Introduction
Mobile check-in with QR code allows club member to enter the club without a plastic card. All the member has to do is to open the PGGO mobile app and generate the QR code by tapping on the Mobile Check-in button and selecting the club. They scan it at the entrance to the club. In this case, the club needs to have the turnstiles with a QR reader installed, or have the QR reader at the Reception Desk.
- This article explains how QR codes work and provides the answers to the questions on how the mobile check-in process with use of QR codes works in practice. It also informs on an error message when the QR code cannot be generated and an emergency code gets generated.
- This article will be helpful to PG Champion, Administrator, Club Manager and Club Owner.
This article refers only to Mobile Check-in. Digital Membership Card in Mobile App contains also a QR Code. However, this QR code doesn't allow member access to the club.
Feature description
What the QR code is?
For a club member logged into the mobile app, the QR code is a representation of a plastic card. It allows that member to enter the club. QR code is a one-time use code only.
How to configure QR codes eg. enable access for guests, members with specific contracts etc.?
QR codes are handled by Access Control logic. Mobile application just displays the QR code. Read more articles related to Access Control.
Which information does the QR code contain?
QR code conveys the encrypted data including the unique client number, access rules applying to that client and all other information included within that particular member's Payment Plan, that is downloaded from the PGM system.
Is it possible to be logged into the app on multiple devices at the same time and generate the QR code?
QR code is available for use only after a member logs into the app. The application allows logging in from two devices (i.e. mobile phones) at once. However, for the security reasons, it is possible to set up the QR code validity limit from the code generation on the app to its usage on the QR code reader. We recommend setting its up for 5-10 seconds at most.
How to secure the club access against sharing one-time QR codes?
You can protect against unauthorized entrance by use of the following measures:
- Access Logic configuration - set up your Access logic mechanism to block the access for the members on debt, with expired contract, etc. This way the member with QR code generated, will be double-checked when scanning the code at the turnstiles or the Reception desk.
- Configuration of QR code validity period - you can define for how long a QR-code should be valid for the member, i.e. 5-10 seconds. This way you can prevent a member from sharing the code to another person.
- Mobile App abuse detection - a mechanism that adds a blocking note to the member once a suspicious behaviour is detected: device IDs change. More about that here.
What will happen in case an error in QR code generation occurs?
If there is an error between the app and server communication, the member will still be able to generate the so-called Emergency QR code that is pre-generated for that particular member account. It is unique for that particular member.
If mobile app user gets error the problem must be in Access Control configuration.
What are the QR code limitations?
- The QR code does not contain any other token (number) allowing the registration of a visit through a numeric terminal when the QR code reader is not available.
- The QR code mechanism does not prevent screenshot taking.
- There is no member geolocation feature to accompany the QR code generation.