gift certificate security

georgeb

Hello All, I'm hoping one of you other php lovers out there can help me with an out-of-the-box solution to a potential problem-

I'm adding a gift certificate feature to my clients' shopping cart application and need to devise of method to prevent 'gift certificate abuse'. This gift certificate will be printable from the website and redeemable only in the physical store location(s). My client has multiple retail stores.

In the past, I've done coupons and certificates that could be redeemed more than once, a discount on pizza for example. In my current application, the customer can only redeem the certificate once.

I do not have access to this customers' POS system to build an automatic means of validation, and even if I did, the store locations are not linked real-time so a customer could potentially take multiple copies of the gift certificate to different locations.

Here are the potential solutions I've been tossing around and the challenges associated with each:

1- Only allow the printable gift certificate page on the website to be viewed once. This is all fine and good except that those with half of a brain can choose 'File->Print->2 copies'. And in the event the customer were to prematurely close this window, have a printer malfunction, or if the server were to hiccup, we can be sure my client would get lots of angry emails and phone calls from frustrated customers.... So this is out.

2- Accept the fact that there will be those who attempt to cheat. The problem here is that we're dealing with fairly large sums of money, (as opposed to $1 or $2 off of a pizza) so the temptation for dishonesty will be too great.

3- Use a unique identifier on the certificate that will be logged upon issue and that can be validated upon redemption. The problem with this method, which otherwise seems the best route, is that it will require the intermediate steps on the part of my clients' salespeople of checking the identifier in a web-based administration interface. On their retail sales floor, this doesn't appear to be a preferred method for two reasons - the POS terminals are not PCs, and have no way to connect to the internet, and the other is that sharing one (or even several) internet terminals across multiple salespeople will potentially create a bottleneck on the busiest of days. These issues aside, this seems to be the only reliable route.

So, that is my challenge... I'd love to hear how others have implemented something similar, or if any of you have any ideas. If you think your idea might be too simple or unreliable, post it anyway - I'd like to hear every idea that is out there.

Thank you all for your help!
George

sarahk

We have a major retailer here who logs every purchase against your phone number. Now there are benefits to this, not least being able to get warranties and tax receipts.

In your scenario if every purchaser had to have an account with the store then you could log the use of the voucher against the account also. After the stores go online to synchronize you can check for abuse and flag the account so that some action may be taken.

Alot depends on the money being spent and the the product being bought.

HTH

dnszero

In addition to what sarahk suggested, you could include the Name, Addr, Phone No, of the purchaser on the gift certificate and maybe the name of the recipient, too. The point being that this would act as a visible deterent to someone thinking of making mulitple copies.

Overall, I really think you're going to have to verify against an online DB to prevent theft. Possibly the best solution would be to make a very streamlined, fast and easy interface for recording and validating these gift certificates. You could have an easy to read and type ID number on each one, so that the sales associate would only have one item to enter, and then you could respond with a simple 'All Good' mesg or a 'Bad' mesg that would include the problem details.

Of course, the problem here is the easy to type number needs to be big enough and random enough so that it isn't guessed by an attacker (ie, not a short number and not based on any guessable info). To maximize the difficulty of attack, figure out how long of a number the sales people can type in an allotted time period and then make the number that long.

HTH

georgeb

Thank you both very much for your suggestions. Between both, I think that I'll be able to make this work.

Any under suggestions out there?