QR Codes: The Good, the Bad, and the Ugly

It’s a safe to say that most people are not only aware of what QR codes are, but have likely used one within the last month. Starbucks’ app utilizes the technology every time you pay through the app in-store. This August, Venmo launched a QR code feature to allow users to find each other on the payment platform via a quick scan. Snapchat users utilize QR codes in a similar fashion to connect with each other through their “Snapcode.” In today’s increasingly mobile market, QR codes are seen as the ideal solution to bridging the gap between online and offline worlds. In China and India, these codes are widely used for a variety of payment options. QR codes are poised to continue their rapid expansion as a viable payment option; but are we jumping the gun when it comes to these little black-and-white squares?

How We Got Here

The original QR (or Quick Response) code was developed in 1994 by Denso Wave to be used in the Japanese automobile manufacturing industry. These codes were born out of necessity due to the limitations that come with barcodes. The QR code opened up infinite possibilities for what information could be stored within these small squares. In 2002, QR codes began to spread in Japan after mobile phones became equipped with a code-reading feature. From there, QR codes started popping up all over, containing everything from coupon codes to links to websites.

The New Money?

Today, China has led the way in adoption of QR codes across all industries, including banking and finance. Alipay launched a QR code-based payment system in 2013 and WeChat followed a year later. India has also adopted the QR code as the new standard for digital payments in order to speed up the nation’s shift from cash to electronic payments.

In America, apps like Starbucks and Venmo already rely on QR codes as a means of bridging the gaps that exist between different virtual wallet platforms. Because Apple Pay, Samsung Pay, and Android Pay all utilize NFC technology in different ways, merchants have to be able to process payments for each of these independent platforms if they wish to be mobile-accepting at their POS system. QR codes provide a simple solution to this problem.

Risky Business

Unfortunately, the use of QR codes to solve all payment problems comes with a whole host of issues. QR codes are inherently risky. “When you scan a QR code, you have no idea where it’s going to take you. It could take you to a malicious website that might try to install a virus on your phone,” explained Matthew Green, an Assistant Professor of Computer Science at Johns Hopkins University.

The simplicity and wide-spread access that makes these codes so appealing is also what makes them problematic. In China, numerous cases of fraud have occurred in recent months, including one in Guangzhou where approximately 90 million yuan (about $14.5 million) was stolen via fraudulent QR codes.

Because there is no way of knowing where a code will take you or if anything is amiss until after scanning it, users are left exposed. Pair this with the ease at which codes can be created and you have an environment ripe for rampant fraud. In March of this year, iFlytek’s Chairman, Deputy Liu Qingfeng, explained just how wide-spread this problem has become in China alone, with over 23% of Trojans and viruses being transmitted via QR codes. While QR code usage continues to spread, security measures to combat these mounting issues are becoming increasingly crucial.

The Bottom Line

The case for or against QR codes is one of weighing convenience and speed versus safety and security. The demand for faster, real-time payments continues to grow, and banks and businesses are rushing to keep up. In this haste, it’s easy to see how QR code adoption could become wide-spread. However, while these little squares could create a viable solution to issues of speed and ease of accessibility in payments, it’s worth noting the mounting evidence pointing to QR codes being more of a problem than an answer.