Detecting Multi-Accounting in Gaming and SaaS

Multi-accounting is one of the most common fraud patterns across gaming, SaaS, and marketplace platforms. Users create multiple accounts to abuse free trials, manipulate rankings, circumvent bans, or stack promotional offers. Traditional detection relies on email/IP matching, which is trivially bypassed with disposable emails and VPNs.

The Device Connection

Device identification changes the equation. When a user creates Account A on Device X, we record the device fingerprint. When the same device creates Account B — even with a different email, IP, VPN, and browser profile — the fingerprint match exposes the connection. The device is the constant that users cannot easily change.

Our cross-session matching works because tracio.ai's multi-tier identification architecture separates hardware signals (GPU, screen, audio) from software signals (fonts, plugins, user agent). Hardware signals are extremely difficult to spoof without physical hardware changes. Even when users install different browsers or use virtual machines, the underlying GPU renderer string, canvas rendering output, and audio processing characteristics remain consistent.

Real-World Detection Patterns

Pattern 1: Free Trial Abuse A SaaS platform offers 14-day free trials. A user signs up, uses the trial, and when it expires, creates a new account with a different email. tracio.ai detects that both accounts originate from the same device. The platform can then enforce a "one trial per device" policy without affecting legitimate users.

Pattern 2: Gaming Smurf Accounts Competitive gaming platforms face "smurfing" — experienced players creating new accounts to play against beginners. tracio.ai identifies when a new account is created on a device that already has a ranked account. The platform can fast-track the new account's matchmaking rating or flag it for manual review.

Pattern 3: Marketplace Manipulation E-commerce marketplaces see sellers creating multiple accounts to post fake reviews or manipulate search rankings. tracio.ai's device matching reveals when multiple seller accounts operate from the same device, enabling automated enforcement.

Pattern 4: Promotional Stacking A platform offers a "$10 off your first order" promotion. Users create multiple accounts to stack the discount across multiple orders. tracio.ai detects the common device and limits the promotion to one use per device.

Implementation Approach

The simplest implementation queries the tracio.ai API after account creation and checks if the device has been seen with other accounts:

After the user signs up and completes their first device identification, query the visitor history endpoint. If the device fingerprint has been associated with other accounts in your system, apply your multi-accounting policy: block the account, require additional verification, or flag for manual review.

Privacy Considerations

Multi-accounting detection must balance fraud prevention with user privacy. We recommend transparent disclosure: tell users that device signals are used to prevent abuse. Provide an appeal path for legitimate cases — family members sharing a device, for example. And never use device signals to deny service without additional evidence.

At tracio.ai, we provide the device match data. Your platform decides the policy. Some customers use a soft approach (require phone verification for accounts sharing a device), while others take a hard stance (one account per device). The right policy depends on your business context and regulatory requirements.