I haven't thought about this for long, so my opinion may change over time, but it seems to me that any system complex enough to require these kinds of relatively complex fixes is probably just plain too complex to begin with.
I would love to see a simpler ranking system, but that's another discussion for another time. Right now what this game needs as a fix for smurfing is verified accounts. A live mobile phone number, an active email, and a credit card on file. $50 deposit to play, forfeited if they detect a second account on the same IP address or you get a cheating ban, and the account is permanently deleted. You can start a new one, but you have to pony up another forfeitable $50. If you get a second $50 hit then the third goes to $100, fourth goes to $250. And so on. It's fine if people want to be jackasses, but at least make them pay for it.
Now that I think about it some more, this would have been the perfect and most worthwhile use for xbox connect. Facial recognition allowing only you to log into your account (no selling accounts to other people) and not allowing you to log into any other account. Prevents idiot siblings from messing with your account and prevents you from leveling up their account. Win, win, and win. Too bad connect was useless for everything else. And cost $100.
I have considered requiring additional personal information—such as phone numbers or facial recognition—as a countermeasure against smurfing too. But I ultimately decided against it.
The primary reason is the risk of personal data breaches. This isn't about a lack of trust in EA specifically; rather, it is my policy that whenever I provide personal information to any entity, I must be prepared for the worst-case scenario: a data leak. For this reason, I do not keep my payment information registered; I make it a point to delete it immediately after every transaction.
Currently, even if a leak were to occur, the compromised data would be limited to information that is easily changeable, such as email addresses. While this may be insufficient as a countermeasure against sub-accounts, it might be the appropriate balance from the perspective of user protection.
