According to the app description in Android market: "Currently only working at specific locations: San Francisco, Portland, Austin, San Luis Obispo, Fullerton and San Diego."
This seems to compete with some of the benefits of using Google Wallet. Although, I suppose a Google Wallet based loyalty card requires a lot larger investment by the business.
Also since a QR code is just an image and not something more complicated like an NFC tag what's to stop someone from taking a picture of it with their phone and scanning it multiple times at home?
edit:* well looking at their FAQ they say this:
Patent-pending technology guarantees the integrity of your loyalty program. GPS triangulation, velocity analysis, and statistical variation keep things secure.
That still has to trust the smartphone to report the correct
GPS and velocity, additionally I think faking the statistical variation might not be too difficult.
I would guess that this might eventually tie into Google Wallet in some way. Perhaps it's essentially the loyalty card part of Wallet just re-packaged until more businesses deploy the new machines at registers?
Faking the variation shouldn't be hard at all, but how many people would be willing to take the time and risk being prosecuted for fraud in exchange for some free coffee?
Even if 10% of customers abuse the system, it's still a net win for the business. They'll have to cough up some free coffees or sandwiches, but the fraudster is still in the shop and likely to pay for incidentals that go with the promotion; e.g., a drink or chips to go with their sandwich, croissant with the coffee, etc.
Applied to yc with this idea couple years ago, cool to see it in production. Sharing a loyalty card with a group of friends (i.e. when anyone makes a purchase everyone gets a stamp) was one of the social features we were excited about, I'm interested to see what they come up with.
Punchd has been around awhile. I've still got the original app on my phone from before they were acquired by Google.
They went through the classic "Oh, we got bought by Google so we're closing doors for an ambiguous amount of time before maybe reappearing again later" phase that it seems most Google acquisitions go through.
In that time, the Five Stars guys have really gotten traction. I don't know if that paves the way for Punchd or not, but I thought it was a great idea before Google bought it, and apparently, so did Google.
there's so many of these google acquisitions doing the 'disappear' thing that when they do resurface we've almost all forgotten and all is new again. haha. Maybe that's the point.
It's called idiots.png. Is this illustrating that it's stupid to bicker about your mobile platform? Or is it calling Apple users idiots (it does look like the Apple character is yelling about something and Android guy just looks like he's thinking "wtf?").
Most Groupon clones are trying to quickly roll out reward systems through credit card processing.
Google's solution seems more eloquent, with more opportunities for social and advertising directly to a user with location services, mobile alerts, etc.
Basically you could fill a 2011 trendy startup bingo card with this product.
"Patent-pending technology guarantees the integrity of your loyalty program. GPS triangulation, velocity analysis, and statistical variation keep things secure."
Velocity analysis. Sounds complicated. Wonder how well it actually works.
Hard to know what to say here, but we (Yell Labs) have built what appears to be the exact same solution to this problem that punchd have.
As far as I can tell we started at around the same time but from London, UK. And we have our own patent applications (that I was unhappy about submitting because I don't agree that they were non-obvious, and that punchd did the same thing elsewhere at the same time is evidence of that).
Anyhow... how do we, with what appears to be exactly the same solution, handle security?
Signals, lots of them. What sensors does the phone have? Great, grab it all and start comparing for deviations and against thresholds. When you have enough data start machine learning against it.
With velocity, look at the X,Y,Z of the gravity sensor and see if the numbers since the last QR scan indicate that you're moving at beyond a certain G... clearly scanning a QR code shouldn't require speed.
Then you've got things like, if you scanned in London, could you scan in Birmingham 5 minutes later? What's the likely speed between places.
Did a scan happen at 2am? The rest of the data suggests that they're closed at that hour.
And more subtle ones: If all of the compass readings for a specific branch point within a 15 degree range... you can actually know that they have a single cashpoint and the customer is on the South side of it.
As for whether they work, they're very effective against obviously fake stuff, and then together with other signals create a reasonably high confidence of finding the extremely doubtful stuff. You really want to handle this delicately as the thing you don't want to do is make it really uncomfortable for the small business owner if he suspects someone of fraud... so you want to catch them and deduct the fake points before they enter the shop, but confidently enough that you don't hurt a genuine customer at all.
It's really easy to sit down and create a whole load of tests against a new scan just by looking at a wealth of data from old scans.
I hope they haven't patented that aspect, it's pretty damn obvious.
We are using a lot of signals too. GPS is the only one we talk about :)
You're right, it is a very delicate line between catching as many cheaters as possible while avoiding false-positives. We like to err on the side of false-negatives as much as possible.
The ultimate thing of course is: Prove the customer was in the shop and making a purchase.
And I'm sure you've also looked into whether the QR code could be generated per transaction (they could be, but does this place too high a cost-burden on the merchant and if a new device is used to display the generated codes is that going to meet local food hygiene standards for food outlets - and if existing devices are used such as printing on the receipts of their EPOS, is that accommodated by EPOS software).
We also looked into watermarking some signal from a sensor to prove that they were there, then we discovered Shopkick doing this with their noise emitter (a novel approach). We're unsure whether this is the best approach (requires another power point in the merchant, a mount point, installation, and if the emitted signal is dynamic then it requires a connection).
It's an interesting thing for sure... the best thing we've done to date is launch in a student bar with an alcohol deal, there is nothing that generates great data for security like letting compsci students hammer it with the reward of free beer. It's effectively our bug bounty... defeat our system and get a beer (or several) and strongly incentivises us to not have them defeat it.
Not really - standard security used by credit cards and calling cards forever. If you punched in a location A and then tried location B which are greater than (time difference * max speed per hour) miles difference then it will red flag it. Fails in the presence of supersonic flight ;)
Before the app tries scanning anything, it gets a location lock to verify you're at the business. Which is a little annoying because my phone has flaky/slow GPS (thanks HTC Thunderbolt) so I end up standing there at the counter waiting to get a punch when they could have just stamped a card.
Check out Social Passport (www.socialpassport.net) which just won Startup Showcase at the Web2.0 Expo in NYC a couple weeks ago. It has features such as digital loyalty cards like Punchd, but also enables a store owner to make coupons at whatever discount they'd like so it competes with Groupon in that sense because it is paperless + no minimum discount (like 50% off that Groupon/LivingSocial/etc typically require) + no commission (again, the big guys charged 50% historically). It also, most importantly, serves as a social CRM for brick and mortar stores because it leverages a visitor's social network to turn marketing to them to marketing to all of their friends through scanning their Social Passport.
Social Passport enables businesses to communicate their products/services to each visitor’s social network in real time. Their motto is “market to one, market to many” and Social Passport enables businesses to market to thousands of people instantly. It can be used via Dynamic QR, Reverse QR, and NFC.
For users, Social Passport combines all of your social networks, and also serves as a way to store digital loyalty cards and e-coupons. Users get rewarded by retailers via coupons, free gifts, and other promos.
Check out bit.ly/socialpassport for an <2min video that explains more about the service.
disclosure: my buddy is founder/CEO and i'm an advisor
A frozen yogurt shop I used to visit a lot started using Punchd back in June. The app is cute, but I'd rather just have a paper card.
After the transaction, the clerk has to pull out a QR code card to let you scan. The app on your phone won't try scanning until it can get a location to verify you're actually there. Maybe a quarter of the time my phone's flaky GPS has trouble getting a location, so the clerk ends up standing there with the card out while I hold my phone out. Then once it scans, it takes a moment or two for the app to talk to the backend and register the punch. Even if my phone had perfect GPS it'd still be a little too much effort.
The yogurt shop eventually wound up getting paper punch cards in addition to Punchd, and I started using those instead of the mobile app. It takes less time for them to just take the card and stamp it than it does to do the whole Punchd dance.
With Google's oomph behind this, I could see them start using NFC tags, which might speed up the process. But until then I've quit using this as a customer.
So the punch is based on scanning a QR code? Unless I'm misunderstanding, this is really broken. It sounds like someone could write a counterfeit app that scans the QR code, records the current location, and resubmits every minute, recording tons of punches that never actually happened.
They should do it the other way. Your phone should pop up a unque code for the cashier to scan. I guess that makes the barrier to entry higher, though. Maybe change the QR code daily at least (for businesses concerned about fraud, anyway).
That's correct. The business has a card with a QR code printed on it that you scan to get a "punch."
This is part of the value proposition for the merchants, I guess - they don't need a phone or device of their own at all, they just need to print a few things. The tradeoff is maybe the system is easier to game for the tiny percent that is technically inclined enough to try it.
My local coffee shop uses a paper card that is scribbled with signatures. It would probably be easy for me to fake it and get free coffee. The security requirements for this are pretty lenient. Of course, this doesn't mean that a more technical replacement such as Punchd shouldn't be secure, I just think it's interesting that security wasn't such a big deal before, but now it is, since there's a technical solution.
Fair enough. It's a low-security solution replacing a different low-security solution.
I guess the difference with the technical security problem is that it scales. If I write an an app that does provides counterfeit punches, I can distribute it easily and nearly for free. Few people would go through the hassle of counterfeiting the cards, but they might install an app.
I guess that if this gains traction and security proves to be a meaningful issue, plugging the hole should be easy enough.
Having to use QR codes seems like a real annoyance for marginal benefit for the customer. The advantage for the shop is that it is trivial to implement.
Android has started to implement near field communication, which would be much better than scanning a QR code.
I have worked on a competing product called OneGratis ( http://www.onegratis.com ). It works in a similar fashion to Punchd, except I think we might have been out a little bit earlier and the end-user is not required to create an account.
Regarding the comments on cheating, I think one of the best ways to combat that, is to build in functionality to disable phones online. As users are forced to be online when they redeem their loyalty card, this also means they are forced to synchronize their app with the server.
This approach tolerates a little bit of cheating, but also makes sure we can lock out a user, if the stats indicate the person is cheating.
I'm digging this focused, simple and elegant approach from Google. This product isn't overreaching, it doesn't try to do 1,000 things, it looks like it could've been a startup that just launched. It even has its own domain!
I really like the direction Google is heading under Page. Focus and simplicity with real solutions.
I think there is really something in this. It does look like a very streamlined product with nice touches...but they must have executed very effectively.
From what I've read there are a bunch of startups in this space, doing very similar things. Even here in Australia there are a few I can think of that are doing pretty well. As none have yet been bought by Google for $50m, I'd be curious to know more about the kind of traction Punchd had prior to the acquisition (how many users did they have, were the pulling in revenue) - it's always interesting to know more about how a startup with this kind of success executed!
Also, hats off to the Punchd guys...I remember the thread about the acquisition and there was a lot of praise for the founders themselves, as people and as founders.
Ahh...that makes sense...was wondering how comes Google was charging.
Was about to say...wow...I think that would be the first time I have ever seen Google charge explicitly for a SaaS service like this. Aside from Ad-powered things of course.
A Brand New POS-X XPC-500 w/180x180 DPI printer is ~$1500 - with XP - google should create a free OS to replace XP and run the whole POS inside and out. What are they waiting for?
If this 'app' never needs to synchronize with a server to 'process' my rewards, i'm gunna be getting everything for free from now on.
GPS triangulation? (yea - i was on the moon, wtf?)
Velocity analysis? (timestamp += TOO_FAST + 1)
Statistical Variation? (yea - i go here 20x/day, wtf?)
Huh .. I had an idea like this a few weeks ago when I saw a video about paying with your phone using NFC. However, I usually think my ideas to death, so I ended up dismissing it. Probably why I'm not an entrepreneur. My problem was perhaps that I considered it in the scale of small coffee shops, and found the hassle of them getting the infrastructure and the increased overhead of printing and scanning codes to be too big of a problem for adoption.
However, for larger chains, this seems like an excellent solution. Getting the infrastructure in place won't be such a big problem if you roll this out across, let's say McDonalds. You could have a McDonald's-specific app and tie it in with Facebook and Twitter and Gowalla whatnot. But for smaller shops, there might not be such a big advantage. They might not even need this. But I'll happily be proven wrong.
I find it interesting how on the pricing page one of the selling points is "No advanced technology
No technology at the Point of Sale. Set-up is simple, print once and your loyalty program is ready to go. Sign-up completely online in 10 minutes or less." While this a turn off for me, I'm a technology person, so I guess for some markets simple is better.
Other than that, I love the marketing here. It feels very simple, clean, and honest, like the product (hopefully, I haven't tried it).
52 comments
[ 6.6 ms ] story [ 104 ms ] threadAlso since a QR code is just an image and not something more complicated like an NFC tag what's to stop someone from taking a picture of it with their phone and scanning it multiple times at home?
edit:* well looking at their FAQ they say this: Patent-pending technology guarantees the integrity of your loyalty program. GPS triangulation, velocity analysis, and statistical variation keep things secure.
That still has to trust the smartphone to report the correct GPS and velocity, additionally I think faking the statistical variation might not be too difficult.
Even if 10% of customers abuse the system, it's still a net win for the business. They'll have to cough up some free coffees or sandwiches, but the fraudster is still in the shop and likely to pay for incidentals that go with the promotion; e.g., a drink or chips to go with their sandwich, croissant with the coffee, etc.
I see the Five Stars Card badge everywhere here in the Bay Area.
They went through the classic "Oh, we got bought by Google so we're closing doors for an ambiguous amount of time before maybe reappearing again later" phase that it seems most Google acquisitions go through.
In that time, the Five Stars guys have really gotten traction. I don't know if that paves the way for Punchd or not, but I thought it was a great idea before Google bought it, and apparently, so did Google.
http://getpunchd.com/img/june/idiots.png (http://i.imgur.com/sy7QX.png)
It's called idiots.png. Is this illustrating that it's stupid to bicker about your mobile platform? Or is it calling Apple users idiots (it does look like the Apple character is yelling about something and Android guy just looks like he's thinking "wtf?").
Oh the possible Internet drama.
It is directly competing with where daily deal sites are trying to evolve to, like Groupon's Rewards.
http://www.groupon.com/merchants/rewards
Most Groupon clones are trying to quickly roll out reward systems through credit card processing.
Google's solution seems more eloquent, with more opportunities for social and advertising directly to a user with location services, mobile alerts, etc.
Basically you could fill a 2011 trendy startup bingo card with this product.
"Patent-pending technology guarantees the integrity of your loyalty program. GPS triangulation, velocity analysis, and statistical variation keep things secure."
Velocity analysis. Sounds complicated. Wonder how well it actually works.
As far as I can tell we started at around the same time but from London, UK. And we have our own patent applications (that I was unhappy about submitting because I don't agree that they were non-obvious, and that punchd did the same thing elsewhere at the same time is evidence of that).
Anyhow... how do we, with what appears to be exactly the same solution, handle security?
Signals, lots of them. What sensors does the phone have? Great, grab it all and start comparing for deviations and against thresholds. When you have enough data start machine learning against it.
With velocity, look at the X,Y,Z of the gravity sensor and see if the numbers since the last QR scan indicate that you're moving at beyond a certain G... clearly scanning a QR code shouldn't require speed.
Then you've got things like, if you scanned in London, could you scan in Birmingham 5 minutes later? What's the likely speed between places.
Did a scan happen at 2am? The rest of the data suggests that they're closed at that hour.
And more subtle ones: If all of the compass readings for a specific branch point within a 15 degree range... you can actually know that they have a single cashpoint and the customer is on the South side of it.
As for whether they work, they're very effective against obviously fake stuff, and then together with other signals create a reasonably high confidence of finding the extremely doubtful stuff. You really want to handle this delicately as the thing you don't want to do is make it really uncomfortable for the small business owner if he suspects someone of fraud... so you want to catch them and deduct the fake points before they enter the shop, but confidently enough that you don't hurt a genuine customer at all.
It's really easy to sit down and create a whole load of tests against a new scan just by looking at a wealth of data from old scans.
I hope they haven't patented that aspect, it's pretty damn obvious.
You're right, it is a very delicate line between catching as many cheaters as possible while avoiding false-positives. We like to err on the side of false-negatives as much as possible.
And I'm sure you've also looked into whether the QR code could be generated per transaction (they could be, but does this place too high a cost-burden on the merchant and if a new device is used to display the generated codes is that going to meet local food hygiene standards for food outlets - and if existing devices are used such as printing on the receipts of their EPOS, is that accommodated by EPOS software).
We also looked into watermarking some signal from a sensor to prove that they were there, then we discovered Shopkick doing this with their noise emitter (a novel approach). We're unsure whether this is the best approach (requires another power point in the merchant, a mount point, installation, and if the emitted signal is dynamic then it requires a connection).
It's an interesting thing for sure... the best thing we've done to date is launch in a student bar with an alcohol deal, there is nothing that generates great data for security like letting compsci students hammer it with the reward of free beer. It's effectively our bug bounty... defeat our system and get a beer (or several) and strongly incentivises us to not have them defeat it.
Keys work very well here ;)
Its cool but with holes.
Social Passport enables businesses to communicate their products/services to each visitor’s social network in real time. Their motto is “market to one, market to many” and Social Passport enables businesses to market to thousands of people instantly. It can be used via Dynamic QR, Reverse QR, and NFC.
For users, Social Passport combines all of your social networks, and also serves as a way to store digital loyalty cards and e-coupons. Users get rewarded by retailers via coupons, free gifts, and other promos.
Check out bit.ly/socialpassport for an <2min video that explains more about the service.
disclosure: my buddy is founder/CEO and i'm an advisor
After the transaction, the clerk has to pull out a QR code card to let you scan. The app on your phone won't try scanning until it can get a location to verify you're actually there. Maybe a quarter of the time my phone's flaky GPS has trouble getting a location, so the clerk ends up standing there with the card out while I hold my phone out. Then once it scans, it takes a moment or two for the app to talk to the backend and register the punch. Even if my phone had perfect GPS it'd still be a little too much effort.
The yogurt shop eventually wound up getting paper punch cards in addition to Punchd, and I started using those instead of the mobile app. It takes less time for them to just take the card and stamp it than it does to do the whole Punchd dance.
With Google's oomph behind this, I could see them start using NFC tags, which might speed up the process. But until then I've quit using this as a customer.
They should do it the other way. Your phone should pop up a unque code for the cashier to scan. I guess that makes the barrier to entry higher, though. Maybe change the QR code daily at least (for businesses concerned about fraud, anyway).
That's correct. The business has a card with a QR code printed on it that you scan to get a "punch."
This is part of the value proposition for the merchants, I guess - they don't need a phone or device of their own at all, they just need to print a few things. The tradeoff is maybe the system is easier to game for the tiny percent that is technically inclined enough to try it.
http://getperka.com/foryourbusiness/merchantfaq.html
I guess the difference with the technical security problem is that it scales. If I write an an app that does provides counterfeit punches, I can distribute it easily and nearly for free. Few people would go through the hassle of counterfeiting the cards, but they might install an app.
I guess that if this gains traction and security proves to be a meaningful issue, plugging the hole should be easy enough.
Android has started to implement near field communication, which would be much better than scanning a QR code.
Regarding the comments on cheating, I think one of the best ways to combat that, is to build in functionality to disable phones online. As users are forced to be online when they redeem their loyalty card, this also means they are forced to synchronize their app with the server.
This approach tolerates a little bit of cheating, but also makes sure we can lock out a user, if the stats indicate the person is cheating.
I really like the direction Google is heading under Page. Focus and simplicity with real solutions.
That is called how damn fast it is to get noticed and bought if you execute brilliantly in a big market.
And it only looks better now than it did.
It's a beautiful, elegant way of digitizing a marketing tactic that everybody already knows and understands.
The little paper signs "Buy _____ and get _____" are the perfect visualization of how well thought out this product is - nice job.
From what I've read there are a bunch of startups in this space, doing very similar things. Even here in Australia there are a few I can think of that are doing pretty well. As none have yet been bought by Google for $50m, I'd be curious to know more about the kind of traction Punchd had prior to the acquisition (how many users did they have, were the pulling in revenue) - it's always interesting to know more about how a startup with this kind of success executed!
Also, hats off to the Punchd guys...I remember the thread about the acquisition and there was a lot of praise for the founders themselves, as people and as founders.
Was about to say...wow...I think that would be the first time I have ever seen Google charge explicitly for a SaaS service like this. Aside from Ad-powered things of course.
If this 'app' never needs to synchronize with a server to 'process' my rewards, i'm gunna be getting everything for free from now on.
GPS triangulation? (yea - i was on the moon, wtf?)
Velocity analysis? (timestamp += TOO_FAST + 1)
Statistical Variation? (yea - i go here 20x/day, wtf?)
// good luck with that google
while(1)
the hack will be opensourced in a week.SLO and Cal Poly represent!
I was annoyed by the quality of the copy here though... no one ran it through any sort of spell check? http://getpunchd.com/img/june/tour/moneymoney.jpg
However, for larger chains, this seems like an excellent solution. Getting the infrastructure in place won't be such a big problem if you roll this out across, let's say McDonalds. You could have a McDonald's-specific app and tie it in with Facebook and Twitter and Gowalla whatnot. But for smaller shops, there might not be such a big advantage. They might not even need this. But I'll happily be proven wrong.
Google - people outside the US exist and we want to use your stuff!
Other than that, I love the marketing here. It feels very simple, clean, and honest, like the product (hopefully, I haven't tried it).