Vulnerability in EPiServer.Forms
For our commerce project we need to implement some kind of bonus point system: a customer earns bonus points for each purchase he makes in the web shop. On a later purchase, he can trade the bonus points to get a discount. Is this something that is supported out-of-the-box by Episerver? And if not, what is the best way to re-use as many built-in features as possible?
Not exactly out of the box, but you can add a new field to your Contact, named "BonusPoint" or whatever. When you convert a cart to order, you usually update "last order date", now you can update the BonusPoint as well.
Using BonusPoint is a bit trickier, but if you simply allow customer to exchange BonusPoint for a coupon code, it would be much easier (instead of calculating the bonus point directly)
It's not possible out-of-the-box. Speaking from experience, loyalty systems can be made immensely complex.
If you don't need loyalty tiers (e.g. silver, gold and platinum), tier upgrades/downgrades and FIFO expiration of points, then you can simply store the points like Quan suggests.
To redeem/spend points you can add a custom promotion and promotion processor. The processor should convert a given number of points into a monetary value (be careful with multi-currencies) and then apply that value as an order level discount.
After confirming payment (of an order with points redemption), subtract the redeemed points from the customer's points balance. And if the order gets cancelled, you might want to add those points back to the balance.