It definitely sounds like a hard problem. I'm not familiar with the current process, but based on what I found when I looked it up, it seems like there is a verification step already in place, but some of the methods of verification are tenuous. The method that seems the most secure to me is delivering a pin to the physical location that's being registered, but I feel like everything is exploitable.