QR Code Security Best Practices

qr codeQuick response codes, or QR codes, are the latest thing in mobile marketing. Scan a funky little square with your smartphone and instantly visit a website, subscribe to an email list, or download more information about an event or a business. They are great for getting people on the go and giving customers something quick and easy. They are also becoming a great way for cybercriminals to steal information and to infect cell phones by creating QR code malware, or having them lead to malicious sites.

Since QR codes are so new, there aren’t many security measures or protections in place to ensure that QR codes are doing what they’re supposed to be doing. How do you know if a certain QR code is safe? How do you make sure that your code doesn’t end up getting hacked and harming others?

Before scanning a code, check the url of the website it goes to. This is done by having a scanning app that reveals the url when looking at a QR code. If the url seems suspicious, or is maybe encrypted with a url shortener, then scanning that code may not be the best idea. If you do scan a code and you are taken to a login form, DO NOT fill in the form. That’s a trap for criminals to retrieve personal information. In legitimate cases, scanning the QR code should, at least, retrieve the phone number automatically, or should ask for information if you are subscribing to something. Most other instances where a QR code is used, such as leading to a website or downloading a coupon, shouldn’t need any personal information.

Another way to protect yourself is to have an app on your mobile device that warns of malicious sites or possible infections. Apps such as VPN4all’s mobile solution, Lookout Mobile Security, OCShield’s Mobile App, and Norton Mobile Security can prevent you from going to a malicious site, block malware and malicious texts, and/or protect your privacy and identity.

Businesses that use QR codes can also take measures to ensure that their codes are safe and secure for customers. One thing to do is to provide context for the QR code when it’s on a brochure or website. This way, customers will know exactly what’s supposed to happen when the code is scanned. Oftentimes, spammy codes won’t have any context at all. Businesses should also reveal the exact url of where the code leads. This keeps the process transparent and won’t have anyone think you’re taking them somewhere unexpected.

Unfortunately, QR code security at this point in time is “buyer/business beware.” Business and consumers need to do their part with mobile security and emerging technologies. No one is going to provide this protection for you.


About Allison Midori Reilly

Allison Midori Reilly is the CEO and Founder of Stirring Media, LLC. Stirring Media, LLC is a content marketing and news production firm that provides content marketing and business blogging services to the small business market. Prior to that, she was a freelance writer, who was published in over a dozen print and online publications, such as Smallbiztechnology.com, American City & County, Ideabing.com, Transport Topics and St. Louis Commerce Magazine. In her spare time, Reilly is an active member of Amnesty International as well as an avid poker player.

  • http://twitter.com/Seattle_printer DCG West

    Hi Allison, great tips.

    Thank you for making aware about the security from QR Codes.
    It is really very important to stay little cautious while scanning these codes and follow the tips mentioned in the post.

  • Geo Delux

    Interesting article. I’d never guess that there may be a danger from QR Codes. But now I think that hackers may use QR Codes for phishing. Also I’d like to suggest you http://www.pageqrcode.com online service, it’s the easiest way to add QR Code to your website.

    • http://Smallbiztechnology.com Ramon Ray

      Geo, thank so much