Most purchase-to-enter promotions report two numbers that look the same but aren’t: entries received, and entries that actually count. The gap between them is where receipt validation lives. A receipt upload box looks like the simplest part of a campaign — snap a photo, tap submit, done. The hard part is everything that happens after the photo lands: deciding what a valid proof of purchase looks like, catching the ones that aren’t, and doing it fast enough that genuine entrants don’t give up waiting.
Of the roughly 170 live Australian promotions we track at Trevor Services, the large majority ask the shopper to prove a purchase before they can enter — prize draws and gift-with-purchase offers tied to a receipt, a unique code, or a loyalty card scan. That makes validation the quiet engine under most of the work. Get it right and nobody notices. Get it wrong and you either pay out on fraud or punish your best customers with rejected claims. Neither is a good look.
What is receipt validation in a promotion?
Receipt validation is the process of confirming that an entry is backed by a real, qualifying purchase before the entrant is allowed into the draw or paid a reward. In practice it answers three questions: did this purchase actually happen, does it meet the entry conditions, and has this proof already been used? The first is about authenticity, the second about eligibility, and the third about duplication. A campaign can be airtight on one and leaky on the others.
It matters because the entry barrier is also the fraud barrier. The same friction that makes a shopper pause — upload a photo, type a code — is the thing standing between your prize pool and someone running a script. The Shelf Truth talks about friction as a cost, every form field shaving entries off the top, and that’s true. But on a purchase-to-enter promotion, a little friction is also load-bearing. The trick is putting the effort where it stops fraud rather than where it annoys honest people.
Where do purchase-to-enter promotions actually leak?
The failure modes are fairly consistent. The most common is the duplicate: one valid receipt submitted again and again, sometimes across multiple accounts, sometimes with small edits to dodge an exact-match check. Then there’s the doctored receipt, where a total or a date or a product line has been altered to qualify a purchase that didn’t happen the way it’s claimed. Above both of those now sits a newer problem — wholly fabricated receipts, including ones generated by AI from a text prompt, which never modify a real document because there was never a real document to begin with.
The detail worth sitting with is that these aren’t mostly lone opportunists. As Snipp lays out in its guide to anti-fraud checks for receipt programs, a lot of receipt fraud is coordinated — one operator or a small ring submitting at abnormal rates, recycling images, cycling through addresses and devices. That changes how you defend against it. You’re not just inspecting one image at a time; you’re looking for patterns across the whole entrant pool. A receipt that looks fine in isolation can be obviously wrong once you notice it’s the fourteenth submission from the same device in an hour.
The checks that actually do the work
No single test catches everything, which is why validation works in layers. At the image level, systems fingerprint each receipt — hashing the picture and combining transaction details like store, total, date and a receipt or transaction ID into a unique signature — so the same purchase can’t be reused even if it’s lightly altered or re-photographed. Metadata helps too: a receipt photo missing the device and location data you’d expect, or carrying signs of editing, earns a second look. On top of that sits behavioural analysis, watching submission velocity and device or IP anomalies to flag accounts that simply don’t behave like real shoppers.
Then there’s eligibility, which is a different question from authenticity. A receipt can be completely genuine and still not qualify — wrong product, wrong store, outside the campaign dates, under the minimum spend. This is where product and SKU recognition matters, checking that what’s on the receipt is actually what the promotion required. It’s also where most of the honest-entrant friction comes from, because a real customer who bought the right thing can still get knocked back if the rules and the validation logic don’t match exactly.
Worth being honest about: automation does the heavy lifting, but it doesn’t do all of it. The genuinely ambiguous cases — a faded receipt, an unusual but legitimate purchase pattern — still need a human looking at them, and the campaigns that run cleanest are the ones that decide in advance which decisions a person makes and which the system makes on its own. On the platform side, this is the part Trevor Services spends real time on: OCR-based receipt checks, duplicate and velocity controls, and per-campaign entry rules, with manual review reserved for the edge cases rather than the bulk.
Why most of this is a design decision, not a detection problem
The biggest lever on promotion fraud isn’t the cleverness of your detection — it’s the rules you set before anyone enters. Entry caps per person, daily submission limits, a clear minimum spend, a defined product list, a sensible window for how old a receipt can be: these are configured at setup, and they quietly remove whole categories of abuse before detection ever has to fire. A promotion with no entry limit and a vague product requirement is doing detection on hard mode for no reason. This is the kind of pre-launch pressure-testing Trudy is built to help with, drawing on patterns from thousands of past campaigns to flag where a mechanic is likely to leak.
The rules also have to line up with your legal obligations, and in Australia those vary by state. The ACCC’s guidance on advertising and promotions is clear that terms and conditions have to be set out plainly and made known before people enter — which means your validation logic and your published T&Cs need to say the same thing. Permits add another layer: NSW now runs a time-based trade promotion authority rather than per-promotion permits, required once total prize value passes $10,000, while the ACT and South Australia still require permits for promotions above their own thresholds. The compliance and the fraud controls aren’t separate jobs — the permit conditions, the T&Cs and the validation rules all have to describe one consistent promotion.
If your validation is stricter than your terms, you reject valid entries and field the complaints. If it’s looser, you pay out on entries that should never have qualified. Lining the two up is unglamorous work, and it’s most of what keeps a campaign out of trouble.
A reasonable place to start
If you’re planning a purchase-to-enter promotion, the most useful thing you can do early is write down what a valid entry looks like in plain language — which products, which dates, how much, how many times a person can enter — and then check that every one of those conditions can actually be validated from what the entrant submits. If a rule can’t be checked, it isn’t a rule, it’s a hope. The campaigns that run cleanly are the ones where the terms, the permit conditions and the validation logic were all written to say the same thing before launch, not reconciled afterwards.
If you’re working through how to keep a receipt or code-based promotion clean without making it a chore for genuine entrants, we’re happy to talk it through.
