Loyalty ID

Full Title or Meme

Many sales organizations have created plans to reward loyal customer with savings or other benefits accessible through continued used of their products.

Historical

Context

This paper is focused on two trends:

1. The move from card based driver's licenses to smartphone based Mobile Driver's Licenses.
2. Many sovereign states have been moving in the direction of a single user authentication process for all departments and agencies of the state.

Problems

• Even the landline phone was used for tracking as soon as it became ubiquitous. FBI wiretaps have been know to capture many types of criminal behavior.
• Smartphones are both incredibly complex and designed specifically to understand where they are as well as how they are being used.

Related IDs

• Self-issued Identifiers were first proposed commercially in the Microsoft Info Card.
• State Mandated Identification tries to tie all of the various identities that they maintain into a single collection of credentials under a single ID.

Use Cases

Washington State

This is a list of web sites that can be accessed from outside the state network and require ID credentials. There my be other sites that allow online access without credentials that later ask for them. In particular the DMV is in that category. Two duplicates were left out irrespective of their reality to avoid questions. More discussion on the use of the Driver's Licenses as the primary sort of the Identifier for residents of the state in the wiki page on MDL Considered Harmful which explains why the DL is not the best starting point.

Loyalty Cards

• Use Badge’s loyalty program API to build and launch digital loyalty cards with real-time updates, custom branding, and seamless mobile wallet integration.

• • Smartphone loyalty cards are implemented in several ways: through mobile wallets (Apple Wallet, Google Wallet), dedicated brand apps, SMS/web-based systems, and integrated features like QR codes or NFC. Each method balances convenience, personalization, and data tracking.**

• Main Implementation Methods

1. 1. 1. 1. **Mobile Wallet Integration**

- **Apple Wallet / Google Wallet**: Loyalty cards are stored alongside payment cards and boarding passes. - **Features**:

 - Tap-to-redeem at checkout.  
 - Real-time updates (points, tiers, offers).  
 - Location-based notifications (card appears on lock screen near a store).  

- **Benefit**: Seamless, always accessible, no need to download a separate app.

1. 1. 1. 2. **Dedicated Brand Apps**

- **Examples**: Starbucks Rewards, Sephora Beauty Insider, airline frequent flyer apps. - **Features**:

 - Points accumulation and redemption.  
 - Rewards catalogs and personalized offers.  
 - Coupons, vouchers, and gamified experiences (e.g., “buy 9, get the 10th free”).  

- **Benefit**: Richer engagement, direct communication channel with customers.

1. 1. 1. 3. **SMS / Web-Based Loyalty Programs**

- **Mechanics**: Customers enroll via text message or mobile website. - **Features**:

 - Digital punch cards tracked online.  
 - Offers delivered via SMS or email.  

- **Benefit**: Low barrier to entry, no app download required.

1. 1. 1. 4. **QR Code & Barcode Systems**

- **Mechanics**: Loyalty card is represented as a scannable QR code or barcode. - **Features**:

 - Scanned at POS terminals.  
 - Can be embedded in wallet passes or brand apps.  

- **Benefit**: Simple, universal, works across devices and retailers.

1. 1. 1. 5. **NFC (Near Field Communication)**

- **Mechanics**: Tap phone at checkout to redeem loyalty points. - **Features**:

 - Works like contactless payments.  
 - Integrated with mobile wallets or proprietary apps.  

- **Benefit**: Fast, frictionless, secure.

Comparison of Methods

| Method                 | Convenience | Personalization | Data Tracking | Adoption |
|------------------------|-------------|-----------------|---------------|----------|
| Mobile Wallet          | High        | Moderate        | Moderate      | Very high (billions of users) |
| Brand Apps             | Moderate    | High            | High          | Popular with major retailers |
| SMS/Web                | Moderate    | Low             | Low           | Accessible, but less engaging |
| QR/Barcode             | High        | Low             | Moderate      | Universal, simple |
| NFC                    | High        | Moderate        | High          | Growing with contactless tech |

Sources: 
 Risks & Trade-offs
*Privacy Concerns**: Loyalty apps track purchases and preferences, raising data protection issues.  
*Fragmentation**: Customers may juggle multiple apps/cards, leading to fatigue.  
*Adoption Barriers**: Some users resist downloading apps; wallet integration solves this but requires retailer support.  

* Takeaway
Smartphone loyalty cards range from **lightweight wallet passes** to **full-featured brand ecosystems**. The choice depends on whether the enterprise prioritizes **reach and convenience (wallet, QR)** or **deep engagement and personalization (apps, NFC)**.  

exploring identity and governance frameworks, loyalty cards are a fascinating case: they’re essentially **persistent, optional identity tokens**—a kind of “cookie for the physical world.” Would you like me to sketch how loyalty cards could be governed as **privacy-preserving identity artifacts**, similar to Cedar-style DSL schemas?

==Example==
a store can validate a loyalty card stored in Apple Wallet or Google Wallet using cryptographic means, but it depends on how the card was issued and whether the system is designed to support secure validation.

===How Cryptographic Validation Works===
For More Details see wiki [[Mobile Payment]]

Apple Wallet
* Apple Wallet uses PassKit, where each pass (like a loyalty card) is a .pkpass file.
* These passes are digitally signed using a certificate issued by Apple.
* The signature ensures:
** The pass was issued by a trusted source.
** The pass hasn’t been tampered with.
* Stores can validate the pass by checking the signature and verifying the passTypeIdentifier and serialNumber against their backend systems.

Google Wallet
* Google Wallet uses JWT (JSON Web Tokens) or REST API-issued passes.
* Each loyalty card can include a signed JWT, which:
** Confirms authenticity.
** Can be verified using public keys.
Merchants can validate the JWT and check the issuer ID, class ID, and object ID to confirm the card is legitimate.

What This Means for Stores
* If your store issues loyalty cards using Apple’s or Google’s developer tools, you can build a backend system that:
** Verifies the cryptographic signature.
** Checks the card’s metadata (e.g., expiration, user ID, points).
** Ensures the card hasn’t been revoked or duplicated.
* This is far more secure than relying on barcodes or QR codes alone, which can be copied or spoofed.

VSC Code for server

starter blueprint for your Visual Studio Code (VSC) app that creates and installs loyalty cards for Apple Wallet and Google Wallet, with support for one-time use tokens.

@ Open VSC

1. Create/Open source/reop/loyal
2. View -> Terminal
3. npm init -y
4. npm install express dotenv axios jsonwebtoken

Project Structure

loyalty-card-app/
├── src/
│   ├── apple/
│   │   └── generatePkPass.ts
│   ├── google/
│   │   └── createGooglePass.ts
│   ├── tokens/
│   │   └── generateToken.ts
│   ├── routes/
│   │   └── loyaltyRoutes.ts
│   └── server.ts
├── certs/                # Apple Wallet certificates
├── public/               # Static assets (logos, icons)
├── .env
├── package.json
└── README.md

References

Other Material

• See the wiki page State Issued Identifier for some description of the Identifiers that are commonly issued.
• See the wiki page on Government