I've Read UNSCRIPTED
- Aug 27, 2017
Awesome, I will definitely integrate this in the authentication plan. Thank you for the detailed insight!Ok, so a couple of ways to do this.
For one, I would ban usage of any free email account used to sign up. That would restrict a lot of users that say they are with copmany X, but truely are not potentially. Most, if not all, real corporations will have a domain they use for email. Most real employees won't be using a free email address for their company.
Not that leaves just someone from company Y pretending they are company X.
There are services to help with this too, where you monitor the IP of the user and backtrack who owns that IP. It's not a fool proof way to verify, but it can cut down issues if you used a "layered" approach to drilling down who is who. Clearbit is one such company that can generally tell you, based on IP, what corporation owns/uses the IP the user signed up with. Of note, this would probably work OK with large companies like LinkedIn and Google, but not small companies.
Past that, you could verify the company name on the credit card used to pay and a few other possible small tweaks. Again, all in an effort to keep layering solutions before narrowing down to manually calling and verifying people.