If you see a brand-new, shiny QR code sticker on an older, weathered sign, you should take a closer look before using it or allowing your customers to use it.
Like any other method of payment, QR code-initiated payments have become a target of scammers. In QR code fraud, bad actors place a sticker with their own QR code over a legitimate QR code so they can receive payments from unsuspecting consumers.
“Anytime something takes off in the payment space, there’s always fraudsters who try to manipulate it,” FLASH Chief Operating Officer Dan Roarty told PYMNTS. “QR codes, unfortunately, are no different.”
Watching for Fraud
FLASH, a supplier of parking management systems, has added a QR Code Verifier to its app and has been getting the word out to parking operators and consumers about how they can avoid QR code fraud while using this payment method.
“The benefits far outweigh the risks, and any merchant in any business that is accepting payments always has to be on the lookout for fraud,” Roarty said. “This is just one more iteration of payments, and one more iteration of things that you have to pay attention to.”
The QR Code Verifier enables parking operators and consumers to scan a QR code to see if it would take them to a legitimate URL used to pay for parking. If the tool finds that the QR code leads to an unknown URL, the user can tap a button to report it to FLASH, who will send someone to inspect it.
FLASH also watches for fraud by monitoring the traffic coming from its points of sale. If a sign in a parking lot that normally gets 20 scans a day suddenly gets none, the company notifies the parking operator who can then inspect it.
The company is also sharing tips about how to avoid QR code fraud through a blog post, social media posts, trade show presentations and other means.
Getting the Word Out
Parking operators can deter QR code fraud by looking for scammers’ QR code stickers just as they would watch for credit card skimmers. FLASH’s QR codes are part of the sign itself, rather than a sticker, so that’s one thing the parking operator can look for.
“We put all our resources to work to make sure that operators understand the benefits and the potential risks of moving towards this digital platform, and then how to operate on that behalf,” Roarty said.
Consumers can spot potential fraud by examining the QR code, the URL that it takes them to and the online form that it asks them to fill out, just as they would take a second look at a strange email. If the QR code is on a sticker that’s placed over something else, if the URL doesn’t look right or if the online form asks for too much information, it may be fraudulent.
“When you’re going through that process, usually, as a consumer, if it looks weird, it probably is weird,” Roarty said.
The company also recommends that parking operators offer, and consumers use, Apple Pay or Google Pay because those have additional security measures. In its app, FLASH puts those payment methods front and center on the screen.
Enabling Secure, Convenient Payments
There’s been an explosion in the use of QR codes in commerce because they’ve enabled touchless payments during the pandemic, they’re convenient and they allow consumers to keep the device — their mobile phone — in their own hands rather than handing it off to someone else as they would do with a credit card.
In the context of parking, QR-code enabled payments allow consumers to pay without having to get their credit card from their wallet. This makes for speedier payments at a parking meter or at the entrance to a gated parking lot.
“As we’ve deployed more and more of these locations around the country, we felt it was time to take more control of this and make sure that consumers, parking operators, our partners and our own employees were very aware of this so that we make sure that it takes hold,” Roarty said. “The convenience is so great, you don’t want it to be ruined by a few bad actors.”