I am using the PayPal MassPay API to award cash rewards to game winners in our application. It is against the rules for a player to try to win more than once per day. When I send a winner his/her cash, he provides an email address which I then use with MassPay/PayPal to deliver the award.
The problem is that people cheat by:
Creating multiple PayPal accounts with different email addresses
Playing (and winning) the game under these different email addresses, thereby skirting the rule that you should be able to win just once per day.
The different email addresses resolve to the same "real name" (first and last name) when I review the PayPal transaction logs, but by then it's too late -- the cheater has effectively won twice and collected.
One solution would be to query PayPal first, to get a first name, last name, and zip code from a user's email address. Presumably, this information would resolve to the same values for the multiple email addresses that the cheater is using. If I find two email addresses with the same name and address (zip code), I could flag this as potential fraud BEFORE paying out the second time.
I can't see a way, through the various API's exposed by PayPal, to ask, "is it very likely that these two different email addresses resolve to the same person (or same street address)?"
Any suggestions would be very much appreciated!
Here's an approach.
Upon sign-up have your users 'Login with PayPal'. You'll need to apply and be approved to use "LIPP". But assuming a) you wanted to integrate it, and b) PayPal gives you access, and c) your users consent to share account data with when they 'log in with PayPal', then you could check for name/address duplicates. And theoretically elect to payout or not.
https://developer.paypal.com/docs/api/#get-user-information
Additionally LIPP can provide you with the logged in users PayPal 'Payer ID' which is PayPal speak for PayPal account number. The Payer ID always stays the same, regardless of what email address the PP account holder uses to identify their PayPal account.
MassPay as an argument can take email address, Payer ID and US mobile number to identify your recipient. So, use LIPP to check for duplicate accounts, then payout only to PayerIDs via MassPay.
Let us know how it goes.
Rolf