I think that on a diverse and distributed system like the Internet what you are proposing could be nearly impossible without physical authentication.
As has been said MAC/IP address isn't going to be the way forward even just due to people having access to multiple machines/public access/etc. before we even get into the realm of spoofing. Likewise multiple, unique individuals may try to access your system from the same IP or MAC address, a shared/public terminal for example.
As Shawal has suggested debit/credit card information should be unique, but a person can have more than one card legitimately (If I only had one my finances would look nicer
Even going to the extreme of requiring physical authentication (such as RSA keyfobs, swipe cards, etc) whilst each device is unique, again an individual could have access to more than one device, for example registering/recieving one from multiple addresses.
However, whilst it may/will be impossible to get a 100% perfect system it is important to remember that you only need to remove enough flaws to make the system usuable. Holes can and will be found in any non-simple system, online or otherwise, what is required is reducing the level of holes to an acceptable level depending on your context and requirements.
Hope this helps, good luck