A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices and retransmit the beacon code broadcasted by the beacon device to the processing system. A computing device at the location transmits to the processing system a request for account data comprising a hardware identifier and retransmits the beacon code and a random nonce. The processing system verifies the request based on the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. Within a threshold period of time, the processing system may verify a subsequent request from the computing device, even without receiving the beacon code and random nonce, if the request comprises the hardware identifier.