With Mobile Payments on the Rise, Creator of QR Codes Thinks It Needs a Security Revamp
by Vincent Fong September 12, 2019QR Codes were first invented in 1994 by Japanese engineer Masahiro Hara. When it was created for Denso, they were originally used for manufacturing and issuing tickets and coupons.
Never in Masahori Hara’s wildest dream did he imagine that his humble invention would be so widely used in critical areas like payments, and QR payment security was likely the furthest thing from his mind
Driven largely by China, who processes trillions of dollars in payments annually using QR codes, many countries like Singapore, Indonesia, Philippines, and Malaysia are attempting to emulate China’s success.
Further across our shores, in Europe, a consortium of mobile payment system providers has agreed to adopt a unified QR code format to enable interoperability between different systems.
Masahori Hara voiced out his concern about QR payment security. He says that now that it is used for payments he feels a sense of responsibility to make it more secure.
And there are good reasons to be concerned. Attackers can compromise people using QR codes in many ways and, truthfully, quite easily. For example, QRLjacking is an attack that’s possible when someone uses a QR code as a one-time password, displaying it on a screen. An attacker can clone the QR code from a legitimate site to a phishing site and then send it to the victim.
Criminals can also replace a payment QR code with their own fake payment URL, which was something that has already happened in China, in the Guangdong province, about 90 million yuan (US$13 million) has reportedly been stolen via QR code scams.
With its increasing ubiquity of QR payments the now 62 years old engineer, vowed during the 25th anniversary of QR codes, to strengthen the safety of the system.
Image Credit: European Patent Organisation
