Verification of discount card via SMS when writing off bonuses

Discount card verification via SMS when redeeming bonuses: how to protect customer accumulations and configure the program correctly

A bonus system is a powerful tool for customer retention, but its use is often accompanied by the risk of staff abuse. Business owners regularly contact Torgsoft technical support specialists with the following questions: how can they technically ensure that accumulated bonuses are spent by their actual owner? Can the program be configured so that the SMS verification request is sent only when the customer wants to redeem bonuses, and not every time the customer is added to the receipt? Which access rights should be restricted for the cashier so that they cannot manually enter the card numbers of their acquaintances and steal other customers’ accumulations? The answers to these questions lie in the correct configuration of the additional verification option and user roles.

When exactly the SMS should arrive: how the function works

In Torgsoft, customer identification by phone number is handled by the additional paid option «Discount card verification via SMS» (Code 100). Many entrepreneurs mistakenly believe that when it is activated, an SMS will be sent with every purchase, which may irritate customers. However, the system allows you to flexibly separate the identification and redemption processes.

There are two independent parameters in the settings of this option:

1. For selecting a customer in sales and returns — responsible for searching for a customer by phone number when adding them to the receipt.

2. For confirming bonus redemption — responsible exclusively for the security of accumulations.

If you want the SMS to arrive only at the moment of bonus redemption, you need to disable the first setting and leave only the second one enabled.

How does this look at the checkout?

The seller adds the customer to the sale (for example, by scanning their plastic card or selecting them from the database), adds the product, and clicks «Pay with bonuses». After the seller enters the number of bonuses the customer wants to redeem, the program automatically generates and sends an SMS with a secret code to the buyer’s phone. A window for entering this code appears on the seller’s screen. Without the correct code, it is impossible to complete the bonus redemption.

How to protect a customer’s bonuses from the seller

The SMS verification function during redemption is already a reliable protection by itself: even if the seller knows the card or phone number of a customer with a large balance, they will not be able to steal these bonuses because the confirmation code will be sent to the real buyer’s phone.

However, to fully prevent fraud, other loopholes must be closed. The most common scheme is when a cashier memorizes the barcode number of someone else’s discount card (or a relative’s card) and manually enters it from the keyboard during sales to customers who do not have their own cards, thereby assigning the discount to themselves or accumulating bonuses for themselves.

To avoid this, check the following setting:

• Go to the main menu item Settings -> Parameters -> Access.

• Enable the switch «Prohibit the seller from entering the discount card number from the keyboard (scanner only)».

When this restriction is enabled, the seller loses the ability to type the card digits manually. For identification, they will have to either physically scan the customer’s plastic card or use SMS verification by phone number.

Additionally, in the settings of the «Seller» role (Settings -> Role settings -> Customers), it is recommended to enable the parameter «Hide the Date of birth and Gender fields in the customer card». This will prevent unauthorized use of customers’ personal data by sellers for fraud involving birthday discounts.

Which settings to check for correct operation

For verification during bonus redemption to work without failures, the administrator or owner needs to check the following basic settings:

1. Integration with an SMS service. The verification option does not send messages by itself; it requires a connected bulk messaging service (for example, TurboSMS, AlphaSMS, SMS-Center, etc.). Make sure that the correct active service is selected in the settings (Settings -> Parameters -> Additional functions -> Discount card verification via SMS) and that the provider’s balance has sufficient funds.

2. Message template. A special SMS text template must be created in the verification settings. The main requirement is that the text must include the system variable <customer verification code>. Without it, the customer will receive an empty SMS, and the seller will not know the code. Example of a correct template: "Code to confirm bonus redemption: <customer verification code>".

3. Availability of phone numbers. Customer cards (Marketing -> Customers) must contain correctly filled mobile phone numbers. The program checks their uniqueness, so it will not be possible to link one phone number to several different cards (provided that duplicate checking is enabled).

4. Consent to receive mailings. Previously, the program required the customer to have the «Agree to receive information via SMS» checkbox enabled; otherwise, verification did not work. However, the developers have removed this restriction: now transactional service messages (which include the verification code) are sent regardless of consent to receive promotional bulk mailings.