

Ask HN:  User Verification Suggestions? - dylanz

1.  Amazon's "Realname" (verifying name on CC).<p>2.  Address Verification (sending code via postal mail, having them enter it online later).<p>3.  Email Verification (obvious).<p>4.  Asymetric, Public Key type system.<p>These are just a few examples I can think of.  Basically, I'm trying to compile a list of ways to verify the person on the end of the pipe are who they say they are.
Any ordinary or out of the ordinary suggestions welcome!
======
petervandijck
Mobile phone number verification, ie. prove that you're a human in countryX by
entering your mobile phone nr. in the US and we send you an SMS code or
something. Google does (did?) that if I remember correctly.

~~~
johns
I work at Twilio and this is an extremely common use case for our service. We
have two recent blog posts that show how to do both SMS and phone-based
verification:

[http://blog.twilio.com/2010/05/sms-phone-verification-
with-t...](http://blog.twilio.com/2010/05/sms-phone-verification-with-twilio-
and-php.html)

[http://blog.twilio.com/2010/05/simple-phone-verification-
wit...](http://blog.twilio.com/2010/05/simple-phone-verification-with-twilio-
php-mysql-and-jquery.html)

~~~
TeHCrAzY
Unfortunate that the service requires a US based billing address, is there any
way to work around that?

~~~
akalsey
You could use a service that works internationally like <http://tropo.com/>,
<http://cloudvox.com>, or any voicexml hosting company.

------
akalsey
Are you looking to just compile a list of the ways that someone might do this,
or are you looking for a good solution?

Basically, every method listed here uses something as a proxy for a signing
authority. In the real world, we have Notaries. In the online world, we often
try and use some other trusted third party as a proxy for a notary.

That's what the credit card schemes are. You're trusting that the credit card
company has done their homework and verified the identity of the person
they're issuing a card to. Sadly, this isn't the case; I know someone who once
ordered a credit card for their dog.

As with any authentication system, the first question you have to ask yourself
is how important is the system you're guarding? What is the aim of the
authentication?

The lower the value of the system, the less you can put into it. To sign up
for an email list, you can probably just ask for an email address and send a
verification link. To handle a large financial transaction with an untrusted
third party, you're going to want a whole lot stronger verification.

So it really comes down to whether your interest here is for a practical
application, or if it's purely academic and you're just wanting to compile a
list.

~~~
dylanz
I am trying to compile a list, and the stronger the verification process, the
better. A Notary is a fantastic example.

------
olefoo
Phone verification, using twilio.You can at least verify that the user
controls a mobile phone number.

My bank offers this as an option to send a verification code when I use a new
computer or browser.

The drawback for you is that unlike my bank you are probably not verifying an
existing account and are taking the phone number from the same person you're
validating.

~~~
ams6110
Another (possible --- depends on your usage scenarios) drawback is that cell
phone text messages are not always "instantaneous". I've personally seen lags
of up to 30 minutes between send and receipt, particular in fringe reception
areas.

~~~
TeHCrAzY
I see > 1 day lags occasionally (aus, vodafone).

------
perokreco
I am a user case that does not own a phone or has a credit record in the US.
However the thing, if you are using payments that always works is PayPals user
verification. Put a charge on a users card. Either add a code to the name of
the merchant, or if unfeasible, charge 1.xy and ask the user for the xy.

------
thehickmans
You could combine IP geolocation and caller ID phone verification. Geolocate
the user's IP during the sign-up process and provide the user a code to
activate their account through a 1-800. Compare their area code against the
location they provided and see if they're close enough to trust.

~~~
akalsey
Now that long distance service is essentially free for everyone and mobile
phones (and VoIP) have nationwide networks, more people are choosing not to
update their phone numbers when they move.

This means that there's a good chance my phone might have a Chicago area code
but I live in LA now.

------
JangoSteve
Paypal and some payment gateways verify a user's bank account/routing number
by making 2 small deposits (<$0.20) and asking the user to type in how much
the deposits were.

------
keefe
it sounds like you're talking about authentication? imho nailing down
<http://en.wikipedia.org/wiki/AAA_protocol> can be fairly tricky

~~~
dylanz
I wasn't aware of the AAA protocol. Thank you for the reference!

------
mrfish
Canadapost.ca does a credit check when you signup for a change of address and
asks the user to verify two items on their credit report. Ouch.

~~~
ben1040
The US postal service's mechanism for doing this is slightly less invasive;
they charge a $1 fee to your credit card card so they can confirm that the
card's billing address is one of either the "old" or "new" addresses.

~~~
tomjen3
That might work, but hardly all people have a credit card.

And the post office certainly has no need to know it.

