affect a mature site... if anything, it would improve the quality of the discussion and as your aim, the legitimacy of the members.

    You are better of with 100 legitimate B2B members, than 1000, where 850 are scammers, frauds, spammers, trolls, etc, and that other 50 fit everything and simply don't want to use their business email.

    It doesn't matter what profession a person is, if they're legitimate, then they have a business domain email address, not a free one.
    erich37 likes this.
  16. Jason

    Jason Well-Known Member

    The easiest way is to use services such as Twilio or Tropo, which provide simple APIs that make it easy to build and integrate a phone verification system into your site. We use Twilio ourselves to provide phone verification for accounts suspected of suspicious activity (much like facebook), and to allow users to attach a mobile number to their account for notifications and such.

    An example: http://www.twilio.com/blog/2010/05/simple-phone-verification-with-twilio-php-mysql-and-jquery.html

    Mail-to-SMS gateways work as well (and are free), but not all providers support them, while others only offer them to customers within a specific region, and some even require that the customer specifically request that it be activated for their number first. If you go this route, you'll still want a fall back for providers that aren't supported and should expect delayed deliveries.
  17. erich37

    erich37 Well-Known Member

    Thank you very much for your thoughts Anthony!
    This is actually what I was thinking, but you are right it is difficult to start off with a small site this way. But I still prefer quality over quantity.......
  18. Mouth

    Mouth Well-Known Member

    Anthony Parsons and erich37 like this.
  19. Shamil

    Shamil Well-Known Member

    Anyone with Facebook use their two-step verification system?
  20. erich37

    erich37 Well-Known Member

    well, who of you guys does not have at least 2 accounts at Facebook? I have 3 of them, but just to test how FB works.

    I think scammers and fake users behind proxies are the biggest thread to any website-owner and to the whole internet-business.

    It does not matter which business you are in, whether it is B2B or Dating.
    Read about Scammers at Alibaba.com and also at POF.com and you will see what I am talking about.

    Who wants to run a Forum, when your members are potentially at risk of getting screwed off of thousands of USD ?
    And you are literally putting yourself at risk as well being a webmaster.

    Probably the only safe protection is to have a "Payment gteway" upfront, initially when the user is registering at your website. So you know that the user is at least verified by PayPal.

Share This Page