QR codes have become a standard part of everyday experiences: eating out, parking, even checking in at doctors offices. But a recent incident involving parking meters in the Austin area has raised new concerns about QR codes.
QR codes are expected to continue being a part of everyday life, so how can we reduce risk of fraud when people use businesses that aaccept QR code payments?
What Users Can Do
Take cues from your surroundings. The more exposed an area is, ie. near a sidewalk, the easier it is for scammers to place fraudulent QR codes on them. Meanwhile, at restaurants, hotels, or in gated parking lots, there is less foot traffic and less exposure to risk. Although, QR code fraud can happen anywhere.
Pay close attention to branding, colors, appearance, and even wear. Does a QR code sticker look brand new while the signage behind it is old and faded? Red flag!
Check the URL. When you scan a parking lot QR code or scan QR codes in any establishment, be sure to double check the URL that you are being directed to. Some phone cameras offer a preview of the URL before you click on it. Is the URL exactly what you expect the merchant’s URL to be? (ie. FlashParking.com NOT FlashPayments.bsdfoi.com)
Before you enter credit card information or passwords, double check the full URL to make sure it looks legit. And if you’re in doubt, call the company you’re making a qr code payment to!
Know the signs. Fraudulent websites will frequently have misspelled words, pixelated logos, and poor grammar. Use the same common sense tips and tricks you do with email to weed out potentially risky QR codes.
Use Apple Pay and Google Pay when available. When using Apple Pay and Google Pay, your credit card data is only shared with that large tech entity (not the party receiving funds) and a one-time token is issued for that transaction, so the party that receives it can only use it once. Follow-up transactions require new authorization from the user each time mobile payments are made with Apple Pay or Google Pay.
Use Apple’s App Clip Codes when available. App Clip Codes are harder to mimic, so if you have the option between a QR and an App Clip, choose the latter and use Apple Pay at checkout.
Use ParkWhiz’s QR Code Verifier. Be confident your location is secure by testing the QR code’s validity with the newest feature in the ParkWhiz app, the QR Code Verifier, found under “More” section. It’s as simple as launching the QR Code Verifier and then the customer scans the QR code in question. If it’s legit you’ll see a green checkmark and the words “Valid QR code.” Or if the QR code is invalid, a red exclamation with the words “Unknown QR code. Do not use” will appear along with a note encouraging you to email firstname.lastname@example.org a picture of the QR code and location address. Helping you be proactive from any fraudulent activity is our top priority, and the rollout of the QR Code Verifier makes it a little easier.
If you suspect fraudulent QR codes, report them to location management immediately.
What Operators Can Do
Check signage for fraudulent codes. Make checking on-site signs for fraudulent QR codes a part of your routine, like checking for credit card skimmers.
Offer and encourage the use of Apple Pay and Google Pay. Users will have more confidence in a trusted online payment method like Apple or Google Pay, because they are locked behind a fingerprint sensor or face recognition, adding an extra layer of security.
Utilize Apple App Clip Codes. It’s much harder to generate App Clip Codes than standard QR codes. If you display your App Clip Code next to standard QR codes, users can opt to use the App Clip, where they won’t be directed to a website and can take advantage of trusted Apple Pay.
Encourage the use of ParkWhiz’s QR Code Verifier. Direct your users to use ParkWhiz’s QR Code Verifier, located in the app. This simple feature will help instill confidence in QR code transactions by letting them know immediately if the QR code in question is valid or not. ParkWhiz’s also offers a great qr code payment app that helps you have a hassle free parking experience.
QR codes are a great tool for minimizing paper waste, increasing labor efficiencies, and creating a seamless, parking touchless experience. With users and operators taking these safety measures and looking out for signs of fraudulent codes, we can all enjoy the benefits of QR with less risk. To make sure you are doing your part, download our QR Code Safety Checklist.
FLASH is your expert on payment security. As a Level 1 PCI DSS Payment Processor, FLASH knows how difficult it is to protect payments – especially in the digital age. As new payment methods and technologies are introduced, we are dedicated to keeping asset owners and parking operators in the know and users safe from the threat of fraud.
Have a QR Code related concern or question? We’re here to help. Email us at email@example.com.