01
Cash-handling fraud
An employee could take money without recording it, extend subscriptions "for free" to friends, or let people in without paying. Nothing was left behind.
QR pool access, fraud-proof and no money lost at the till
A restaurant inside a pool venue sells access subscriptions: around 100–200 a month, in a season of just 3–4 months. Before, everything was on paper and from memory, with no trace of who did what. We built a custom web app that ties every payment and every entry to an individual account, verifies live from the database, and leaves a log no one can erase.
Initial situation
Cash, paper, and no trace.
Subscriptions were sold in cash, on the spot, and kept from memory or on paper. With cash and physical access to the pool, the real risk wasn't the client, it was the absence of any trace: no one could say who took the money, who extended a subscription, or who let someone in.
02
Shared subscriptions
A client would enter, then hand their code to a friend who entered too. The owner can't ask for ID at a pool, so the control had to be technical.
03
Zero audit
No change, no entry, no payment left a trace. Any dispute came down to "your word against mine".
What we built
A web app, no hardware.
A single link, nothing to install, works on any phone or tablet. Staff scan the client's QR code, and the app verifies live, straight from the database, whether the subscription is valid and how many entries remain. Every sensitive action is tied to the account of the employee who performed it.
Problems & solutions
Seven real problems, seven solutions.
We didn't start from "let's make a QR", but from the concrete business problems of a place that sells access in cash, seasonally, with staff that changes.
01
Employee cash-handling fraud
The heart of the app. With cash and physical access, the #1 risk is the employee taking money without recording it or extending subscriptions for friends. The solution: every sensitive action is tied to their account and written to an append-only log, with the before and after value. Only the manager changes validity or prices.
02
Multiple entries on the same code
A client enters, then hands their code to a friend. The solution: one QR means one entry per day. A second scan warns; staff can force the entry, but the override is recorded and visible to the manager on four levels (reports, a dedicated page, the log, a daily email).
03
Codes guessed or forged
The solution: each code is a cryptographic random token (2192 combinations), impossible to enumerate. The status on scan is always read live from the database, never from the QR. An old screenshot or a modified code won't fool the system.
04
Clients lost after expiry
An expired subscription usually means a forgotten client. The solution: the client's data stays after expiry, separate from the subscription. A page with filters allows email offers and automatic renewal reminders (anti-spam, once per subscription).
05
The "child only with an adult" rule
Hard to apply consistently when staff are busy. The solution: on scanning a child's QR, the system shows a warning. The physical check stays with the employee, but it no longer gets forgotten.
06
Manual subscription delivery
The solution: on creation, the QR is sent automatically by email, plus a button that opens the employee's WhatsApp with a pre-filled message (no paid API). The member gets their code in seconds.
07
Seasonal software costs
A place that runs 3–4 months a year can't afford an expensive software subscription all year. The solution: an architecture on modern infrastructure, sized exactly for this volume, with no fixed costs weighing on the off-season.
Anti-fraud
Why a copied QR won't pass.
The difference isn't the QR code itself, since anyone can put a QR on a card. The difference is that every scan is verified live and leaves a trace no one can erase.
- QR tied to identity. Each member has their own code, not a generic copyable one.
- Live database verification. Status is read in real time; a screenshot passed to someone else won't work.
- One entry per day. A second scan the same day warns; the override is recorded.
- Append-only log. Every sensitive action, tied to the employee, with the before and after value. Impossible to edit.
✓ VALID
tok_2741…e92b4d8f
For the technically minded
The details that matter.
Beyond the business, the solution is built with care for the details that, ignored, turn into headaches later.
- GDPR built-in. Marketing consent is stored with who gave it and when, and permanent data deletion is an action reserved for the manager.
- Correct timezone handling (RO). "Today" always means the Romanian calendar day (at scan, statistics, anti-entry and reports), including the summer/winter transition. No discrepancies at midnight.
- Session security. Passwords hashed with bcrypt, login attempt limiting, expiring sessions, email links protected against host-header injection.
- Cryptographic token. Codes impossible to enumerate (2192 combinations); status always comes from the database, never from the QR.
- A single link, responsive. Works on any phone or tablet, no installation.
The result
What concretely changed.
No invented numbers, just what changed in day-to-day operations:
- Every leu has a name. Every payment and every change is tied to the employee who made it, in the log. Internal fraud becomes visible.
- Subscriptions can't be shared anymore. Live verification and the "one entry per day" rule cut the sharing that used to go unnoticed.
- Instant verification at the door. One scan, one clear answer. No more searching lists or paper.
- Clients no longer get lost. Data stays after expiry, with offers and automatic renewal reminders.
- A trace for any dispute. Who entered, who took payment, who changed what: verifiable, not based on memory.
What's next
This could be your case.
The same solution works anywhere you sell access or subscriptions: gyms, beauty salons, physio clinics, car washes, dance schools, events. It adapts to your subscription type: by days, by sessions, or unlimited access.