Preventing Fraudulent Submissions
The primary fraud we are aiming to prevent/detect is multiple submissions by single users in an attempt to game the system. Our secondary concern is bot behavior.
Best Practices – Prevention
What are basic, table-stakes, got-to-have measures in order to prevent fraud? How can these preventative measures be implemented from a technical standpoint?
Best Practices – Detection
What are basic, table-stakes, got-to-have measures for detecting fraud? Which, if any, of these measures can be automated? How can these measures be implemented from a technical standpoint?
Are there any widely-used procedures/measures that go too far in hindering legitimate attempts at form submission?
Everyone loves policies and procedures.
As far as technology is concerned most people develop in-house. They keep their secret sauce secret. But for the common folk:
If fraud is detected, beyond implementing the best-practices/procedures mentioned above – is there a general protocol or approach that teams should follow to solve the problem?