Xoxoday Plum supports immediate cancellation of fraudulent reward orders and blocking of compromised reward codes, limiting exposure before a security incident escalates.
Cancelling Fraudulent Reward Orders
When fraud is detected, Xoxoday Plum administrators can cancel reward orders directly from the admin console. This action voids the order before redemption occurs, ensuring that rewards tied to fraudulent activity do not reach unintended recipients. Whether the trigger comes from an internal audit, an alert from your HRMS such as Workday or SAP SuccessFactors, or a compliance review, the cancellation process is designed to be swift and traceable. Cancellation is logged, giving your security and finance teams a clear audit trail — a requirement under frameworks such as ISO 27001 and SOC 2 Type II.Blocking Compromised Reward Codes
Not every security event requires a full order cancellation. In cases where a reward code has been distributed but not yet misused, Xoxoday Plum supports blocking that specific code. This allows your team to neutralise the risk without disrupting legitimate recipients whose codes are unaffected. This granularity matters in high-volume programmes — for example, when a quarterly incentive batch goes out to thousands of employees via a Darwinbox or Workday integration and only a subset of codes is flagged. Blocking individual codes prevents over-correction while keeping the programme running.Third-Party Reward Scenarios
Xoxoday Plum operates an extensive catalogue that includes rewards fulfilled by third-party providers. When fraudulent activity occurs on a third-party service, Xoxoday Plum coordinates with the relevant provider to assess revocation options. The outcome depends on the provider’s own policies and technical capabilities, so resolution timelines may vary. For your organisation, this means the initial escalation path runs through Xoxoday Plum — your teams do not need to manage multiple vendor relationships independently. Xoxoday Plum acts as the single point of contact to initiate the investigation and communicate next steps.Recommended Security Practices
Pairing Xoxoday Plum’s revocation controls with proactive measures strengthens your overall posture. Organisations that enforce role-based access controls, set redemption windows, and route alerts through communication tools such as Slack or Microsoft Teams are better positioned to detect anomalies early. Shorter redemption windows reduce the attack surface, while automated notifications ensure that administrators are informed the moment an order is issued — giving them time to act before a compromised code is used. Xoxoday Plum’s fraud-response controls are part of a broader security architecture designed to meet enterprise compliance requirements, supporting your organisation’s obligations under data protection and financial integrity policies. Learn more: [Xoxoday Plum Help Centre — Security requirement](How does Xoxoday Plum handle data security and encryption?
Learn about the encryption standards, access controls, and compliance certifications that protect reward data on Xoxoday Plum.
Can admins set expiry dates and redemption limits on rewards?
Understand how redemption windows and usage limits reduce fraud exposure and give administrators tighter control over reward distribution.