← Back to blog

Security

How Countloyal prevents stamp fraud

By the Countloyal team · June 2026

The most common question new business owners ask us is some version of: “What stops a customer from just scanning the QR code twice?” It's a fair question. Countloyal uses layered controls to reduce casual repeat scanning and make abuse visible — but no single method is perfect, and different stamping modes offer different levels of assurance. This post explains what each mode protects against, so you can choose the right one for your business.

The three stamping modes

Countloyal supports three ways for customers to earn stamps, each with a different level of security. You choose the one that fits how your business runs.

Default

Static printed QR

A printable QR code on your counter card, poster, or sticker that customers scan with their phone. No power required — just print and place. Protected by a two-phase rate limit:

  • Optional: staff PIN for a second stamp. If you turn this on, a customer who scans again within the cooldown window sees a PIN prompt on their screen — they hand the phone to the barista, who taps in the PIN to approve. No valid PIN, no stamp. Off by default; enable it in Dashboard → Stamp Settings.

Security level: Good protection against casual repeat scanning — the kind where a customer tries to scan twice in the same visit. A printed QR code can be photographed and shared, so it doesn't prove the customer is physically present. For low-value rewards at cafés, the rate limit and PIN gate make this commercially practical. If you want stronger presence assurance, move to the rotating QR station below.

Upgrade option

Rotating QR station

A tablet or screen at the counter displays a QR code that rotates every 30–60 seconds. Customers scan it with their phone. Because the code changes constantly, screenshotting it and scanning later — or forwarding it to a friend — does nothing.

Security level: Stronger presence assurance — because the code changes every 30–60 seconds, a customer must be physically at the counter within that window to stamp. Screenshots and shared codes become useless almost immediately. A cheap tablet on the counter is all you need.

Most secure

Staff stamping

A team member scans the customer's loyalty card QR on their own device and enters the number of stamps to add. The customer never touches a screen — making self-stamping physically impossible.

You can choose whether a staff PIN is required for each stamp:

  • Simple mode: Staff scan the customer's card and tap the number of stamps — quick and friction-free.
  • PIN required: Each staff member has their own PIN and must enter it to confirm. Gives you a full audit trail of who stamped whom.

Best for: Businesses where staff are always at the counter and want complete control over every stamp.

Staff PIN for a second stamp

New feature

For businesses using a self-service QR (static or rotating), you can turn on a setting that requires a staff PIN any time a customer tries to earn a second stamp within the cooldown window.

The first stamp always goes through without friction. But if the same customer scans again too soon, their phone shows a PIN prompt — they hand it to the barista, the barista taps in the PIN, and the second stamp is added. Normal customers ordering one coffee never see the PIN screen. The only people who do are those trying to scan twice.

How to enable it: Dashboard → Stamp Settings → turn on Require staff PIN for second stamp. Your existing staff PIN is used — no additional setup needed.

Other protections built in by default

📱

Verified phone number required to redeem

Customers can collect stamps as a guest, but to claim a reward they must verify their mobile number via SMS first. Research consistently shows that loyalty programmes requiring a verified phone number have significantly lower fraud rates — it's much harder to create throwaway accounts when each one needs a real SIM. Every redemption on Countloyal is tied to a verified phone number.

🔢

Per-purchase stamp cap

Set a maximum number of stamps that can be added in a single transaction. Even if a customer selects a high quantity on the confirm screen, the server caps it at your configured limit.

🎬

Live-clock redemption screen

When a customer claims a reward, their screen shows a ticking live clock alongside the confirmation. A screenshot taken earlier cannot fake this — your team can see it's a live screen, not a saved image.

📋

Audit trail in your dashboard

Every stamp and redemption is recorded server-side with a timestamp. This isn't a prevention layer — it's detection and audit. If you ever have a question about a specific customer (did they really visit four times this week? why do they have so many stamps?), you can pull up their full history and see exactly when each stamp was added.

🔒

Server-side enforcement

Stamp counts live on our servers, not on the customer's device. There is nothing in their phone to edit, intercept, or manipulate. Every stamp goes through our API and is validated before being applied.

Protecting your printed QR code

If you use a printed static QR, there is one physical risk worth knowing about: a bad actor could stick a fraudulent QR code over yours — redirecting customers to a fake site. This is a known risk with any printed QR code (the FTC has specifically warned consumers about it), and it affects payment, parking, and loyalty QR codes alike.

Countloyal's QR code always links to countloyal.com, so customers can verify the domain after scanning. But the better protection is a quick visual check by you or your staff:

  • Check the QR code when you open each day — look for stickers placed over the original.
  • Laminate or frame your counter card so it's harder to cover.
  • If you're concerned, switch to the rotating QR station — a tablet at the counter is harder to tamper with than a paper print.

Spotting unusual activity

The dashboard gives you the data to spot patterns that look wrong:

  • A customer completing their card unusually fast compared with your typical visit frequency.
  • Multiple redemptions in a short window from the same account.
  • Repeated failed PIN attempts on the stamp screen — a sign someone is trying to brute-force a second stamp.

If you see something odd, the customer history view lets you check their full stamp timeline before deciding whether to honour a redemption.

Which mode should I use?

Starting out: Static printed QR with the default 2-hour cooldown. Print it, stick it on the counter, and you're live. Most cafés start here.

Ready to use Countloyal on an ongoing basis: Consider the rotating QR station on a tablet at the counter.

Zero self-service: Staff stamping mode. No customer ever touches a screen to earn a stamp — with or without a staff PIN.

Questions about any of this? hello@countloyal.com

Ready to protect your loyalty programme?

Free for your first 50 members. No card required.

Start Free