Fintech

We need a plan to eliminate QR codes in fintech

Published

7 months ago

on

A fake sticker pictured at an electric car charging station in the center of Brussels, Wednesday 15 … [+] May 2024. There are payment fraud attempts using stickers with a QR code that links to a website rather than the correct payment method. BELGIAN PHOTO ERIC LALMAND (Photo by ERIC LALMAND / BELGA MAG / Belgian via AFP) (Photo by ERIC LALMAND/BELGA MAG/AFP via Getty Images)

BELGA MAG/AFP via Getty Images

Earlier this year the Federal Trade Commission (FTC) issued a warning on the “growing abuse” of QR codes and it is certainly true that QR crime is growing. So, given that today is the 50th anniversary of the first barcode transaction, perhaps we should start thinking about what comes next.

Golden anniversary

Yes, it was fifty years ago today, June 26th 1974that the first pass of the standard black and white stripes of the universal product code (UPC). barcode It happened at a Marsh supermarket in Troy, Ohio. (It was, incidentally, a 67-cent pack of Wrigley’s Juicy Fruit gum.)

Twenty years later, in 1994, Mr. Masahiro Hara had grown tired of having to scan six or seven bar codes on every box of parts that whizzed past him on the assembly line of the Toyota auto parts factory where he worked. He couldn’t help but wonder why they were still using the limited-capacity barcodes of the 1970s, when there was so much data to read. After studying a game of Go, he invented the two-dimensional barcodes which we now know as QR code.

QR is everywhere, always.

© Helen Holmes (2021).

Twenty years later 2014QR codes were being used for all sorts of things and Mr Hara was awarded the “People’s Prize” from the European Inventor Awards, at which point he said that QR codes would probably only last about a decade before they were replaced by something more sophisticated.

Well, they weren’t, and here we are. 2024and QR codes are everywhere.

They are cheap, simple and convenient. But they have a big problem. Fraud.

(This is not a new problem, by the way. Ten years ago I wrote that one of the problems with QR codes is that they are not secure. A few years later I wrote an article pointing out that contactless should be more secure than QR codes because the relevant standards included the ability to digitally sign tags, although I also noted that no one was using this, while anyone could easily create fake QR codes.)

The problem of fraud emerged as soon as QR codes entered the mass consumer market all over the world. I remember reading in the South China Morning Post that in March 2017, around 90 million yuan was stolen via QR code scams in Guangdong alone: ​​in one case, a suspect was found to have replaced merchants’ legitimate barcodes with fake codes that they embedded a virus to steal personal information, and that across China, a quarter of viruses and Trojans came via QR, so I knew it was only a matter of time before we started seeing the same problems everywhere.

Criminals are using QR codes for fraud both online and offline. In China, scammers have been caught placing fake parking tickets – complete with QR codes for easy mobile fine payment – ​​on parked cars. In the Netherlands, a QR code scam exploited a legitimate feature within a mobile banking app to defraud bank customers. In Germany, fake emails containing QR codes have lured eBanking customers to malicious websites under the guise of reviewing their account privacy policy updates. In Belgium (see photo above) they are being used to trick people using electric car charging stations. In the US (and UK), criminals have been particularly active in car parks, pasting stickers with malicious QR codes on parking attendants and tricking drivers into entering their bank account or credit card details into a fake phishing site.

It’s time for alternatives

So while QR codes are indeed convenient for payments and more, they pose serious security risks, such as directing users to malicious websites or triggering unwanted actions. What should we use instead?

Contactless is a good choice for some things. Sitting at a restaurant table, tapping instead of scanning. Near-Field Communication (NFC) technology enables fast and secure close-range communication between devices, and unlike QR codes, which can be scanned from a distance, NFC requires proximity, offering an added layer of security. NFC tags can be embedded in various objects and are increasingly used for contactless payments and access control, and the chips in these tags can support very sophisticated security measures.

There are also other long-range wireless options, such as Bluetooth Low Energy (BLE) and Ultra Wide Band (UWB) that could also be used to send information to a consumer device, and it would be relatively simple to add encryption and digital signatures so that phones they may reject bogus connections.

In the long run, one could imagine that digital watermarks embedded in images or videos could be used to convey information. These are less visible and more difficult to tamper with than QR codes.

A little further down the line, though, we could find ourselves using smart glasses that can recognize what we’re looking at and offer a selection of appropriate options: if I’m looking at a poster advertising an upcoming Hawkwind concert on the tube, then lo and behold, I wouldn’t need to scan a QR code because my smart glasses should be able to read the poster and automatically go online to the relevant booking site. From there, it’s a short step to augmented reality (AR), where the infrastructure itself adds interactivity and security, allowing users to interact with dynamic content that’s harder to replicate or maliciously alter.

Fintech Priority

That’s actually where Mr. Hara thought we would be in 2024. As I write this I am sitting in a train carriage and there is an advertisement for some form of fast food on the back wall. The advertisement shows a QR code. But surely a smartphone (as Mr. Hara reasoned) should be able to read advertising and give me the ability to see where the nearest store is or what today’s specials are. My iPhone already knows how to recognize text, it wouldn’t seem that difficult to get it to automatically extract URLs and display them so you can see where you’re going.

As these technologies mature, they are likely to become more widespread and potentially replace or augment QR codes primarily in applications where greater security is required, such as payments and other financial services. While QR codes are likely to remain in use in many cases due to their familiarity and ease of implementation, we in the fintech world should really plan on implementing more secure alternatives as a priority.

Source

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version