QR codes, while being immensely useful in quickly digitizing data, can also be an insecure form of relaying information. They are usually placed in public where anyone can access the data using their smart phones. While this is great for distributing information, it also make information too available to everybody. It is difficult to control access to information or check the validity of the code.
QR codes are cheap and easy to generate, so they are sometimes used by scammers for counterfeiting products such as certificates and tickets. They are also used for phishing attacks.
Stickers with QR codes can be created and placed on top of existing legitimate QR codes in posters and other advertisements. Because humans cannot read them directly, QR codes can hide information that can cause privacy and security issues. The code can link to malicious websites or text messages.
Some QR codes contain all the information in the code itself, but others need to connect to an online server to retrieve the information. Scammers can use QR codes to connect to a malevolent website or install malware. These can be used to charge $1 text messages to a phone, or steal contact or credit card information.
Luckily, companies are creating various security measures to make QR codes safer. Here are a few of them.
Security QR Codes (SQRC) by Denso ADC
It seems fitting that the inventors of the QR Code, Denso ADC, are the ones pioneering Security QR Codes (SQRC). SQRC is a new kind of QR code that has public and private data that can be read by a QR reader such as a smart phone. The public data can be read by any reader such as a smart phone much like a normal QR code. The private data is encoded with a password that can unlock the information. A proprietary scanner is needed to scan the password and reveal the encrypted data. The password can be changed as needed.
SQRC can be used in a multitude of ways such as preventing counterfeit, gray-market and black-market goods, controlling access to systems, confirming identity, detecting fraud, securing financial transactions, managing and tracking inventory, verifying validity, keeping medical information confidential and other situations where security is critical.
For example, SQRC can be used on the wristbands of patients in a hospital. When the patients scan the code with their smart phone, it takes them to a website that has features for patients such as being able to order dinner. When a nurse scans the same code, they get access to the medical record of the patient.
Denso ADC is a world leader in automatic mobile data capture technology. They are known for inventing the QR code and for pioneering CCD technology. They also create lightweight but durable handheld 1D and 2D terminals and scanners.
QRStuff's Password-protected QR Codes
QRstuff.com, a website that creates free QR codes for different uses, such as for Google Maps, Paypal Buy Now buttons, Facebook Likes, vCard contact details, vCalendar event details, FourSquare venues, LinkedIn profiles and shares, WiFi logins and others. These QR codes can be emailed or printed and made into hats, stickers, t-shirts, coffee mugs and other items.
QRstuff.com also allows users to create password-protected QR codes to lock down private content. Instead of having the password function on the website, the QR code itself can be password-protected. This adds a soft security layer on the content.
Security QR codes are useful for information intended for a small group of users, such as content for family, classmates, members or customers. They ensure that information is limited just to those who need it.
For example, employees might access data for private equipment in public places such as usage statistics, service tags and data specifications. Or a promotion where winners can go through the prize page with a pin code or password. Password-protected QR codes can be used to pre-release content before the information is widely published as a press release. They can also be used for testing or deploying campaigns.
Quickmark has a free online generator that creates secure QR codes that can be scanned using free scanner software that recognizes encryption. All the data can be encoded with an alphanumeric password. When scanned with the Quickmart Reader, a password needs to be provided to see the data. When other QR code scanners are used, it will just show gibberish.
This QR code can be used for information that is meant for only a select number of people, such as employees or authorized personnel. It can also be used to password protect a page that does something such as post a new entry to a database.
Aside from full encryption, Quickmark also offers partial encryption. Without a password, people will be shown the non-encrypted part of the data. With the password, authorized users are shown the encrypted part of the data.