Reimagining Customer Loyalty Programs With Verifiable Credentials: A Pravici Case Study

In recent years, customer relationship management has become about one thing: Data.

Organizations around the world are collecting an ever-increasing amount of customer data in order to design more personalized experiences and drive optimizations across the marketing funnel. Meanwhile, the customer is left to bear the cost of this data collection—in the form of more frequent data breaches, endless forms, and a general loss of control over their own personal data.

Pravici, an Evernym customer and startup based out of Chandler, Arizona, is looking to flip the equation. Their solution, Tokenized Loyalty Points (TLP), uses verifiable credential technology to give individual consumers control over their data, while empowering them to direct how their favorite brands can use this data for loyalty and other campaigns.

We sat down with Pravici CEO Mahesh Balan to understand how it works:

1. What problem is Pravici solving?

With Pravici’s Tokenized Loyalty Points (Pravici TLP), we are building the next generation Loyalty platform that democratizes loyalty coalitions using Distributed Ledger Technology (Hyperledger Fabric).

We are redefining loyalty programs by NOT requiring brands to store members’ personal data in a loyalty or CRM database. Instead, we offer a dedicated loyalty mobile app where consumers can directly enroll in loyalty programs with their favorite brands. Upon enrollment, we issue the member a digital loyalty card in the form of a verifiable credential. This way, the consumer is able to retain control over their data, and we’re able to work with participating brands to obtain permission from the member every time we seek to use an attribute, like a zip code or an email address, as part of a loyalty campaign or promotional offer.

Data is a critical component of an effective loyalty campaign and an organization needs accurate information to deliver personalized offers. For example, a restaurant may want to confirm that a patron is over the age of 21 before offering a free drink. The ‘old way’ would mean storing a database of customer names and dates of birth. Our approach allows brands to leverage Zero-Knowledge Proofs to ask questions about the data without having to know or store their birthdate.

By securing the credential in a holder wallet on the loyalty mobile app, we give control back to the customer. If a member doesn’t wish to share, say a zip code or an address, that is their choice.

We want to change the way loyalty programs view customer personal data. With verifiable credentials, we’re returning control of their data back to the customer.

Pravici verifiable credential loyalty platform
A customer registers for a loyalty program and provides some PII.

2. How do portable credentials solve this problem in a way that other solutions can’t?

Brands generally don’t want the liability of storing customer addresses, but they may still need to reference that information in order to send a local campaign. Our solution enables brands to do this by seeking the customer’s permission to get their address, use it ephemerally to find appropriate offers, and present relevant offers to the customer. With our solution, the address data stays with the customer in the form of a verifiable credential.

All other solutions involve storing customer data somewhere, like a centralized database. However, we’ve seen time and time again that even encrypted data is subject to breaches. The key advantage of a verifiable credential is that it is under the control of the consumer in their phone.

3. How does the Pravici TLP solution work? Who is the holder, issuer, and verifier?

A customer who wishes to be a member of the loyalty program is the holder. The loyalty consortium is the issuer as well as the verifier.

Here is a typical flow of interaction:

1.    The customer downloads Pravici’s loyalty app to join a participating loyalty program.
2.    The customer registers an account by filling out a form, which might contain PII data.
3.    The mobile app communicates with a loyalty server app / API via DID COMM. The loyalty API then converts the form data into a digital credential and issues it back to the mobile app. As part of this exchange, the loyalty app generates a DID ID, which will act as the only way in which the loyalty server app identifies the customer — meaning no personal data is exposed.
4.    The customer accepts the digital credential, which will enable privacy-preserving brand interactions and act as a certificate for password-less login.
5.    The next time the customer wants to use the loyalty mobile app, DID COMM behind the scenes will establish the fact that customer is in custody of a digital credential issued by the loyalty consortium, and the DID ID from the credential will be used to establish customer context.

Pravici's member loyalty app safely stores digital credentials
PII data is never stored anywhere except as a Verifiable Credential in the member’s loyalty app.

4. How did you find Evernym, and what drew you to working with us?

We’ve been very active in Hyperledger. We started the loyalty journey by building our app on top of Hyperledger Fabric. When we looked at other projects within the Hyperledger family, Indy, Aries, and Ursa caught our attention, and we started re-thinking the whole customer journey in the context of loyalty. We saw many presentations at Hyperledger forums, and we soon realized that Evernym was the force behind many of these projects, with production instances to boast. We were fortunate to sit through an intense two-day workshop conducted at Hyperledger Global Forum, which pretty much sealed the deal for us. We became Evernym partners.

Pravici’s core competency is building and supporting enterprise applications. Evernym is an ideal partner as they continue to provide us the leading edge technologies in the self-sovereign identity (SSI) space, allowing us to focus on integrating SSI into applications such as loyalty.

As a matter of fact, Pravici has launched a second product, Pravici PocketCred, to address the need for verifiable credentials for a vaccine or a test result. Again, our partnership with Evernym allows us to focus on integrating SSI into issuer and verifier workflows. We have built integration flows with popular Electronic Health Record systems, such as EPIC and Salesforce Vaccines Cloud, and we will be doing similar integrations on the verifier side in order to make the uptake of verifiable credentials easy for organizations.

5. Where are you today, in terms of taking your solution to market?

We are in advanced talks with partner organizations to roll out Pravici TLP with SSI features, as well as Pravici PocketCred.

Our next steps are the rollout of product pilots. Our first pilot for SSI usage is likely to be Pravici PocketCred as it has immediate applicability. For Pravici TLP, the production pilot is likely to be used for verifiable credentials for offline usage – A loyalty member can prove via a verifiable credential his/her point balance even when offline, thus allowing a verifier to provide goods and services based on the point balance presented by the holder.

For updates on either of these products, please follow us on Twitter @pravici and @pocketcred2. You can also contact us on our website or visit