Having read this thread, I can look at the issue from the point of view of someone who wants back in "under the radar", but also has a bit of knowledge.
MAC address = probably the most effective, in order to get back in, the miscreant will have to shell out for a new PC
However, for those REAL whizz kids, there are likely to be several ways around this, not least the obvious one of using a browser they know will not support MAC retrieval once they are aware this is how they are getting caught. A clever programmer may even be able to intercept the IE ActiveX script, and return a fake MAC address, which he changes every time it gets "busted". A rootkit may be necessary, but they are out there! It's not something I could do (yet, anyway). This would fool the system into believing it had not been denied a MAC by use of a different browser, and would accept the MAC as genuine.
Other systems, such as those used by MGS are easily defeated. MGS plants a permanent entry in the registry that blocks the creation of duplicate accounts on that PC, even if the casino is uninstalled. This takes only seconds to circumvent, and is a simple matter of deleting entries in 2 registry keys, and they are pretty obviously named.
There is also software on the market that constantly monitors for changes in the registry, so that they can be reversed at any time. They do, however, rely on them running at the time a change is made.
If most miscreants are not all that good with the technical side though, banning by MAC address would be the most accurate. To speed up the process of catching them, the script to gather the MAC address for NEW registrants could also be run for existing members when they log in, if their MAC address is not present in Bryan's back end
D).
Maybe what is needed is someone to make a duplicate account, all with Bryan's permission, and use it in order to verify the effectiveness of any enforcement system. This volunteer could then try to circumvent the system to see if the enforcement can be overcome. If a loophole is found, Bryan can be told how, and together they can find a way to plug the loophole.
Currently, banned members can simply suffer the inconvenience of being "busted", and having to start over. This is probably more damaging than letting them stay (but keeping an eye on them). Members who Bryan is 100% sure are genuine could then be sent a PM alerting them to this "under the radar" subterfuge, without the banned member realising. This results in us not being fooled, but the banned member not realising they have been rumbled, so they may well proceed to dig a big hole for themselves, but will not produce additional work for Bryan by continually trying to sneak back under a new username.
Members who suspect "new" members of being returning banned ones can tip off Bryan - as I did when one REAL "villain" tried to sneak back for the umpteenth time (he was originally banned for fraud, and I believe won an "evil player" award for activity that took place before I joined here). He later got banned as "murder1" I believe, before he decided to get cocky because he had sailed in & not been spotted for months. He said something in a PM that made me look back to the year before I joined, so I found out how serious his offence was. He just HAS to be back again, as the username he was using was never banned (as far as I can see), he just abandoned it, maybe having had second thoughts about the PM he sent me, but could not retract.