A Quick Response to the Question of QR Security
A number of articles have recently surfaced about fraudulent QR codes placed on parking meters in various cities across America. Cities like Austin and San Antonio have issued warnings about bad actors using phony QR codes for phishing scams and have cautioned residents against using QR codes for payments. So let’s just get right to the point:
Are QR codes safe?
Yes.
QR codes, when used correctly, are an incredibly efficient, cost-effective, user-friendly and secure way to transact business.
But let me be totally honest here. There are no sure things in life and every reasonable person knows that there is a degree of risk in everything we do. It might be a little. It might be a lot. But make no mistake – it’s there. If it weren’t, the Mayhem Guy from Allstate, Flo from Progressive, Jake from State Farm, and the Geiko Gekko wouldn’t be household names.
But what about putting your money in the bank? Using your credit card for everyday purchases? Opening a checking account? A 401k? These are conservative, responsible things to do, right? No risk at all. Well, unless you count the 4 major security breaches at the four largest banks in America over the last two years alone. But it’s funny – when all these breaches were going on, I don’t remember anyone suggesting that we all take our money out of the banks and put it under our mattresses or start using cash exclusively do you?
I’m not here to suggest banks are not safe. They absolutely are. And so are QR codes – as long as consumers and parking and QSR and stadium and EV charging and retail operators act responsibly and thoughtfully. Below is not a comprehensive list – just a few of the easy things you can look out for as either a buyer or a seller to further secure your QR transactions.
Apple Pay, Google Pay & PayPal
The only person reading this article who is unaware of digital wallets like Apple Pay, Google Pay and PayPal is probably my mom – and even she may have given up already. The benefits and safeguards are many: because there’s no information to enter, there’s no information to steal. Card information is held and transferred securely through the device. Merchants never get a look at your CC, which makes using Apple Pay, Google Pay and PayPal useless to scammers and extremely valuable to your customers.
App Clips
You don’t have to know what an App Clip is – but your phone certainly does. App Clips are built into the iOS of your iPhone, and they are extremely difficult (I don’t like to say “impossible” about anything) to replicate. So, if you are an iPhone user, a QR code that triggers an App Clip comes with an added layer of security.
HTTPS
If scanning a QR code brings you to a website, check the website URL. Is the URL unintelligible or do you see anything odd such as extra numbers or characters? Does the URL start with http or https? What’s the difference, you ask? The extra little “s” is only used by sites that are secure and encrypted – government sites, bank sites, etc. In the tech world, that “s” is called SSL, which stands for “Secure Sockets Layer.” As a customer, you should always be looking for it.
Branding
If it looks like your brand, and sounds like your brand…it’s probably your brand. Scammers aren’t customizing their QR codes for every individual parking lot. They’re just trying to get as many fake ones out there to try and entice one or two people – it’s the same strategy that the Nigerian Prince employed. A little branding and specificity will go a long way.
Be Vigilant
You lock your door at night. You don’t leave the cash register open. QRs are no different – be vigilant. Check your QRs routinely to ensure they haven’t been tampered with and make sure they’re legit.
QR technology is here to stay because it’s easy, smart, convenient and yes, safe. And yes – with every popular new wave of technology, there will be bad actors trying to find the loopholes. But that doesn’t mean we abandon the technology – it just means we need to be a little more intentional, a little more educated about how we do business.
Questions? As the company who first launched this technology for unattended parking payments back in 2019, we’ve learned a thing or two over the years and encourage you to reach out – we would be more than happy to help!