The Surge in QR Code Adoption: #BackToBasics [Part 1]

Rajesh Soundararajan
Nov 28, 2021
4 min read

Concepts and Best Practices in implementing QR Codes

Every now and then, we post an article on the basics or fundamentals of QR codes and share information from new and popular articles posted on the subject. In this post, we share with you the basics of how QR codes started, how they are being adopted and used extensively today, bust some myths about them and explore how QR codes hold up to Blockchain.

QR codes have a variety of uses, from storing bank or bill information for payments to ordering at restaurants or joining a Wi-Fi network. But the easy-to-use codes do not come without security risks (in the normal or regular form)– a concern highlighted by numerous incidents in recent years. We will also look at these potential security issues surrounding QR codes and the best approaches to using the technology safely.

1. What Are QR Codes?

QR codes were invented by Denso Wave Corporation in 1994 and are open source/free to use, which has been a significant factor in their increased usage. Coupled with the rise of camera-equipped smartphones, QR Codes can easily be scanned, and the information stored is decoded and acted upon. Today, QR Codes are used across a wide range, such as vaccination certificates, mobile payments, education, inventory management, marketing, & advertising. The size of the QR typically depends on the amount of data stored in it.

QR Codes themselves are not secure or insecure. The security comes from how and what is “written” inside the code. This is, in a way, just like an Excel file i.e., a normal excel file which can be read by anyone versus another that is secured with encryption and/or password. At Qryptal, we have added a layer of security and compression to the ubiquitous QR code that makes it an ideal application for Information and Document Security. A typical QR Code looks like this:

QR Code : Visual Data File

2. QR Code Adoption Around the World

QR codes have enjoyed a massive upsurge in adoption worldwide, with China and India taking the lead. In many emerging nations, QR Codes are fast becoming the default for payments and in recent times - for Vaccination certificates and Covid test reports. In addition, QR codes have been used for restaurant menus, for contests and promotions, to identify pets, reply to job adverts, and much more.

QR codes are two-dimensional barcodes and are much more powerful than standard barcodes. QR codes can store (and digitally present) much more data, including URL links, geo coordinates, and text for the same size. A significant advantage of QR Codes is that instead of requiring a chunky hand-held scanner to scan them, all modern cell phones can scan them using a simple app/QR reader. Read More…

To make it convenient to verify, many organizations have started incorporating QR Codes containing URLs on documents issued by them. National Accreditation Board for Testing and Calibration Laboratories (NABL) in India and Zakat, Tax and Customs Authority (ZATCA) in Saudi are more recent examples of large statutory bodies mandating large-scale QR code led systems in their countries.

Examples are government-issued licenses, inspection reports, insurance certificates, degree & transcripts, pathology reports, receipts, etc.

3. QR Codes, Phishing Attacks, and what should be done?

QR Phishing

With growing popularity, using plain URLs in QR Codes is an invitation for phishing attacks. The idea is that when a third party comes across this document, they can use any QR Code scanning app on their phone — scan the code, and it will open the URL on the phone browser. Though alluringly convenient, this totally disregards everything we have learned about avoiding phishing attacks. Moreover, it is not just theoretical — it is a present and active threat.

START DOING THIS - To stop this, you must develop your own solution or use a solution like Qryptal, which helps you generate tamperproof digitally signed QR Codes which are meant to be scanned and verified by approved Apps. This retains all the existing ease of use once the user has installed the approved App.

STOP DOING THIS - One way in which people try to address the authentication issue is to print a long unguessable tracking number on their certificates and guiding the user to visit their website to enter the tracking number to validate the information. This option is, of course, not convenient and would deter most from using the system.