At least in its current deployment, a Passbook Pass is basically just an image. As such, it’s relatively easy for consumers, students, members, employees, etc. to create & forward fake Passes.
It’s incumbent on service providers to validate their Passes or risk potential fraudulent use. The good news is they should do this anyway, not only for security but perhaps even more importantly, to track redemptions and improve communications with Pass holders for future engagement.
How can service providers validate Passes? Is there a future-proof way to do this?
Service providers have two options: 1) buy imaging scanners if they don’t already have them; or, 2) use smartphones or tablets. With both options, the devices need to not only read the barcode but also have an application (or ‘app’) layer and servers to validate the scanned barcodes against a database of valid asset IDs (i.e. tickets, coupons, IDs, etc.).
The first option is a good solution, though expensive as it requires hardware, software and integration. The second option is also a good solution, far less expensive and already fully enabled with codeREADr.
As the devices and operating systems continue to improve, the choice is getting clearer and clearer in favor of the low cost and versatility of smartphones and tablets.
An important point to consider is that most asset IDs are currently not distributed to consumers as Passes. Instead, asset IDs are distributed embedded in barcodes printed on paper or plastic, or within mobile wallets and other apps, either as barcodes or NFC targets.
In fact, using Passes exclusively may be quite limiting. What’s unknown right now is whether or not Facebook Offers, Google Offers, Groupon, ticketing companies, the airlines, rail and other transporters will endorse Passbook or their own proprietary asset ID methods.
So, to help future-proof validation, there are at least two important considerations for service providers, namely: a) they must be able to scan all distributed barcode symbologies; and, b) they must sync their scans to a single validation database, regardless of the asset ID distribution method.
A smartphone or tablet app with a professional, high-end scan engine, like codeREADr’s, can quickly read all types of popular barcodes using just the iOS or Android device’s camera,. [Soon to include scanning all of Passbook enabled codes, i.e. QR, PDF-417 and Aztec.] Alternatively, a low-cost, commercial Bluetooth 2D scanning accessory can be paired to the smartphone or tablet.
Syncing to a single validation database is easy to implement and a standard codeREADr feature. The app can post scans to a service provider’s online asset database hosted by codeREADr cloud or, if the internet is unstable, to an on-device (local) asset database and synced later. If the asset database contains particularly sensitive information (e.g. patient or student data), then the app would need to post scan data directly to the service provider’s own servers (codeREADr’s new DSU service option).
It’s free to try codeREADr.com and the codeREADr apps (50 scans per month). Simply upload a sample asset database, create a service, assign an app user, scan the barcodes and export a scan database. There’s an extensive Knowledge Base, detailed APIs and, of course, you can email email@example.com for assistance.