We have 3 websites where in which we sell yearly subscriptions to foreign trade data online.
We have detected that some clients are sharing their passwords with “friends” or other companies, meaning than we find some “users” that are being used from different countries at the same time and/or day.
We want to implement a security procedure that will guarantee us that only the paid will be the one that works on our software.
We already have the following data being collected in our “internal administration” sub-site the following data: User, date, time and IP.
Our selling “terms & conditions” are:
1. One user can only work in the Purchasing location / City / address of the purchasing company.
2. IP cannot be used as the only user control since the majority of users rely on a “dynamic IP” internet service that changes every day.
3. We don't want to use “tokens”, we sell internationally.
Internally we developed an “Active X” solution that captured besides the User, date, time and IP, the complete MAC address and Chip number.
4. Before implementing it we talked to each customer because they would only be able to login from THAT computer, if they needed another computer to be used, as for example their laptop or home desktop, we just changed in our “admin website” the number of computers we that our customer was going to be able to use.
The problem lies in the process of installing the “active X” control, it ended to be a confusing and complicated work for them, and thus, we didn't apply it.
We need any proposal or solution and are able to personally show our websites & built solution etc., if we start to develop a business relation.