Blog

Are QR codes safe?

QR codes hadn’t been considered as a tool for consumer-facing interactions 20 years ago. Back then, most mobile devices didn’t even have cameras, much less an out-of-the-box function to read QR codes.

Fast forward to today and scanning QR Codes with a mobile phone is commonplace. You see them in advertising, mobile applications, and increasingly on more physical products we buy. Ironically, the same convenience that makes these codes popular is also cited as a security problem. Namely, because users instinctively scan QR codes. Their seemingly random shapes and patterns could contain a malicious URL, and the user would be none the wiser until it’s too late. Considering the worry, it’s worth remembering that email remains the most successful and prolific payload delivery for malicious links. That hardly stops the delivery of literally billions of emails every day. As with email and SMS texting, for that matter, QR codes offer more convenience than danger.

Modern applications using quick response codes on a digital screen don’t offer the opportunity to insert a bad link. Instead, they usually display a code that changes periodically, say every 30 seconds, to avoid the problem altogether. Every day hundreds of millions of people safely use this technology in multi-factor authentication or mobile payment apps. With that increased usage, it’s time to reconsider how we think about the security of printed QR codes. Scantrust has given the issue years of thought, and the result is nothing short of incredible.

A secure QR code is a QR code with a powerful security feature

How QR code is secured
inserting a secure graphic into a QR code creates intrinsic copy protection

A copy detection pattern, or secure graphic, is a digital image with an optimal design to lose information when copied and printed irreversibly. Because of this feature, copies always contain less information than original prints. Inserting a randomly generated secure graphic into a QR code’s digital image becomes a secured QR code, with intrinsic copy protection. By using this technology, threats from counterfeiting and malicious links decrease substantially if not altogether eliminated.

This kind of graphical security technology is far more efficient to integrate with packaging than other security features. A digital QR code containing the secure graphic prints onto products, and that’s it. Each unit with the secured code protects against copy by the same principle, even if it’s printed billions of times.

This technology is mature and already deployed on products. As it is now mainstream, there is no major barrier to mass adoption. Largely due to the effect of feature-rich smartphones being ubiquitous. When Scantrust first introduced the secured QR code seven years ago, it was the only technology with real-time authentication using a smartphone. That’s changed, and there are other competing technologies on the market, most of them using digital watermarks or unique fingerprints.

While these other technologies offer the same core functionality of allowing a user to authenticate a product with a smartphone, the Scantrust solution stands out in terms of value. Relative to implementation costs while adding a much-needed layer of robust security to the sometimes maligned, but ever-present QR code. In addition, this technology is already in production and already making more physical products verifiably genuine. In other words, yes, these codes can be safe and secure.

Get QR codes for enterprise