The 6 Key Considerations for Banks Implementing Secure QR Codes

Rajesh Soundararajan
Apr 05, 2022
4 min read

Securing Bank Documents with QR Codes: Overcoming Challenges

In the face of rampant document forgery, banks worldwide are increasingly seeking secure QR code solutions to enhance document security in transactions with business clients and consumers.

IT teams in the banking industry are tasked with procuring or building solutions that generate tamper-proof documents, which can be easily validated and maintain authenticity. This is a challenging endeavor, as the solution must integrate with core banking software, enhancements, and extensions, all while ensuring high availability.

While document security is a critical requirement for banks, writing the code for secure documents is not typically considered a core banking function. As leaders in document security, Qryptal has experienced a surge in demand from banks in Africa, Asia, and the Middle East for solutions that address this requirement, especially as numerous banking documents are exchanged globally.

A Secure QR code solution can provide the needed security. By generating documents with secure QR codes, banks can ensure that documents are tamper-proof and easily verifiable on demand, regardless of whether they are electronic or physical. Here is a summary of the essential requirements and constraints when deploying such a solution for most banks:

Requirements:

Based on our experience, these are the usual requirements for such a system:

Banks want to ‘print a secure QR on PDFs’ generated by the core banking system in physical or digital formats (phygital).
Documents should be verified or checked by ‘third-party validators’.
In many cases, banks prefer ‘external’ verifiers not to access databases, servers, or systems for security reasons.

Constraints:

These are the typical constraints banks face:

PDFs must be generated according to standard templates.
The bank’s core banking software must make API calls to generate secure QR or PDF with secure QR.
Different banks have varying deployment requirements – some can work in a Cloud environment, while others require On-premise deployment.
Two options for QR code generation are usually considered:
a. Without URL: For better security and to avoid QR Phishing issues
b. With URL: can be scanned with any QR App for ease of use but may have data capture & leakage implications depending on the app used
Documents may have an expiration date, typically expiring in 45-60 days (configurable), and there may be a need for automatic storage clearance at predetermined intervals.
An easy way to verify other than the app - usually a web validation mechanism.

All this can easily be achieved with Qryptal solutions and often within days. Having worked with banks across the globe, Qryptal’s novel architecture provides ALL the above and much more:

Architecture:

Serverless Architecture: Qryptal’s QR code solutions utilize a serverless architecture, allowing the solution to scale effectively and be virtually maintenance-free. With no servers needed once the document is issued, the infrastructure required for verification is minimal.
3072-bit Security: Qryptal’s Secure QR code solution is based on PKI and offers 3072-bit RSA equivalent security, making it significantly more secure than typical internet banking.
Offline Verification: The self-contained nature of Qryptal QR codes eliminates the need for network connectivity during validation. As a result, verification can occur anytime and anywhere, including in secure air-gapped environments.
Physical-Digital: Qryptal’s solution works for both electronic and printed documents. By generating a secure Qryptal QR code digitally and placing it on physical and electronic versions of the document, both formats maintain the same level of security and can be verified easily.
Privacy: Qryptal helps safeguard and protect the privacy and confidentiality of both customers and institutions in a straightforward, logical manner. By using Qryptal’s Secure QR code solution, banks can efficiently address document security concerns while adhering to the unique requirements and constraints they face.