Originally posted by: Chebago
I reordered with the paperclips, it wasn't so much that they refused to honor it, it was more the morality lesson the manager decided to give me. Actually, it was pretty funny. This was the first time I have ever bought anything from OD, I know better now.
Didn't you know, internet shoppers are all just thieves and scam artists... yadda, yadda, yadda.
Seriously, it's about time that some of these big-time "office superstores" (and other companies), that want to distribute savings coupons to users via the internet (because it's cheaper for them, than mailing them physically), to start doing things RIGHT. Instead of risking customers coming in with legitimate coupons, and getting berated by store associates/managers, due to the existance of a small amount (?) of coupon fraud.
They should generate coupons, with embedded cryptographically-hashed data, that can be used to uniquely, but non-reversably- identify the coupon holder as the original, authenticated, addressee. Either that, or they should accept that people are going to transfer, and unfortunately share, coupons that they don't want/need, and stores should be willing to accept the increased discounts, in the interest of customer service, and gaining new customers.
What I suggest, is that when a potential customer gets a coupon e-mailed to them, that it not include the coupon in the e-mail, but instead include a link to an SSL/HTTPS-protected web site. The URL would include the unique user-id (e-mail address, or store-specific customer ID number) embedded into it. That web site would then ask the user for a 4-digit PIN number, used to both retrieve and also redeem the coupon. The site would generate a coupon, including code # and barcode, with a one-way hash of the user-id information, along with an encoded representation of the PIN #. This data would then be cryptographically signed by a store-specific private key, before generating the barcode data.
When attempting to redeem the coupon, the store would take the coupon, scan it, and then ask the customer for that same PIN #, and possibly user-id info to verify. The store computer would verify the store-specific public key signature, and compute the one-way hash of the user-id info, and check the PIN #. Then the store could simply tell the customer that the coupon was "invalid" or if it was valid, ring up the discount.
Seems pretty simple and straightforward to me.
There's a trade-off here in terms of customer privacy and authenticating that the coupon was not transferred. I opted for privacy, in terms of user-id info not being stored (although that is probably not true, if the coupon was mailed to the customer, the customer is probably already in the DB somewhere).
In terms of multiple-redemption fraud, the store could log the purchase transaction info, as well as the one-way hash of the user-id and PIN #, but by using a one-way reducing hash on the user-id to increase privacy (so that a stolen/lost coupon printout couldn't be reverse-engineered to obtain personal info), it also increases the possibility of a database collision if that hash value turns out the same for two different inputs.
This could again result in bad customer service, if two legit coupons's user-id hashes happened to hash to the same value, and one of the customers was denied redemption of that coupon.
The other alternative, is to store the entire encoded data string stored in the coupon, after being cryptographically signed with the store's public key, as that string should be somewhat provably unique, I think. In fact this might be outright necessary, I'm not sure if you can "remove" the signature to get the user-id hash back before signing. If it's anything like PGP signing though, I think the signature is a different chunk of data appended. So really, I suppose both should be checked - the used-id hash/PIN # data set, to prevent illict transfer of the coupon, and the store's crypto-signed hash value of that data, to verify non-duplication and authenticated authorized creation.
The final question becomes, how to limit access to the coupon-generating site itself, to prevent the user from simply visiting the web site multiple times to generate more legitimate coupons. Assuming that the e-mail address of the customer is already in a database somewhere, then when the user visits that site, and generates a coupon, the database could store the coupon-creation info, either simply that it was created, or even store a complete copy of the coupon info. Depending on how well the store's networks were integrated, that might even be the best solution, as only one coupon could be created per-customer (assuming that the database was coded to only hold one coupon-info "slot" in the DB), and then the coupon could be cross-checked at redemption time at the store with the customer-info DB.
Really, that would be more akin to one-time-pad security, and would probably be the best solution, but would require the existance of a network infrastructure and database to support it.
So is the real problem, that the stores are not willing to prevent coupon fraud, or that they are unwilling to spend the amount necessary to upgrade their infrastructure to be able to prevent it?
Better yet, why haven't office superstores switched to a "shopper loyalty card" model like grocery stores? The customer could be required to apply for the card in-store, and present valid picture-id (to guarantee uniqueness), and then could simply be informed of occasional loyalty-card-holder promotions (with an associated shorter coupon #), and then they could simply use their card (with unique customer #), along with the promotion #, either online or in-store, and that promotion (again, assuming suitable network infrastructure), could simply be only allowed once.
Granted, personally, I hate those "shopper cards", and all of the privacy-invasion potential that they imply. Coupons printed out anonymously over the internet are perhaps better from a customer-privacy point-of-view, but as this thread indicates, the stores are having serious difficulties authenticating those coupon promotions, and trying to effectively combat coupon fraud by customers. I believe that my first suggestion, maintains customer privacy and low/no-cost distribution of coupon promotions over the internet, while still effectively combating coupon fraud due to illicit transfer/duplication/forgery.