Wallet passes are more than convenient digital credentials, they provide a secure communication channel between organisations and customers.
Email and text messages can easily be spoofed. Customers often cannot be certain who actually sent the message. Wallet notifications originate only from the organisation that issued the pass, providing a trusted and verifiable communication channel.
Over 3.4 billion phishing emails are sent every day worldwide. Fraudulent messages often impersonate trusted brands and services. Wallet pass notifications remove that uncertainty because messages can only be delivered by the pass issuer.
Static tickets and documents can quickly become outdated. Wallet passes update directly in the customer’s wallet, ensuring they always see the most current information, whether that is a gate change, new instructions or updated access details..
Wallet passes rely on platform cryptography, not simple links or text messages. Each pass is issued and controlled through secure platform infrastructure that verifies the identity of the issuing organisation.
Apple Wallet passes are digitally signed using cryptographic certificates, ensuring that every pass originates from the organisation that issued it. Only the holder of the private signing key can modify or update that pass. Google Wallet uses authenticated issuer APIs that enforce the same principle, allowing only authorised organisations to create and update passes.
This means that notifications and updates delivered through a wallet pass can only originate from the issuer that created it. Customers are not asked to trust anonymous emails or unexpected text messages. Instead, information arrives through the same trusted pass already stored in their wallet, providing a communication channel customers can rely on.
Apple Wallet passes are cryptographically signed, ensuring that each pass originates from a verified issuer.
All pass data, logs, etc. are held in our database encrypted with AES-256 encryptions with individual keys for each data row managed by AWS KMS.
Only the organisation holding the private signing key can create or update issued passes.
Google Wallet relies on authenticated issuer APIs to control pass creation and updates.
Pass updates and notifications can only originate from the organisation that issued the pass.
The result is a communication channel that customers can trust.
Links within a pass can include signed tokens that verify the originating pass, enabling secure customer interactions such as support requests or service claims.
Disable access immediately if a pass is lost, abused or issued in error.
Change entry gates, departure times, event information or service details without issuing a new pass.
Protect services and events by quickly invalidating passes that should no longer be used.
Ensure customers always see the most recent version of their ticket, membership or credential.
Update links within the pass to point customers to new services, offers or support channels.
Change or revoke barcodes to prevent reuse or misuse when required.
Send updated instructions quickly if plans change, such as venue access updates or service disruptions.
Customers always see the current version of their pass rather than relying on outdated emails, PDFs or screenshots.
Traditional tickets and documents often exist in multiple versions. Customers may receive an original email, download a PDF, print a copy or take a screenshot. When information changes, some people continue using an outdated version without realising it.
Wallet passes behave differently. The pass stored in the customer’s wallet is a single digital credential that can be updated in place. When details change, the same pass is updated automatically so the customer always sees the most current information.
This removes confusion and ensures customers are relying on the correct instructions, whether they are checking an entry gate, a departure time or their membership status.
Tickets and documents are often saved in several places such as emails, PDFs, screenshots or printed copies. Over time these versions diverge.
Departure times, entry gates, venue details or membership information may change after the original document is issued.
Customers frequently reopen the original email or screenshot they saved earlier, unaware that the information has since changed.
Outdated documents can leave customers following the wrong instructions, arriving at the wrong gate or relying on incorrect information.
Wallet passes remove the version problem by updating the same pass in place. The customer always opens the same credential.
When information changes, the pass updates automatically. The version stored in the wallet always reflects the latest instructions.
Smartix records every scan, creating a clear audit trail of how passes are used in the real world. Each scan can capture key context such as the timestamp, scanning device, operator identity and GPS location. This visibility helps you investigate suspicious activity, detect repeated pass sharing and verify staff actions with confidence. Instead of relying on guesswork or manual logs, you have reliable evidence of what happened, when it happened, and where it happened. It also provides a natural bridge into Data and Insight, because the same audit trail can reveal usage patterns across locations and time.
Every scan records a timestamp so you can confirm when a pass was used, and build an accurate history for audits, disputes or customer queries.
Staff authenticate in Smartix Scan so each action is linked to a specific operator, improving accountability and reducing the risk of misuse on shared devices.
Where permitted, GPS location can be captured during scans, helping confirm that passes are being used at the correct venue, site or checkpoint.
Unusual patterns such as repeated scans, unexpected locations or abnormal activity can quickly highlight pass sharing, fraud attempts or operational issues.
Common questions about wallet pass security, fraud prevention and how Smartix helps organisations maintain control after passes have been issued.
No. Wallet notifications can only originate from the organisation that issued the pass.
Apple Wallet passes are cryptographically signed and Google Wallet uses authenticated issuer APIs. This means updates and notifications must come from the authorised issuer infrastructure.
Customers therefore receive information through the same trusted pass already stored in their wallet.
Smartix allows passes to be voided instantly.
If a pass is lost, abused or issued incorrectly, it can be disabled immediately. The next time the pass is opened or scanned it will reflect the updated status, preventing further use.
No. Wallet passes behave as a single evolving credential.
When details change, the same pass is updated in place. Customers cannot open an older version because there is only one pass stored in the wallet, which always shows the latest information.
Smartix records a full scan audit log for every interaction.
This includes the scan timestamp, the scanning device, the operator identity and the GPS location of the scan. This information helps organisations investigate suspicious activity and maintain operational accountability.
Yes. Scan audit logs make it possible to identify patterns such as repeated scans from unusual locations, rapid sequential scans or activity outside expected venues.
These insights help organisations detect misuse and investigate potential fraud quickly.
Yes. Because the pass itself originates from the issuing organisation, links delivered through the pass can be trusted in a way that emails or SMS messages cannot.
Smartix can also include secure tokens within links, allowing systems to verify the origin of the pass and the identity of the pass holder when interacting with external services.
Smartix can offer tailored solutions to fit your business.