Duplicate account detection is a key component of preventing malicious activities on your platform. However, it is not easy to find duplicate accounts because there are many reasons why users may have multiple accounts. People can have duplicate accounts for non-malicious reasons (for example, they might forget their login credentials or the account is no longer active) or for malicious reasons (such as to distribute spam or harass others).
Detecting duplicate account detection requires you to check the information on new and existing accounts. You can compare a number of fields to detect duplicates, including account name, institution_id, and account mask. You can also use the /accounts/get endpoint to retrieve this metadata and compare it to existing accounts. Ideally, you should match and compare these fields case-insensitively.
You can also check for suspicious behavior that suggests an account is a duplicate. For example, if the account has an incomplete or unusual biography or is posting similar content to other accounts (especially if it is too-good-to-be-true product or service offers), this should raise a red flag.
Double Trouble: How to Detect and Prevent Duplicate Accounts
A system for detecting duplicate accounts may include a frontend reviewing unit that receives trigger events and performs duplicate checks on the triggered accounts. The system may also include backend matching units that systematically search for duplicate accounts. The system may also include a database that stores entries in a review queue. The system may also include a frontend reviewing unit that reviews and terminates at least one of the matched and scored duplicate accounts.