#
 
AKA

QR Codes Yes, or No?

March, 2022

Kevin Uhlenhaker

Dear Kevin, 


There has been a lot of news about fake QR codes on parking meters being used to scam people here in Texas. Should we stop using QR codes for any of our parking solutions? 


Troubled in Texas,


Thanks for the question. Many of us have been concerned about the parking QR code scam in Texas and several other states. Someone created QR codes stickers that when scanned led to fake parking payment websites and placed them on parking meters and signs. People who scan these codes and then pay for parking on the counterfeit sites can end up with a double issue of having their credit card information stolen and getting a parking ticket for non-payment. 


In the early 2000s, there was a push to use QR codes in many other situations ranging from advertising to enhanced tombstones. The issue then was most people did not have an easy way to read the QR codes. But it was not until 2017 that the iPhone added a built-in QR code reader, and many Android devices included this functionality by 2016. Even with this built-in functionality, most people were not using QR codes until COVID. 


As the COVID pandemic spread, business owners and others sought a contactless method to provide previously physical items or actions, such as menus, check-ins, rental details, and many more. The need to do things in a contactless manner and the now standard QR code reader in everyone’s purse or pocket created a perfect storm of adoption. What was a niche technology became mainstream almost overnight. 


In early 2022, scammers began placing QR codes on parking meters and signs that led to a fake parking payment site at many locations. It wasn’t a hack but instead what is called a phishing attack. This approach uses a fake website or email (that looks real) to convince people to enter their information or click on a link. It relies on the fact that most people don’t double-check (or even know how to double-check) the websites they visit or links they click. 


Phishing attacks can be launched through emails, text messages, and even phone calls. The number of phishing attempts is high and growing. According to the Anti-Phishing Working Group, in 2021, over 250k unique phishing sites were detected by the group. Between 2020 and 2021, the number of phishing attempts doubled. In our parking situation, scammers took advantage of the fact that people have been trained to scan QR codes and that most people assume they are not being scammed. 


The larger question here is what can be done to help protect your parking organization from this issue. The first approach I would recommend is customer education. Work to ensure your parkers know the correct methods of payment supported by your organization and how those sites should look. Offer your team (and even your parkers) ongoing education on recognizing and avoiding phishing attacks. 


Another option is to select technology that leverages more secure payment methods and interfaces. For example, using the built-in digital wallet features of Google Pay and Apple Pay helps to ensure that users are not asked to enter their credit card information to complete a transaction. When they make a payment, they have to verify their identity on the device. This feature not only reduces the likelihood of phishing but also should reduce the number of fraudulent credit card charges as well. 


Additionally, new technologies such as AppClips (from Apple) and Instant Apps (from Google) utilize smaller versions of apps that remove the need to download the entire app and can be launched from a link or QR code. The nice thing about both AppClips and Instant Apps is they have to be downloaded from their respective app stores. This requirement, while not perfect, offers another layer of protection as both Apple and Google screen for and remove fraudulent apps. 


Along with technology, another critical factor in avoiding these issues is vigilant system observation and maintenance. While there are many parking signs and payment devices out there, train your staff to be aware and attentive to any changes made to these parking assets. They should know what should and should not be on your parking signs, meters, and other revenue devices. 


I would not recommend you shy away from legitimate uses of QR codes in your parking operation. Like most technology, QR codes are not innately good or bad; it is all in how they are used at the end of the day. As a technology, they can make parking easier for your users, and now that most people know how to use them, the barrier to adoption is even lower. 


Troubled in Texas, Thank you for your question, and good luck. 


If you have a question, comment, or


even complaint, please email me at aka@slsinsights.com. 


  



#