How secure are QR codes?

They make virtual shopping a reality, bring artwork in museums to life, and facilitate airport check-ins. QR codes — ubiquitous with out-of-home advertising since the 2010s — are everywhere.

Yet some may wonder if QR codes are actually secure. Given their simplicity, are they rife for hacking and malicious activity? Tech aficionados assure us that the security risks are lower than we may think.

What exactly are QR codes anyway?

QR (or Quick Response) codes are matrix-style barcodes frequently printed on various media — like billboards and flyers. They are an intermediary communication tool that uses data from a printed medium to retrieve data in a digital medium; in other words, QR codes bridge the online and offline.

Marketers love QR codes because they’re a convenient method to optimize campaigns. Instead of having customers enter a web address manually, QR codes eliminate potential typos by sending users directly to a company’s website, signup form, or app.

Can someone hack a QR code?

QR code technology has no security flaws and cannot be hacked. The security risks that we often associate with QR codes — phishing, hacking, or malware — don’t stem from QR code technology but from the final destination of each code. Third parties could hack the web page, connect malicious software, or steal data — the same way they conduct email or text message scams.

Here are some ways third parties could compromise QR codes:

  • They may print posters or flyers with malicious QR codes and distribute them in public places. These codes would redirect users who scan them to untrustworthy landing pages and prompt them to download malicious software that steals their private data.
  • Once a marketing campaign has ended, the original QR codes may still exist even though the destination address is no longer owned by the creator. Third parties could purchase the site, repurpose the QR code link, and send users to a different landing page.
  • They could print stickers containing hostile, counterfeit QR codes and paste them over legitimate ones. These codes could take users to phishing websites rather than the intended website or special offer page.

Once again, these potential “hacks” revolve around the nature of links as a communication intermediary. Third parties could also conduct similar crimes if companies used, say, a URL shortener. The unique risk of QR codes is that they are only machine readable — users are unable to identify whether someone has manipulated a code without scanning it.

Do QR codes collect my personal information?

Most QR code-generating software collects minimal data from users who scan the codes, and it never collects personally identifiable information. The only data it might collect — which would only be visible to the creator of the codes — includes location (city and country of the user), number of scans (how many times the user scanned the code), time (what time they scanned the code), and the operating system of the device that scanned the code (i.e., iPhone or Android).

How can I increase QR code security?

Ultimately, you should exercise the same level of caution that all internet users should strive for:

  • Don’t scan QR codes from sources you can’t verify, such as those included in spam emails and print materials in public places. Before scanning any code, ask yourself if the company looks legitimate and whether the design looks professional.
  • Check for tampering. Is the QR code you’re scanning on a poster or flyer part of the original design, or is it a sticker placed on top?
  • When a QR code takes you to a landing page, make sure the URL of the site looks authentic.
  • For extra safety, disable the “open website automatically” function on your phone. That way, when a QR code directs you to a web page, you can view the URL first and check if it’s a legitimate link.

So I’m safe to use QR codes, right?

Absolutely! QR codes remain incredibly popular around the world — in China, a large proportion of the $5.5 trillion payments made via mobile every year went through a QR code on various apps.

Not only are they safe to use, but there are also many cases where QR codes are an additional security measure. Some websites, like online banking sites, use QR codes as part of two-factor authentication. After customers log into their accounts, they may get a prompt to scan a QR code using their mobile banking apps for additional verification.

At the end of the day, QR code technology itself has no security issues. As long as you remain smart and vigilant when using the internet, QR codes are perfectly safe. For marketers, QR codes are a convenient and valuable tool for sending customers to campaign landing pages, collecting data, and launching promotions, especially when used creatively.

Photo by Mitya Ivanov on Unsplash

AUTHOR
Finance expert. Interested in economics, payment & specialized in online payment methods. Guilty of liking too many puppy photos on Instagram.

Send Comment:

JotForm Avatar

Comments: