Verifying customer check in

Question

I have created a customer loyalty and reward app that works in a very simple manner. We supply cafes etc. with a printed QR code which the customers scan on each visit, using the app. Upon completing X visits, the customer is entitled a reward, e.g. a free coffee. In order to prevent illegitimate check ins, such as taking a photo of the printed QR code and scanning it at home, we supply an iBeacon along with the label. Therefore, whenever a user scans with the app the QR code, the app attempts to communicate via BLE with the relevant iBeacon. If it's found, the check in is considered legitimate.

This however has proven to have many shortcomings, the most important of which are:

• The iBeacon batteries run out quite often (after a few months) and despite the fact that the owners receive SMS to replace the batteries, they mostly don't bother.
• The iBeacon itself is relatively expensive (about $15 each) given that we offer this service for free.

Given that the incentive to "hack" this app ain't that big (you are not going to win a car or a house by the beach), one would suggest to rely only on the user's location for example to validate that the customer is indeed at the store. However, we want this to also work on delivered goods. Currently we also supply "mobile" labels that a delivery boy has with him and the customer may scan at home or work.

I am trying to think of a simpler or more cost efficient way to validate customer check ins but haven't managed to do so.

Can anyone suggest an alternative "good enough for most cases" way to do this?

EDIT

My main problem is that someone can take a picture of a QR code and scan it at home. Therefore, I was wondering how hard would it be to check the image my app "sees" during scanning at the server side. So if I uploaded an image taken by the camera, every time someone scans a label and have some "automagic" way to determine if it's a legit scan or e.g. the screen of another phone or a printed copy of my label?

Here's what a label looks like

Could I print something on the paper or the plastic label that I can identify during scanning that would be hard to imitate? E.g. making the label look green when viewed on a specific angle?

Answer 1

Edit Here is a more formal answer:

Designing a security system often mostly always finding the right balance between cost, usability and security.

In the far end of the spectrum, you have your initial solution: printed QRcode that needs to be scanned. It has the lowest cost (1 piece of paper per deployment location), highest usability (a simple scan with an app) and lowest security (can be gamed by anyone with next to no equipment and knowledge).

You traded some cost and usability for a bit more security by adding an iBeacon. That was a good move but it turns out you can't seem to be able to afford neither the additional cost (the beacon) nor the lost usability (the necessity to change the battery).

So, what you should be looking for is for a solution that will be less expensive and more usable without compromizing security too much.

So, I would suggest something that is:

• Still mostly paper-based (at least as far as the deployment points are concerned)
• Allow you to adjust your cost/usability/security based one the specific situation.

So, my idea is to extend your QR code to include two additional elements:

• A type of "rule selector" that lets you define what security profile is requred to use that code
• A signature to prevent forgery.

I would then create several different rules:

• The most basic type of rule would be to require your application to be geo-located close to the deployment point before validating the visit. That should be your normal deployment option.
• A time limit to the validity of the code so you can generate (and print or simply display in an app) code that can be carried around.
• An IP limitation that you can tie to the deployment location (so that visitors will only be able to validate their visit from the local wifi, for instance).

Such a scheme will allow you to tailor the validation you make to the situation you face and adjust the usability/security ratio accordingly.

Of course, that's not the only possible option: you can (as suggested by @TripeHound) generate fast changing codes and display them on a local terminal (for instance on a TV screen, maybe as a superimposition over the regular program) but that's a completely different cost calculation.

Initial answer: Obviously, your issue is cost: any solution to your problem is going to require some form of active device at the location that is hard to fake yet not too expensive to deploy.

I would suggest the following:

• Change your application to use the GPS location of the device.
• For delivery men, generate special codes (signed) that disable GPS checks for the given date that they can print before going out.

It's far from perfect and there are several ways to cheat (for instance, take a picture of a delivery man's code)