The Clearsale Blog

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR code payments have finally caught on in the U.S. after lagging behind adoption in China and other Asian markets. Why the change? The need for contactless payments brought on by the pandemic sent retailers looking for inexpensive, quick-to-implement ways to let customers pay from a distance, and QR codes fit the bill. However, with every payment method that gains popularity, fraudsters follow. Here’s what retailers and consumers need to know about using QR code payment technology safely.

Why Are QR Codes Everywhere Now?

QR (Quick Response) codes are similar to barcodes in that they store information visually. However, they can store much more data, so they can be used for web links, document access, product identification, and payments.

Retailers that want to offer contactless point-of-sale payments without investing in NFC-enabled terminals can add software that generates a QR code for each purchase. Smaller retailers can do this with a payment service like Square or PayPal on a tablet. Some vendors that sell single items or services print out and display one QR code that customers can quickly scan. Large chains like Walmart have QR code displays built into their POS terminals. QR codes can also support loyalty programs, so customers can earn points and claim rewards without having to present a punch ticket or plastic rewards card.

By scanning a merchant’s QR code at checkout, a customer can quickly pay for their items through a digital wallet, without handling cash, touching the payment terminal, or even getting close enough to the terminal to tap or wave an NFC-enabled credit card or smartphone. That last element is important for safe distancing. With a good smartphone camera, a QR payment code can be scanned from a foot or more away from the source, unlike NFC contactless payments, which can only take place over a few inches. Another option, reportedly in development for drugstore chain CVS, is for cashiers to scan a QR code generated by the customer’s digital wallet.

Related story: Do We Have Enough Data Scientists to Protect Against E-Commerce Fraud?

How Are Scammers Exploiting QR Code Security Gaps?

In China, swapping static QR codes on parking tickets became such a popular fraud attack method in Shanghai that in 2019, local police had to change the way they ticketed vehicles. Some fraudsters target street market vendors who typically display a single QR code at their stall. By replacing the seller’s QR code with one that leads to the fraudster’s account, they can siphon off the merchant’s revenue. Still others go after static QR codes affixed to rental bikes and scooters.

Fraudsters can also use social engineering to convince people to scan QR codes that contain malware or steal their banking credentials. In 2019, Malwarebytes reported on the latter type of scam happening to people in the Netherlands. A stranger would approach the victim and ask to trade cash for a QR scan to help the stranger pay for a parking spot where the meter didn’t accept cash. Later, the victims discovered their bank accounts had been drained.

These scams don’t require in-person interaction. Fraudsters impersonating brands are using QR code promotions in email and on social media to lure victims to phishing websites, where they can capture login and payment credentials.

QR Codes Need Stronger Security for Payments

Every payment method has vulnerabilities that criminals will exploit if they can; the entire fields of fraud prevention and cybersecurity are essentially a race to stay a step ahead of criminals’ next scam tactics. However, QR codes weren’t designed with payment processing in mind. They were originally created to track parts in the auto-making process. The creator of QR codes, along with other security experts, says QR needs better security to reduce the risk of payment fraud. In the meantime, QR codes’ convenience and usefulness in contactless settings mean this method isn’t going away. Therefore, it’s up to merchants and customers to try to reduce their risk.

Steps Retailers Can Take to Protect QR Code Transactions

Because QR payments at the POS are actually e-commerce payments, it’s critical to have card-not-present fraud protection in place to authenticate customers and payment methods before approving transactions. If you’re a merchant using QR codes at checkout, you should also:

  • Display QR codes on a tablet or other digital display if possible instead of on a static printout that could be swapped by a fraudster. If you must display a static code, check it regularly to ensure it’s still yours.
  • Monitor your transaction reports to ensure that you’re receiving the payments that customers scan in.
  • Monitor your social media mentions to spot possible impersonators.
  • Install and maintain security software on all your devices that display or scan QR codes.
  • Respond right away to any reports of QR problems from customers.

Steps Consumers Can Take to Avoid QR Code Fraud

Paying with a QR code is convenient and helps you keep a safe distance from others, but there are a few safety measures to keep in mind.

  • Only scan QR codes from merchants you trust. Be especially cautious about QR codes purporting to be from brands on social media and in emails — double-check the source before you scan them.
  • Scan checkout QR codes from a digital display instead of a static display whenever possible.
  • Make a note of the URL that appears on your phone after you scan a QR code and before you proceed to the site.
  • Set up transaction limit alerts with your bank or credit card provider so you’ll know right away if there’s a problem.
  • Install trusted mobile security software on your phone to reduce the risk of malware via QR code.

Like many innovations, QR payments will almost certainly remain popular even after the immediate need for no-contact payments abates. That means more convenience and physical safety for shoppers and merchants, but it also requires everyone who uses QR codes to take security seriously to avoid getting scammed.

Original article at: https://www.mytotalretail.com/article/qr-code-payments-are-convenient-great-for-distancing-and-targets-for-fraud/

You may also like

Why Ecommerce Merchants Should Monitor the Amazon-Shopify Battle

Why Ecommerce Merchants Should Monitor the Amazon-Shopify Battle

There’s a behind-the-scenes battle going on between the two biggest ecommerce platforms in the U.S. that could have big implications for merchants. After much media speculation at the end of 2020..

Cross-Border Shopping Comes With Merchant Concerns

Cross-Border Shopping Comes With Merchant Concerns

THE PERILS OF FRAUD

International fraud protection leader ClearSale released an extensive analysis of its five-country study on consumer attitudes commissioned from Sapio Research titled, 2021..

Climbing out from COVID-19: What retailers need to do moving forward

Climbing out from COVID-19: What retailers need to do moving forward

The spring of 2021 is quite different than 2020 for the retail sector as COVID-19 is no longer shuttering as many stores, forcing layoffs and or triggering as many bankruptcies. But retailers..

An Inside Job at the Post Office (Pt.1)

An Inside Job at the Post Office (Pt.1)

What happens when the post office is in on the con? In part one of our conversation with Bruno Farinelli from ClearSale, he shares incredible stories of inside fraud jobs at the post office,..

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

Fraud protection leader ranked among businesses for high employee confidence and successful outlook

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

The exponential growth in digital commerce has made it easier and more convenient than ever for consumers to engage with brands.

One way they’re doing this is through mobile applications. While..

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

As the world pivoted to online shopping, work, and learning last year, the timeline for mobile usage growth jumped ahead by two to three years in the first half of 2020. Many retailers rolled out..

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

Retail association recognizes ClearSale’s valuable fraud protection services for businesses worldwide.

Advance Strategies to Eliminate Ecommerce Chargebacks

Advance Strategies to Eliminate Ecommerce Chargebacks

What can we expect e-commerce to look like throughout 2021? There's still a lot of uncertainty in the economy, but some strong trends emerged last year that merchants can build upon now as..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog