QR code technology is closing in on 30 years of usage, but the Covid-19 pandemic has turned the technology from a niche market application to mainstream consumer use - and that inevitably attracts interest from the fraudsters.
What’s more, the increasing use of QR codes to generate payments, has even caused the technology’s inventor, Masahiro Hara, to become a little wary. The most pressing security issue identified, concerns what we term ‘static codes’, that might live on a website and be used to generate transactions.
The issue here is that if a hacker gets into the site, and changes the code, fraudulent transactions might take place before the company spots the intervention. One of the issues is that customers can’t actually read a QR code to know where it will direct them, before they scan it.
Most static codes are typically simple redirects that send users to a website. These lack any form of security and are exceptionally vulnerable to phishing and risk insufficiently protecting personal data. And certainly, the codes we commonly see printed and displayed in pubs and restaurants are not the safest way to generate payments and transactions. They generally deliver a poor customer experience, and miss the opportunity to include identity for personalisation or the additional security that can speed and simplify checkout and payment without compromising safety.
These concerns can equally apply to dynamically generated QR codes – which can be spoofed, copied or simply cracked. Whether static or dynamic, what really matters is the process that generates the QR code, what scans it, how it understands the code and the customer journey that it then triggers.
That’s why Ensygnia’s patented Onescan system uses specially generated codes to add security and protection into the transaction for both the supplier and the consumer. Our codes are protected by our patented system to ensure they follow a specific encoding and encryption process that makes them safe. The result is a great customer experience that always protects the data, privacy and payment of every user.
Our codes interact in a way that breeds reassurance. Users can see they are connecting with the correct site and get the chance to authorise the transaction before it is processed. And because our system uses a token-based format to handle the exchange, the users’ financial data remains protected at all times. Most importantly we don’t create or store any financial data or personal data that can be hacked centrally. There are no usernames and passwords needed. Suppliers and their customers stay in control through every step of the process and maintain an unparalleled level of security over their data.
Onescan can turn any smartphone into a secure transaction terminal, and any screen into a secure transaction sales point. It also meets all the required standards within the EU and European Bank regulations on “Strong Customer Authentication” - something we’ve written about extensively before - which will soon apply throughout Europe, including the UK, to all online transactions of more than €30. Retailers large and small, who want to do business online, will soon have to meet those strict rules to guarantee their customer’s security.
To find out more about how to integrate secure Onescan payment technology into online business, click here. It’s a simple, fast, and more importantly, secure route to online and QR code payments.