How tight should a delivery geofence be?

Typically 50–100m for urban addresses, 100–200m for suburban, and 300m+ for rural or gated-community deliveries. Shipsy auto-tunes polygons based on historical successful-delivery GPS clusters for that address.

What happens if the consignee doesn't receive the OTP?

The driver can issue a fallback authentication — authorized-receiver PIN, ID document capture, or neighbor-delivery with photo and reason code. Every fallback is logged and reviewed.

Is ePOD evidence admissible for chargebacks and disputes?

Yes. Each artifact carries a server-side cryptographic timestamp, GPS coordinates, and the driver identity. Most payment networks accept the combined evidence package. Large enterprises have used Shipsy ePOD evidence to defend tens of thousands of COD and chargeback cases.

Can ePOD work offline?

Yes. The driver app queues evidence locally, validates the geofence against a cached polygon, and uploads when connectivity returns. Server-side validation still runs on final sync, so offline captures never skip the checks.

How does ePOD integrate with carrier networks?

Shipsy exposes ePOD artifacts via API and webhook, so downstream carriers, shippers, and marketplaces can embed the evidence into their own tracking experiences without re-capturing the data.

How Shipsy's ePOD mechanism verifies deliveries — geofences, OTPs, and evidence capture

Shipsy’s electronic proof of delivery (ePOD) mechanism captures a tamper-evident delivery record in under 30 seconds by stacking four independent signals: a geofence hit, a time-bound OTP, a signature or photograph, and the driver-app biometric session. Each signal is validated server-side before the shipment is marked delivered — so a missed geofence, an expired OTP, or an off-location scan automatically routes the delivery to exception review instead of silently closing.

This page breaks down how the mechanism works, why it matters for fraud control, and what enterprises typically see in the first 90 days.

Why we built this

Proof of delivery used to be a paper signature. That model collapses the moment a network crosses a few thousand shipments a day. Drivers lose slips, signatures become illegible, “delivered” statuses fire before the vehicle reaches the address, and disputes — especially COD disputes — eat margin. Enterprises were asking for three things at once: evidence that holds up in a chargeback investigation, friction-free capture at the doorstep, and auditability across 12+ months of history.

Shipsy’s ePOD was built to collapse those three requirements into a single mechanism that enforces itself. No driver can close a task without the signals aligning. No operations lead can override a delivery without a reason code. Every artifact is retained with a cryptographic timestamp.

How it works

The mechanism runs as a pipeline inside the driver app and the Shipsy backend, triggered when a driver taps “Attempt delivery.” The five-stage pipeline:

Stage 1 — Geofence validation. Each consignee address has a polygon (typically 50–150m, tuned per vertical — tighter for urban, wider for rural/atoll). On attempt, the driver’s GPS must fall inside the polygon. If the driver is outside, the app surfaces a warning and requires a reason code (wrong address, security gate standoff, high-rise pickup zone). All three are logged.

Stage 2 — OTP or alternative authentication. The system sends a one-time password to the consignee’s registered phone or email at the moment of geofence entry. OTP lifetime is configurable (typically 5–10 minutes). For B2B, Shipsy supports authorized-receiver PINs shared in advance. For high-value deliveries, ID document capture (Aadhaar mask, national ID) is added.

Stage 3 — Evidence capture. The driver app captures one or more of: signature on-glass, photo of package at doorstep, photo of consignee holding package, or scan of a printed challan. Photos are compressed on-device (typically 200–400KB), EXIF-stamped with GPS and timestamp, and chunk-uploaded to object storage. For bulky or white-glove deliveries, up to 8 photos can be required by configuration.

Stage 4 — Driver biometric session. Every delivery tap is authenticated against the driver’s active session — face or fingerprint check at shift start, plus passive behavioral heuristics during the shift. A driver whose session expires mid-shift is blocked from closing deliveries until they re-authenticate.

Stage 5 — Server-side validation. The backend cross-checks all signals in under 200ms. If any signal is missing, mismatched, or flagged (e.g., OTP from a different IP geography, photo EXIF showing a location outside the geofence, session expired), the delivery is held in “pending verification” and routed to an exception queue instead of closing.

All artifacts are retained for the contractual period (typically 12–24 months) and exposed via API for customer shipment-tracking pages, audit, and dispute resolution.

Here’s the sequence at a glance:

sequenceDiagram participant Driver participant App participant Backend participant Consignee Driver->>App: Tap Attempt delivery App->>Backend: Geofence check Backend->>Consignee: Send OTP Consignee-->>Driver: OTP / signature Driver->>App: Photo + biometric App->>Backend: Submit signals Backend-->>App: Validated + closed

Early results

Enterprises deploying the full ePOD stack typically report:

99%+ delivery-evidence completeness within 60 days — up from 70–80% with paper or single-signal systems.
30–50% reduction in COD dispute tickets, driven by the combined geofence + OTP + photo evidence being hard to contest.
Sub-30-second capture time at the doorstep once drivers are trained, so throughput per driver does not regress.
Fraud flags surface within hours, not weeks — anomalies like repeated “outside geofence” reasons from the same driver trigger ops alerts.

A global parcel leader spanning 65+ countries uses this mechanism across its 18,000+ driver network to enforce consistent delivery evidence regardless of local SOP variation.

What’s next

We are expanding ePOD along three axes: video-based attempt capture for high-value and luxury, NFC tag verification for returnable assets and reusable packaging, and Clara-backed anomaly summarization — so an operations lead gets a one-line explanation of why a delivery was flagged instead of raw signal dumps.

Why we built this

How it works

Early results

What’s next

Related Insights

Shipsy vs e2open — buyer's guide

Behind the scenes: Nexa, Shipsy's autonomous settlement agent

Inside Shipsy's wave planning: how picks and packs get batched for maximum throughput