Cybersecurity
QR code fraud ramps up, but you can protect yourself
Scammers are using QR codes to misdirect funds, but SA consumers are well protected if they stick to a few simple guidelines.
International coverage about scammers using QR codes to misdirect funds is fuelling fraud uncertainty. But South African consumers, while wise to remain vigilant, are well protected if they stick to a few simple QR guidelines.
Quick Response or QR codes saw a rapid uptick in usage during the Covid-19 pandemic as consumers looked for a simple and truly contactless method of payment. However, bad actors also realised there was an opportunity in the new trend and rushed to take advantage of a distracted public.
In the USA, scammers have been covering QR codes with stickers bearing QR codes they had generated themselves, at parking booms, restaurants and other places where static QR codes were being used. Instead of scanning and paying the legitimate merchant, unwitting customers were being directed to scammers’ webpages where customers were asked to input their card details.
South African consumers, who are generally pretty savvy when it comes to mobile payments, have also shown some reluctance when it comes to using scan-to-pay options in new environments, such as tipping car guards in some of our larger shopping centres.
However, according to Brett White, CEO of Zapper, the South Africa QR environment is fairly mature and enjoys an excellent security track record.
“Most Zapper customers are very comfortable with the safety of our platform, but also of QR codes in general,” he says. “Shoppers should always be wary of engaging with brands they don’t know or trust, but if they are using a trusted app to scan the QR code they should be fine. Most popular local QR payment apps have built-in security measures to ensure that the QR code you are scanning to pay is legitimate.”
White says that every merchant on the Zapper network has to go through stringent onboarding procedures and the Zapper platform performs checks to confirm if merchants are legitimate for every scan.
Says White: “If you have downloaded the Zapper app and are scanning a code with our app, we’re not going to invoke our payment experience on a QR code that we don’t trust or understand. If you happen to scan a known but unsupported QR code, the app will inform you that we don’t recognise the QR code and we won’t allow you to proceed with a payment. If you scan an unknown URL based QR code we will redirect you to the website – but do be wary of the authenticity of the site, especially if the site is asking you to enter card details into a web form.”
Local consumers are given an extra layer of security when paying QR codes in-app due to card encryption. This means that once a consumer has safely stored their card details in the Zapper app during the sign-up process, it is securely encrypted on their device and merchants never actually see the card details.
“By using a reputable QR app you no longer have to hand your physical card to merchants,” says White. “Nor do you ever have to enter your card details into website checkout forms. This eliminates the significant risk of having your card copied or cloned, nor being defrauded through fake or insecure checkout forms.”
White is quick to point out that local users should not become complacent when it comes to security.
“There are a few tips that you should always bear in mind when it comes to scanning a payment QR code. If you are unable to use your preferred QR app and are just using your phone camera to scan a code, be very aware of what type of website it redirects you to. Check to make sure it is the legitimate brand website and not a misspelt address. Second, secure websites will have an HTTPS at the start of their URL or address bar. If the website you have been directed to does not have that ‘S’ after the HTTP, it is not safe to proceed with any kind of transaction.”
More and more local merchants and small business owners are opting to use QR payments as a safe and simple option.
White says: “For many of our smaller merchants, like car guards, accepting QR payments like Zapper means they can safely take payments with only a printed QR code and a bank account, without the need for hardware that needs to be powered and online. This has transformed so many businesses and helped people move away from cash, which can be a big security risk, especially for informal traders. Supporting these entrepreneurs by promoting QR payments means you are helping build small local businesses, and you can do so securely in the knowledge that you, the merchants, and the funds are safe.”