Skip to main content
Xoxoday Plum tracks every redemption end-to-end, automatically flags suspicious orders using a multi-layer fraud prevention framework, and surfaces trend analytics so programme administrators can optimise performance and maintain full auditability.
Xoxoday Plum gives programme administrators complete visibility into every redemption event, from the moment a participant initiates a reward claim through to fulfilment. Each transaction is logged with a unique identifier, current status, and final outcome, so finance and operations teams can reconcile activity at any point and resolve exceptions without chasing data across disconnected systems.

End-to-End Redemption Tracking

Every order processed through Xoxoday Plum is captured in the reporting layer alongside fulfilment status updates and redemption outcomes. Audit logs retain a detailed trail of who redeemed what, when, and through which storefront or catalogue. This record supports both routine reconciliation and targeted investigations when discrepancies arise — no manual extraction required.

Layered Fraud Detection

Xoxoday Plum implements a multi-layer fraud prevention framework that operates across the login, checkout, and fulfilment stages. Controls include IP address checks with geo-mismatch detection and configurable allow/deny lists, velocity limits per user, device, and IP address with automatic throttling on repeated attempts, and device fingerprinting to surface cross-account abuse patterns. Bot-attack protections — rate limiting, request validation, and challenge-based controls — add a further defence against automated exploitation. Orders that meet configurable risk thresholds are automatically routed to a flagged hold queue rather than processed immediately. Administrators review these orders through an approval workflow with approve, reject, or release actions, each recorded with a reason code and a full audit trail. Every critical action — approvals, refunds, configuration changes, and access modifications — is logged with complete who, what, and when traceability. Admin access is protected by two-factor authentication (2FA) and role-based access control (RBAC), ensuring only authorised personnel can modify fraud rules or act on flagged orders. This governance model aligns with the access management requirements common in SOC 2 Type II and ISO 27001 certified environments.

Redemption Trend Analytics

Xoxoday Plum’s analytics layer surfaces redemption volume and trend data sliced by category, brand, market, and storefront. A programme manager can compare quarter-on-quarter redemption rates across gift card categories or identify which storefronts are driving the highest participant engagement. These insights feed directly into catalogue optimisation and budget planning decisions, removing the need to export raw data into external tools such as Workday or SAP SuccessFactors for baseline reporting. Learn more: Xoxoday Plum Help Centre — General

Reporting and Analytics

Explore the reports and dashboards Xoxoday Plum provides for tracking programme performance, budget utilisation, and participant engagement.

Security and Compliance

Learn how Xoxoday Plum protects programme data through SOC 2 Type II controls, ISO 27001 certification, RBAC, and encryption at rest and in transit.