Fraudsters are increasingly using QR codes to capture personal information. According to the Federal Trade Commission, more fraudsters are applying their own codes on existing ones, including restaurant menus, parking meters, and sporting events.
Some fraudsters have even taken their scams a step further, texting a potential victim a QR code and pretending they’re unable to deliver a package, for example, until the person scans the code. Once scanned, scammers will steal personal information.
QR codes have become ubiquitous as they are easy to use, versatile, and mobile-friendly. Increased adoption and reliance from businesses and consumers are one of the many reasons why they are being used for fraud.
These scannable patterns can store a variety of information, including URLs and product descriptions. This data is encoded into the patterns and once scanned by a QR reader, the data is then decoded and displayed on the user’s device.
Protecting Consumers from QR Code Fraud
The FTC emphasized how important it will be for consumers to take the necessary steps to make sure they don’t fall for these increasing QR code scams. For example, if someone notices that the QR code is featured in an unexpected location, they should check the URL. If it features any grammatical issues, then they should avoid entering any of their personal information.
What’s more, if consumers weren’t expecting a text message—or if they receive one from a number they don’t recognize, they should search for that number and ensure it’s affiliated with a real company. This is especially true if the text they receive has a sense of urgency behind it.
The use of QR codes will only continue to increase, and that’s why it’s imperative that consumers remain cautious. In fact, prepare to see more uses cases emerging within the cross-border payments space. More banks are shifting away from traditional methods—including bank drafts and wire transfers, which are slow, expensive, and prone to errors—and eyeing QR code. For a direct bank transfer, the bank sending the funds will generate a QR code and the bank customer will then scan it with its bank mobile app. Through a token, such as a mobile phone or email for instance, the app identifies the customer. This adds a layer of security.
Financial institutions and other players that are considering employing QR code technology must be ready to protect their customers from scammers—and they can do so by implementing authentication and encryption methods.
