Security
By the Countloyal team · June 2026
The most common question new business owners ask us is some version of: “What stops a customer from just scanning the QR code twice?” It's a fair question. Countloyal uses layered controls to reduce casual repeat scanning and make abuse visible — but no single method is perfect, and different stamping modes offer different levels of assurance. This post explains what each mode protects against, so you can choose the right one for your business.
Countloyal supports three ways for customers to earn stamps, each with a different level of security. You choose the one that fits how your business runs.
A printable QR code on your counter card, poster, or sticker that customers scan with their phone. No power required — just print and place. Protected by a two-phase rate limit:
Security level: Good protection against casual repeat scanning — the kind where a customer tries to scan twice in the same visit. A printed QR code can be photographed and shared, so it doesn't prove the customer is physically present. For low-value rewards at cafés, the rate limit and PIN gate make this commercially practical. If you want stronger presence assurance, move to the rotating QR station below.
A tablet or screen at the counter displays a QR code that rotates every 30–60 seconds. Customers scan it with their phone. Because the code changes constantly, screenshotting it and scanning later — or forwarding it to a friend — does nothing.
Security level: Stronger presence assurance — because the code changes every 30–60 seconds, a customer must be physically at the counter within that window to stamp. Screenshots and shared codes become useless almost immediately. A cheap tablet on the counter is all you need.
A team member scans the customer's loyalty card QR on their own device and enters the number of stamps to add. The customer never touches a screen — making self-stamping physically impossible.
You can choose whether a staff PIN is required for each stamp:
Best for: Businesses where staff are always at the counter and want complete control over every stamp.
New feature
For businesses using a self-service QR (static or rotating), you can turn on a setting that requires a staff PIN any time a customer tries to earn a second stamp within the cooldown window.
The first stamp always goes through without friction. But if the same customer scans again too soon, their phone shows a PIN prompt — they hand it to the barista, the barista taps in the PIN, and the second stamp is added. Normal customers ordering one coffee never see the PIN screen. The only people who do are those trying to scan twice.
How to enable it: Dashboard → Stamp Settings → turn on Require staff PIN for second stamp. Your existing staff PIN is used — no additional setup needed.
Customers can collect stamps as a guest, but to claim a reward they must verify their mobile number via SMS first. Research consistently shows that loyalty programmes requiring a verified phone number have significantly lower fraud rates — it's much harder to create throwaway accounts when each one needs a real SIM. Every redemption on Countloyal is tied to a verified phone number.
Set a maximum number of stamps that can be added in a single transaction. Even if a customer selects a high quantity on the confirm screen, the server caps it at your configured limit.
When a customer claims a reward, their screen shows a ticking live clock alongside the confirmation. A screenshot taken earlier cannot fake this — your team can see it's a live screen, not a saved image.
Every stamp and redemption is recorded server-side with a timestamp. This isn't a prevention layer — it's detection and audit. If you ever have a question about a specific customer (did they really visit four times this week? why do they have so many stamps?), you can pull up their full history and see exactly when each stamp was added.
Stamp counts live on our servers, not on the customer's device. There is nothing in their phone to edit, intercept, or manipulate. Every stamp goes through our API and is validated before being applied.
If you use a printed static QR, there is one physical risk worth knowing about: a bad actor could stick a fraudulent QR code over yours — redirecting customers to a fake site. This is a known risk with any printed QR code (the FTC has specifically warned consumers about it), and it affects payment, parking, and loyalty QR codes alike.
Countloyal's QR code always links to countloyal.com, so customers can verify the domain after scanning. But the better protection is a quick visual check by you or your staff:
The dashboard gives you the data to spot patterns that look wrong:
If you see something odd, the customer history view lets you check their full stamp timeline before deciding whether to honour a redemption.
Starting out: Static printed QR with the default 2-hour cooldown. Print it, stick it on the counter, and you're live. Most cafés start here.
Ready to use Countloyal on an ongoing basis: Consider the rotating QR station on a tablet at the counter.
Zero self-service: Staff stamping mode. No customer ever touches a screen to earn a stamp — with or without a staff PIN.
Questions about any of this? hello@countloyal.com