Analytics

Most purchase-to-enter promotions report two numbers that look the same but aren’t: entries received, and entries that actually count. The gap between them is where receipt validation lives. A receipt upload box looks like the simplest part of a campaign — snap a photo, tap submit, done. The hard part is everything that happens after the photo lands: deciding what a valid proof of purchase looks like, catching the ones that aren’t, and doing it fast enough that genuine entrants don’t give up waiting.

Of the roughly 170 live Australian promotions we track at Trevor Services, the large majority ask the shopper to prove a purchase before they can enter — prize draws and gift-with-purchase offers tied to a receipt, a unique code, or a loyalty card scan. That makes validation the quiet engine under most of the work. Get it right and nobody notices. Get it wrong and you either pay out on fraud or punish your best customers with rejected claims. Neither is a good look.

What is receipt validation in a promotion?

Receipt validation is the process of confirming that an entry is backed by a real, qualifying purchase before the entrant is allowed into the draw or paid a reward. In practice it answers three questions: did this purchase actually happen, does it meet the entry conditions, and has this proof already been used? The first is about authenticity, the second about eligibility, and the third about duplication. A campaign can be airtight on one and leaky on the others.

It matters because the entry barrier is also the fraud barrier. The same friction that makes a shopper pause — upload a photo, type a code — is the thing standing between your prize pool and someone running a script. The Shelf Truth talks about friction as a cost, every form field shaving entries off the top, and that’s true. But on a purchase-to-enter promotion, a little friction is also load-bearing. The trick is putting the effort where it stops fraud rather than where it annoys honest people.

Where do purchase-to-enter promotions actually leak?

The failure modes are fairly consistent. The most common is the duplicate: one valid receipt submitted again and again, sometimes across multiple accounts, sometimes with small edits to dodge an exact-match check. Then there’s the doctored receipt, where a total or a date or a product line has been altered to qualify a purchase that didn’t happen the way it’s claimed. Above both of those now sits a newer problem — wholly fabricated receipts, including ones generated by AI from a text prompt, which never modify a real document because there was never a real document to begin with.

The detail worth sitting with is that these aren’t mostly lone opportunists. As Snipp lays out in its guide to anti-fraud checks for receipt programs, a lot of receipt fraud is coordinated — one operator or a small ring submitting at abnormal rates, recycling images, cycling through addresses and devices. That changes how you defend against it. You’re not just inspecting one image at a time; you’re looking for patterns across the whole entrant pool. A receipt that looks fine in isolation can be obviously wrong once you notice it’s the fourteenth submission from the same device in an hour.

The checks that actually do the work

No single test catches everything, which is why validation works in layers. At the image level, systems fingerprint each receipt — hashing the picture and combining transaction details like store, total, date and a receipt or transaction ID into a unique signature — so the same purchase can’t be reused even if it’s lightly altered or re-photographed. Metadata helps too: a receipt photo missing the device and location data you’d expect, or carrying signs of editing, earns a second look. On top of that sits behavioural analysis, watching submission velocity and device or IP anomalies to flag accounts that simply don’t behave like real shoppers.

Then there’s eligibility, which is a different question from authenticity. A receipt can be completely genuine and still not qualify — wrong product, wrong store, outside the campaign dates, under the minimum spend. This is where product and SKU recognition matters, checking that what’s on the receipt is actually what the promotion required. It’s also where most of the honest-entrant friction comes from, because a real customer who bought the right thing can still get knocked back if the rules and the validation logic don’t match exactly.

Worth being honest about: automation does the heavy lifting, but it doesn’t do all of it. The genuinely ambiguous cases — a faded receipt, an unusual but legitimate purchase pattern — still need a human looking at them, and the campaigns that run cleanest are the ones that decide in advance which decisions a person makes and which the system makes on its own. On the platform side, this is the part Trevor Services spends real time on: OCR-based receipt checks, duplicate and velocity controls, and per-campaign entry rules, with manual review reserved for the edge cases rather than the bulk.

Why most of this is a design decision, not a detection problem

The biggest lever on promotion fraud isn’t the cleverness of your detection — it’s the rules you set before anyone enters. Entry caps per person, daily submission limits, a clear minimum spend, a defined product list, a sensible window for how old a receipt can be: these are configured at setup, and they quietly remove whole categories of abuse before detection ever has to fire. A promotion with no entry limit and a vague product requirement is doing detection on hard mode for no reason. This is the kind of pre-launch pressure-testing Trudy is built to help with, drawing on patterns from thousands of past campaigns to flag where a mechanic is likely to leak.

The rules also have to line up with your legal obligations, and in Australia those vary by state. The ACCC’s guidance on advertising and promotions is clear that terms and conditions have to be set out plainly and made known before people enter — which means your validation logic and your published T&Cs need to say the same thing. Permits add another layer: NSW now runs a time-based trade promotion authority rather than per-promotion permits, required once total prize value passes $10,000, while the ACT and South Australia still require permits for promotions above their own thresholds. The compliance and the fraud controls aren’t separate jobs — the permit conditions, the T&Cs and the validation rules all have to describe one consistent promotion.

If your validation is stricter than your terms, you reject valid entries and field the complaints. If it’s looser, you pay out on entries that should never have qualified. Lining the two up is unglamorous work, and it’s most of what keeps a campaign out of trouble.

A reasonable place to start

If you’re planning a purchase-to-enter promotion, the most useful thing you can do early is write down what a valid entry looks like in plain language — which products, which dates, how much, how many times a person can enter — and then check that every one of those conditions can actually be validated from what the entrant submits. If a rule can’t be checked, it isn’t a rule, it’s a hope. The campaigns that run cleanly are the ones where the terms, the permit conditions and the validation logic were all written to say the same thing before launch, not reconciled afterwards.

If you’re working through how to keep a receipt or code-based promotion clean without making it a chore for genuine entrants, we’re happy to talk it through.

You’ve locked in the mechanic, sorted the prizes, briefed the creative team — and then someone asks: “Do we need a permit for this?”

It’s a reasonable question, and the answer depends entirely on where your customers live. Australia doesn’t have a single national framework for trade promotion permits. Instead, you’re dealing with a patchwork of state and territory rules, each with different thresholds, timelines, and requirements. Three jurisdictions require permits. The rest don’t — but they still have conditions you need to meet.

Here’s what you actually need to know before your next campaign goes live.

Which States Require Permits?

Only three Australian jurisdictions require you to obtain a permit or licence before running a trade promotion lottery (a game of chance used to promote goods or services): New South Wales, the Australian Capital Territory, and South Australia. Every other state and territory — Victoria, Queensland, Western Australia, Tasmania, and the Northern Territory — lets you run trade promotions without a permit, provided you follow their prescribed conditions.

That three-out-of-eight split sounds simple, but the details are where campaigns get tripped up.

New South Wales: The Authority Model

NSW uses a system called an “Authority to Conduct a Trade Promotion Lottery.” You need one if the total prize value for a single game of chance promotion exceeds $10,000 and the promotion is open to NSW residents. Games of skill — where the outcome depends on the entrant’s knowledge or ability, not luck — are exempt.

The practical advantage of the NSW system is that authorities can be granted for 1, 3, or 5 years. If you’re a brand running multiple promotions throughout the year, a multi-year authority means you apply once and you’re covered for every promotion that falls within the period. You still need to submit the terms and conditions for each individual promotion to NSW Fair Trading at least 10 business days before launch, but you’re not reapplying for the authority itself each time.

What catches people: the 10-business-day notification window. That’s two full weeks of calendar time, and it starts when Fair Trading receives your complete terms and conditions — not when you email them. If your T&Cs need revision, the clock resets.

Australian Capital Territory: The Lowest Threshold

The ACT has the lowest permit threshold in the country. You need a permit from the ACT Gambling and Racing Commission for any game of chance where the total prize pool exceeds $3,000. For promotions under that amount, you can run without a permit — but you still need to meet the conditions for an “exempt lottery.”

Approval typically takes 3 to 5 business days, which is faster than the other permit states. But the ACT has its own requirements around winner notification: winners must be notified in writing within 21 days of the draw, and if a prize is valued at $1,000 or more, the winner must be published in a regulator-approved format — usually the promoter’s website or a newspaper. Unclaimed prizes require a redraw.

The $3,000 threshold means even modest promotions can trigger a permit requirement if they’re open to ACT residents. A prize pool that sits comfortably under the NSW $10,000 threshold might still need ACT approval.

South Australia: Watch the Scratch Cards

South Australia requires a Trade Promotion Lottery Licence if your total prize pool exceeds $5,000. But there’s a wrinkle that catches people out: if your promotion uses printed scratch-and-win or break-open ticket mechanics, you need a separate instant prize trade promotion licence regardless of the prize value. A $500 scratch card promotion still needs a licence in SA.

Standard applications take 10 business days to assess. Instant prize applications take at least 14 business days. There is a premium fee option for faster assessment on instant prize promotions (5 business days), but it costs more and needs to be factored into your budget.

SA also prohibits advertising a trade promotion until your licence number has been granted. That means you cannot run teaser campaigns, social media previews, or in-store signage until the licence is in hand. The licence number itself must appear on all advertising — a detail that has implications for creative timelines and print deadlines.

What About the Other States?

Victoria, Queensland, Western Australia, Tasmania, and the Northern Territory don’t require trade promotion permits. But “no permit” doesn’t mean “no rules.”

Each state has its own conditions that must be met. In Victoria, trade promotions are governed by the Gambling Regulation Act 2003, and the entry cost cannot exceed $1 (which, for most purchase-to-enter promotions where the product is sold at normal retail price, isn’t an issue). Queensland requires that entry be free or tied to goods sold at fair market value. Western Australia requires free entry and prohibits surgical or medical procedures as prizes.

The point is that operating without a permit still means operating within a regulatory framework. The conditions are generally less onerous than the permit process, but they’re not optional. A promotion that complies perfectly in NSW might breach conditions in WA if you haven’t checked.

Does This Apply to Every Type of Promotion?

No. Permit requirements apply specifically to games of chance — prize draws, sweepstakes, instant wins, and any promotion where luck determines the winner. Games of skill, where the outcome is based on the entrant’s ability or knowledge (such as a judged competition for best photo or recipe), generally don’t require permits in any state.

Cashback promotions, gift-with-purchase, and guaranteed reward mechanics don’t typically fall under trade promotion lottery legislation either, because there’s no element of chance. Everyone who meets the conditions gets the reward. That said, if you add a prize draw element on top of a cashback — “claim your cashback and go in the draw to win a trip” — the prize draw component triggers the permit requirements.

This is where what The Shelf Truth calls “The Kill Sheet” is useful: a 15-minute diagnostic that forces you to identify the mechanic, the states you’re operating in, and whether permits are triggered before you get too far down the creative path.

Planning Your Compliance Timeline

The most common mistake isn’t failing to get a permit — it’s leaving it too late. Permit timelines need to be built into your campaign planning from the start, not bolted on at the end.

A practical starting point: if your promotion is open nationally and involves a game of chance with a prize pool over $10,000, assume you need at least four weeks of lead time for compliance. That covers NSW notification (10 business days), ACT approval (3–5 business days), and SA licensing (10–14 business days), with a buffer for any revisions. If scratch cards are involved, add another week for the SA instant prize process.

Your terms and conditions need to be finalised before any of these applications can be submitted. T&Cs aren’t something you can draft while waiting for permit approval — they’re a prerequisite. For most brands, getting T&Cs right is the actual bottleneck, not the permit application itself.

Trevor Services handles compliance as part of every campaign build, precisely because these timelines interact with everything else — creative approvals, retail negotiations, media bookings. When compliance runs in parallel with the rest of the planning, it doesn’t slow anything down. When it’s left until the end, it delays launches.

If you’re planning a promotion and aren’t sure what’s required, we’re happy to walk through the specifics. It’s one of those things that’s much simpler to sort out early than to fix later.

Two-thirds of Australian consumers will abandon a brand that doesn’t personalise their experience. That’s not a preference survey — it’s an ultimatum. And right now, most Australian marketing teams are trying to respond to it with disconnected campaign tools, siloed loyalty databases, and a customer data platform they’ve been “evaluating” for eighteen months.

The evaluation period is over. Australia’s CDP market hit USD 210.3 million in 2024 and is projected to reach USD 2.39 billion by 2033 — a 27.5% compound annual growth rate, according to IMARC Group research. Those numbers don’t represent hype. They represent the widening gap between brands that can identify, understand, and act on customer behaviour in real time, and brands still reconciling campaign spreadsheets on a Monday morning.

What Is a Customer Data Platform, and Why Does It Matter?

A customer data platform ingests data from every customer touchpoint — website visits, app interactions, purchase history, email engagement, loyalty program activity, promotional campaign responses — and stitches it into a single, unified customer profile. It’s not a CRM, which tracks relationships your sales team manages. It’s not a data management platform, which deals in anonymous audience segments for ad targeting. A CDP knows who your customers are, what they’ve done, and — with the right predictive layer — what they’re likely to do next.

For Australian brands running promotions, loyalty programs, and multi-channel campaigns, this distinction matters enormously. A CRM tells you a customer exists. A CDP tells you that this specific customer entered your winter promotion through Instagram, redeemed a loyalty reward in-store two weeks later, and hasn’t opened an email since March. That’s the difference between having data and having intelligence.

The First-Party Data Reckoning Has Arrived

The cookieless future is no longer future tense. With third-party tracking mechanisms disappearing and browser-level privacy controls tightening, brands that haven’t built robust first-party data strategies are flying increasingly blind.

A 2025 IAB survey found that 89% of marketers now view first-party data as “critical or extremely important” to future-proofing customer relationships. Meanwhile, research from DoubleVerify and IAS published in 2025 shows contextual advertising — the default fallback when behavioural data dries up — performing within just 5–8% of behavioural targeting on click-through rates. That’s encouraging for privacy-conscious brands, but only if they have the unified data infrastructure to make contextual targeting smart rather than generic.

Australian brands face a specific regulatory challenge here. The Privacy Act reforms that took effect in late 2024, combined with the OAIC’s FY26 regulatory priorities explicitly targeting marketing practices, mean brands can’t simply hoover up data and hope for the best. Penalties for serious breaches can reach $50 million or 30% of adjusted turnover. You need platforms that manage consent, govern data lineage, and activate customer insights in real time without crossing compliance lines. A customer data platform built for this environment isn’t a luxury — it’s a licence to operate.

Why Most CDP Projects Stall Before They Deliver

Here’s what the vendor brochures won’t tell you: the biggest barrier to CDP success isn’t choosing the right platform. It’s that most brands bolt a CDP onto fundamentally fragmented data and then wonder why the unified view looks more like a broken mirror.

The problem starts upstream. If your promotional campaigns capture an email address but not a customer ID, if your loyalty program sits on a different tech stack from your e-commerce platform, if your in-store activations don’t feed data back to the same system as your digital campaigns — no CDP will save you. You’ll have a very expensive tool that unifies incomplete information into a very detailed picture of confusion.

The brands extracting genuine value from CDPs in Australia are those that redesigned their data inputs before selecting their platform. They asked a better question: not “which CDP should we buy?” but “are our campaigns and programs structured to generate the data a customer data platform actually needs?”

How Do Promotions and Loyalty Programs Become Your Data Engine?

This is the insight most brands miss entirely: promotional campaigns and loyalty programs aren’t just marketing tactics. They’re your best first-party data collection infrastructure.

Consider what a well-designed purchase-to-enter promotion captures: customer identity, product preference, purchase channel, timing, frequency, and engagement method. A loyalty program adds transaction history, reward preferences, tier progression, and lapsed-engagement signals. Combined, they create the richest consented first-party data set available to any brand — richer than website analytics, more reliable than social listening, and entirely permission-based.

The trick is designing these programs with data architecture in mind from day one. That means consistent customer identifiers across campaigns. It means promotional mechanics that incentivise the data points you actually need, not just entries. It means loyalty program structures that capture behavioural signals at every interaction, not just at the point of sale.

Platforms like Trudy, Trevor Services’ predictive promotional intelligence engine, are built around this principle — treating every campaign interaction as both a marketing moment and a data capture opportunity. When your promotions feed directly into a unified customer profile, you’re not just running campaigns. You’re building an asset that compounds over time.

What Does a Working CDP Strategy Actually Look Like?

For Australian brand and marketing managers considering a CDP investment — or trying to rescue one that’s underperforming — four things separate the successes from the shelf-ware.

Audit your data inputs before you evaluate vendors. Map every customer touchpoint and ask: does this generate identified, structured data that can be matched to a customer profile? If the answer is no for more than half your touchpoints, fix that first. The platform decision is secondary to the data quality decision.

Treat consent as a feature, not a compliance checkbox. PwC’s 2025 research found that 83% of consumers are more loyal to brands that offer transparency in their data practices. Building consent management into your CDP strategy doesn’t just protect you from the OAIC — it drives better engagement and higher-quality data from customers who actually want to hear from you.

Start with activation use cases, not dashboards. The most common CDP failure mode is building a beautiful unified view that nobody acts on because it doesn’t connect to campaign execution. Define three specific things you want to do with unified customer data — personalise email flows, suppress recent buyers from acquisition spend, trigger re-engagement for lapsing loyalty members — and work backwards from there.

Connect your promotional and loyalty infrastructure directly to the CDP from day one. Every campaign Trevor Services runs for its clients is designed to pipe data into the systems that make the next campaign smarter. That feedback loop — where promotions generate data, data sharpens targeting, and sharper targeting improves the next promotion — is the whole point.

The Window Is Closing Faster Than You Think

Australia’s customer data platform market is growing at 27.5% annually because the brands investing now understand something their competitors don’t: in a privacy-first, cookieless, increasingly regulated marketing environment, the ability to build and act on unified first-party customer data isn’t a competitive advantage. It’s table stakes.

If your promotional campaigns and loyalty programs aren’t built to feed a unified customer profile, you don’t have a marketing strategy — you have a collection of expensive experiments with no memory.

The brands that will dominate Australian retail, FMCG, hospitality, and entertainment over the next five years are the ones connecting every promotion, every loyalty interaction, and every customer touchpoint into a single, actionable view right now. Not next quarter. Not after the next board review. Now.

Want to see how Trevor Services builds promotional and loyalty campaigns that double as first-party data engines? Get in touch.