While QR code technology has been around for over two decades, adoption within the United States has lagged behind countries like China. With a growing majority of mobile devices becoming QR-code compatible, as well as the low-cost nature of QR codes and the evolving need for more “contactless” solutions and experiences post-pandemic, QR codes were perfectly positioned for adoption and growth. “However”, Rafael says, “with every payment method that gains popularity, fraudsters follow.”
While many retailers are rushing to leverage QR codes in their shopping and payment processes, it’s important for them to understand the potential risks associated with the technology. Fraudsters and scammers have used social engineering to trick people into scanning malicious QR codes — proving as a successful attack vector in countries like China and the Netherlands. For example, “In China, swapping static QR codes on parking tickets became such a popular fraud attack method in Shanghai that in 2019, local police had to change the way they ticketed vehicles.” In the Netherlands, “a stranger would approach the victim and ask to trade cash for a QR scan to help the stranger pay for a parking spot where the meter didn’t accept cash. Later, the victims discovered their bank accounts had been drained.”
Rafael notes that not all of these attacks require in-person interactions. Attackers are impersonating brands online or affixing fake, malicious QR codes to valid QR codes to siphon data and payments to phishing websites, where they can capture login and payment credentials, as well as other sensitive data.
To prevent these attacks it’s critical for retailers to understand how QR code technology can be taken advantage of, and how to protect shoppers and themselves from fraud. According to Rafael, it’s important for retailers to “display QR codes on a tablet or other digital display if possible instead of on a static printout that could be swapped by a fraudster.” Retailers who do decide to display static codes should be vigilant and regularly check the QR codes to ensure they haven’t been swapped with malicious codes. He also says it’s critical to “install and maintain security software on all your devices that display or scan QR codes.”
Versatile Credit’s patented QR code-based technologies, Snap Sign and Snap to Apply, were designed to provide retailers and shoppers with a safe and cryptographically secure contactless financing experience. The technology was initially developed to meet the needs of lenders who wanted to promote the use of consumer mobile devices for finance applications but, due to fraud concerns, had to treat these applications as traditional web-based applications — typically leading to stricter decisioning and lower approval rates. With Snap Sign, Versatile combines a traditional table-top sign with an embedded digital display to provide dynamic, cryptographically signed, and time-constrained QR codes that help lenders and retailers to validate an applicant’s in-store presence. By displaying these QR codes using Snap Sign or within other digital displays deployed in the store, such as kiosks or digital signage, risk of fraudulent use and malicious tampering can be significantly reduced. Versatile’s secure QR code technology is not limited to the credit application process, it can also be leveraged for other parts of the sales, financing, and check-out process — from learning more about products to checkout and beyond.
As QR codes become more popular they will face continued attempts by potential fraudsters, “QR codes’ convenience and usefulness in contactless settings mean this method isn’t going away.”, Rafael says, “Therefore, it’s up to merchants and customers to try to reduce their risk.”
Reach out to Versatile Credit to learn more about providing shoppers with safe, secure contactless payment and financing solutions today.