QR codes have been around since the 90s, but they recently became more popular due to the COVID-19 pandemic as people observed social distancing safety measures and embraced touchless technologies. A study on QR codes reveals that in the last two years, the number of people who scanned a QR code rose by 26%, indicating how businesses and people have rapidly adopted this barcode technology as touchless technologies become a part of our daily lives. Despite the ease of use of QR codes, it is important to understand the risk of data privacy associated with them.
What are QR Codes, and How Do They Work?
Invented in 1994 in Japan, a Quick Response (QR) is a two-dimensional matrix barcode that contains data for a locator, an identifier, and web visitor tracking. This code comprises tiny black squares arranged in a grid format on a square white background. QR codes can hold a lot of information, and because of this, they have made analogue interactions digital. By simply pointing a phone’s camera at code, a user can be directed to a website containing a vast amount of information than a paper would hold.
Because of its versatility, a QR code can be used in many places. It can be used in restaurants to present menus to customers and take orders. It can be used on billboard advertisements as a call-to-action button for intending customers, a WIFI connection, mobile ticketing, etc. Social media platforms, including Meta-owned WhatsApp and Instagram, let people add contacts and follow each other by scanning QR codes.
Data Privacy Risks Associated with Using QR Codes
It is easy to create QR codes, and anyone can slap these barcodes on any platform in just a few steps. QR codes are very effective in collecting first-party data. Although the codes don’t directly infringe on data privacy, the websites you open when you point your phone’s camera at them might be tracking and collecting your data. With this knowledge, there are some risks associated with scanning QR codes, and they will be outlined below:
Because of its ease of access, QR codes can be an avenue for hackers to pass malware around. Hackers can place QR codes in random places where they know passersby will be and scan them. Scanning the wrong QR code can lead you to a website where you unknowingly download malware that performs malicious operations on your device that you don’t even know about. While a phone’s camera works just fine for scanning QR codes, there are also apps mirroring as QR scanners designed to pass malicious malware around.
Referred to as “quishing,” this is an attack where a scammer places a cloned website in a link. Once the victim opens the link and enters information such as a login email and password, the scammer gains access to sensitive information such as the victim’s bank account and card details. Scammers are also known to place QR codes carefully in phishing emails, hoping their victims will open the malicious links.
Data Collection and Tracking
When a QR code is scanned, the owner may be collecting data such as IP address, location, and web activity. While it may not be harmful, these data can be used for tracking to serve you better products or ads tailored to your preferences against your will.
Scanning a QR code can easily give out your location without your consent resulting in a privacy breach. This represents a security breach and can be dangerous for people whose location cannot be made public.
How to Avoid the Possible Threats from QR Codes
While QR codes have made a lot of interactions easier and faster, using them still comes with great risks, as outlined above. Since this touchless technology is here to stay, it is important to know how to avoid the risks associated with using it.
Use Phone Camera as Scanner
If you go on to your app store, you will see a lot of apps posing as QR code scanners. You do not need them. You only need your phone’s camera and internet connection to scan a QR code.
Avoid Scanning Random QR Codes
It is impossible to verify the source of all QR codes, but you have no business scanning a QR code for the fun of it. Avoid scanning random stickers on the street, bus stations, shopping malls, etc. Scammers could place these QR codes to deceive people.
Enable Two-Factor Authentication
Even when you take safety measures and try to be careful, you might make one mistake that will allow unauthorised access to your accounts. Enabling two-factor authentication (2FA) gives you an extra layer of security against cyber attacks. Most platforms allow you to enable an SMS-based 2FA, but you can also use the Google Authenticator app to protect your accounts online.
Turn on Private-Browsing
Internet browsers like Safari and Firefox have anti-tracking features, but you can turn on a private or incognito mode for other browsers before scanning a QR code. This shields you from unwanted tracking and blocks potential security breaches.
QR codes are here to stay and won’t go away anytime soon. While there are risks associated with them, it is also important to know that they make business interactions much easier and faster. You remain in charge of whatever information you give. It is important to be vigilant and know when to interact with a QR code.