An online free-trial anti-abuse system design

I am currently selling time based access passes to an online service at micro payment prices.

After payment the customer gets a set of credentials that is only valid for the purchased period. When the access pass expires the customer has to buy a new set of credentials. So basically the credentials are one-time(period) use only.

I would like to offer a free-trial of x minutes to this service so potential customers can realise it works fine, possibly increasing total sales.

My question is, how w开发者_StackOverflow中文版ould you stop abusers?

That is, people should only be allowed to try for free once, and if that is not possible at least make them go through a process/test which (as in shareware) is too cumbersome or annoying for them to keep trying it.

Obviously there is always someone who will bypass it. I am looking for a solution for the majority of people who are either not IT savvy, time constrained, or simply too lazy to bother abusing it, instead of simply paying the tiny fee.

I have some approaches in mind but would like to be inspired by other people too.

The service is developed with LAMP.

Put a cookie in their browser. Force a small delay before they can re-use your service, or make them go to the trouble of deleting the cookie. If they block cookies, politely ask them to allow them. You might have more business success if you allow several trials, with a minimum of hassle.

If you look around, everybody who gives out free trials binds them to a credit card - not to charge them, but to verify the user's identity. That's about the only feasible way to prevent abuse I can think of.

Any other idea will depend on the kind of service you are offering. StackExchange for example can offer a 45 day trial without a credit card no problem, simply because the effort to build a SE site is so huge, starting multiple trial periods (and having to configure a new site and build a new community every time) just wouldn't work.

Something similar could be unique login names that you can register during your trial period, and would have to give away if you don't convert it into a pay subscription, things like that. Really depends on the nature of your service.

The users who want to try your product again via a trial are highly convertible users because they already know the value of the product.

The challenge is detecting them and then converting them to paying users.

Detecting can be done using a variety of signals including:

• IP
• Cookies
• Device fingerprints
• Credit card or payment information
• Email verification and validation

Each individual signal has its challenges eg. IPs can change and are legitimately shared among large audience such as via carrier grade nat.

SMS verification is good in most markets but adds friction and potentially cost for you and your users.

Something like Upollo.ai solves all the hard parts for you so worth a look for people facing these problems in future

I ended up using the smallest possible payment amount for a short time span, but enough to get the user satisfied at very low monetary risk.

In the time past since I asked I actually seriously considered using Flash cookies which very few people know (even that they exist) how to remove.

The other simple (although not-free) is using a SMS confirmation option which binds the user's mobile phone number. As a mobile phone number you just do not throw away like you do with email addresses then this is also a safe limitation method.