Identifying you between your work and home

I was reading the CryptoGram from Schneier and found this pdf which talks about how a persons identity could be determined based on the couple of locations they use to access sites on the internet. I had actually proposed a possible means of stemming fraud on an application at work by tracking IP's and using a GeoLocation database. While it's not 100% if you allow x amount of IP's to access an "order" for a given user then compare that based upon other information and where/when they access the site you can come up with data points outside of the "norm". Then you can throw a flag advising a human to look closer at an order or a set of users accessing the site. While I have read all of this I forsee it possible to take concepts from this to apply to a algorithm of identifying rouge users.