Woolworths Rewards



  • In Australia, there's two main supermarket chains - Coles and Woolworths. Both have their own loyalty schemes where you earn points per dollar to use for discounts at their stores or to convert to airline miles. How they do it is different.

    Coles with their Flybuys program accumulate the points and then you log into the Flybuys portal and redeem them for the cash off, the airline miles, the toaster, or whatever.

    Woolworths with their Woolworths Rewards program will, by default, when you have 2000 points or more, deduct $10 from your purchase automatically when you scan the card and the purchase is $10.05 or more. Otherwise, you can set it up so that it won't convert them until some random date in December (for Christmas). If you want the airline miles you can set it up so that every quarter, it will convert multiples of 2000 points to 870 Qantas points.

    I don't much care for the Woolworths program because I'd like to choose when I redeem my points, thanks all the same. I ended up switching it to Qantas points because, hey, 870 Qantas points is better than 0 Qantas points and no more random surprise discounts when I do, say, my grandmother's shopping.

    Recently, Woolworths ran a promo where if you were a new user, you could get 5000 points for signing up for their Rewards promo. Some users on Ozbargain did and noticed that they didn't have the points on their account... but they had been used already, at stores located nowhere near them.

    If you download the Woolworths Money app (for their store branded credit cards) you can plug in any Rewards card number and you will see the balance, no login needed.

    Once you have the barcode number with a known good number of points, all you then need to do is add the account to Android Pay, Stocard or a similar app that stores loyalty cards, and then claim the points on your own shop. Boom. Easy money.

    It appears that the card numbers on the barcode on the card are simply generated in sequence, with the last digit as a check number as per virtually other barcode, meaning that it would not be overly difficult for a determined person to find a card with a good number of points on it.

    Apparently, when designing their system, nobody thought that on the spot redemptions could possibly be abused in anyway, a notion I'm sure they're now relieved of.



  • @douglasac said in Woolworths Rewards:

    It appears that the card numbers on the barcode on the card are simply generated in sequence, with the last digit as a check number as per virtually other barcode, meaning that it would not be overly difficult for a determined person to find a card with a good number of points on it.

    I always thought it was weird that Woolies used EAN barcodes (starting with 93444) instead of some other system. Flybuys starts with a 2, which is like ISPs issuing IP addresses 10.x.x.x.


  • ♿ (Parody)

    @douglasac said in Woolworths Rewards:

    no more random surprise discounts when I do, say, my grandmother's shopping.

    TRWTF is you're a bad grandson. 🔥


  • Discourse touched me in a no-no place

    @zemm said in Woolworths Rewards:

    Flybuys starts with a 2, which is like ISPs issuing IP addresses 10.x.x.x.

    Is there a problem with that?



  • ISPs that use NAT should use RFC 6598 addresses (100.64/10) and not RFC 1918 addresses.


  • Discourse touched me in a no-no place

    @zemm said in Woolworths Rewards:

    ISPs that use NAT should use RFC 6598 addresses (100.64/10) and not RFC 1918 addresses.

    Not according to RFC 6598

    3. Alternatives to Shared Address Space

    The interfaces that connect CGN devices to CPE might conceivably be numbered from any of the following address spaces:

    [...]

    • [RFC1918] space


  • @pjh Oh good. A discussion of reward cards and bad security is going to turn into a super-detailed and extraordinarily boring discussion of IP range RFCs.

    0_1501595708885_20130109.png


  • Discourse touched me in a no-no place

    @blakeyrat My God!!! You're right. It's almost as if topic drift never happened!!!

    Thank you for pointing that out!!!

    You even included an overused meme which is even further off-topic than my post!! :swoon:



  • @pjh Goddamned. For the millionth time, I don't care that the topic drifted, I care that it drifted to the most boring thing you could possibly ever imagine talking about. Reading a phone book cover-to-cover would be more interesting than discussing IP range RFCs.


  • Discourse touched me in a no-no place

    @blakeyrat said in Woolworths Rewards:

    For the millionth time

    I believe you might be slightly over-exaggerating there.

    @blakeyrat said in Woolworths Rewards:

    the most boring thing you I could possibly ever imagine talking about

    FTFY.



  • @pjh Ok you can out-boring me. Congratulations. That doesn't change the fact that you changed a potentially entertaining topic to an entirely boring one.

    Why don't you tell some of those great IP range jokes to melt the ice. Woo, party's really gonna get started up in this thread!


  • Discourse touched me in a no-no place

    :rolleyes:



  • @blakeyrat
    You'll have to come to my 127.0.0.1 before I can really wow you with my IP jokes. :trollface:



  • @blakeyrat said in Woolworths Rewards:

    Reading a phone book cover-to-cover would be more interesting than discussing IP range RFCs.

    For some oddball reason, there are recipes in our phone book. I guess that's the only way they can get people to look at them given we have this newfangled Google thing.



  • @izzion said in Woolworths Rewards:

    127.0.0.1

    There's no place like it.



  • @no_1 here's one: ::1



  • @twelvebaud said in Woolworths Rewards:

    @no_1 here's one: ::1

    That's in the more expensive district where everything is 4x wider.



  • @no_1 said in Woolworths Rewards:

    district where everything is 4x wider

    That's where all the "penis enlargement" spam comes from ? :trollface:



  • @timebandit said in Woolworths Rewards:

    That's where all the "penis enlargement" spam comes from ? :trollface:

    4x wider, not necessarily 4x longer.



  • @no_1 said in Woolworths Rewards:

    @timebandit said in Woolworths Rewards:

    That's where all the "penis enlargement" spam comes from ? :trollface:

    4x wider, not necessarily 4x longer.

    so you're saying it's all about girth, not length?

    Yeah, I'll agree with that! I much prefer extreme girth to extreme length!


  • Garbage Person

    @zemm said in Woolworths Rewards:

    @douglasac said in Woolworths Rewards:

    It appears that the card numbers on the barcode on the card are simply generated in sequence, with the last digit as a check number as per virtually other barcode, meaning that it would not be overly difficult for a determined person to find a card with a good number of points on it.

    I always thought it was weird that Woolies used EAN barcodes (starting with 93444) instead of some other system. Flybuys starts with a 2, which is like ISPs issuing IP addresses 10.x.x.x.

    It's actually a very practical concern.

    Retail barcode scanners tend to be locked down to only recognize EAN/UPC. Why? Because other symbologies appear all over products, and mis-scans are frustrating and waste time.

    Therefore almost all barcodes for use at point of sale are EAN/UPC. This is what the private use range are for.

    But it is inherently traversible. A secondary factor would be nice (a local convenience store chain lets you do rewards by keying your phone number and PIN instead of needing a barcode)



  • @perverted_vixen said in Woolworths Rewards:

    so you're saying it's all about girth, not length?

    I suppose it varies with the individual, but imagine that most would prefer a reasonable mix of both.

    Filed under: Aspect ratio



  • @pjh said in Woolworths Rewards:

    Not according to RFC 6598

    I did say SHOULD. Not MUST.

    (We can discuss semantics of that is more interesting to Ser Blakey)



  • @weng said in Woolworths Rewards:

    Retail barcode scanners tend to be locked down to only recognize EAN/UPC.

    But when a product is marked down "For Quick Sale" (eg that individual item is nearing use-by date) they use a much longer barcode, from memory over 30 digits long. They could have done similar for the rewards system. (This is like IPv6—ok I shouldn't continue IP address analogies)



  • @zemm said in Woolworths Rewards:

    @weng said in Woolworths Rewards:

    Retail barcode scanners tend to be locked down to only recognize EAN/UPC.

    But when a product is marked down "For Quick Sale" (eg that individual item is nearing use-by date) they use a much longer barcode, from memory over 30 digits long. They could have done similar for the rewards system. (This is like IPv6—ok I shouldn't continue IP address analogies)

    You'll find that that barcode is the same barcode as the product but with some numbers on the end that include the price, a reason code for the markdown and other assorted stuff.



  • @douglasac said in Woolworths Rewards:

    You'll find that that barcode is the same barcode as the product but with some numbers on the end that include the price, a reason code for the markdown and other assorted stuff.

    Indeed. I would also suspect each of those are unique so that they couldn't sell the product after a certain date/time for really perishable food. But still, this is not a standard EAN barcode and their readers can read it.

    I've done quite a bit of work with barcodes, having to deal with many shipping companies and their requirements for labels, manifests, etc. One had a very specific requirement in the coding of a certain label: every scanner could read it but it wasn't encoded the most efficient for the data presented. (Code 128 sets)


  • ♿ (Parody)

    @blakeyrat said in Woolworths Rewards:

    Ok you can out-boring me.

    LIES. I have it on good authority that you have hours upon hours of videos of you playing video games.


  • Discourse touched me in a no-no place

    @douglasac said in Woolworths Rewards:

    It appears that the card numbers on the barcode on the card are simply generated in sequence

    And there we have the core issue. Sequences are supremely guessable, and that's bad whenever there's money involved.


Log in to reply