You can never be absolutely 100% sure, there is no fingerprinting on the internet and even that can be fooled.
IP is just an address, it is perfectly legal to have more than one. The same with emails - it is legal to have mail boxes.
Generally, the best you can do is something similar to what PayPal is doing when registering users, require a valid on-line payment method (card/bank account), charge a nominal fee to this account with unique reference, activate user account ONLY when they entered the unique reference from the payment, refund the payment after a period of time. And obviously store and don't allow reuse of the same on-line payment method (card/bank account) - I would suggest to store a hash instead of actual card/account numbers to avoid any privacy issues.