Are QR code payments secure?

QR code payment options have grown significantly over the last five years, on the back of smart phone adoption and the use of social media and digital platforms. For banks and mobile money services, the potential for QR codes is staggering. However, with any digital payment method, there will always be concerns around security.

At Youtap, we are often asked about the level of security pertaining to QR code payments. To explain how secure this method is, it is useful to draw a comparison with the card payment.

Simple and secure

QR code payments are quite different from card-based transactions. With a card, a PIN (personal identification number) is entered into a merchant’s device to initiate the transaction, and the card must be inserted or swiped for the transaction to be completed.

In contrast, the QR code payment is much simpler. There is no need for the customer to enter a PIN into the merchant’s machine, nor is it necessary to insert or swipe the device through the machine. The customer’s device simply scans the merchant’s QR code (which is either printed or on the merchant’s smartphone). Before the transaction is processed, the customer can also check the authenticity of the transaction by checking that the name and details of the merchant match up.

Merchants and customers are in control

Because the customer initiates and controls the entire transaction without revealing a PIN or making physical contact with the merchant’s device, the risk for fraud is significantly reduced. Of course, it is still up to customers to keep their mobile devices secure.

There is also less risk for merchants, as they can check the legitimacy of the QR code payment by way of text messages, for instance. As with any point-of-sale solution, the onus is on the merchant to keep the QR code secure, as it contains valuable data.

For added security, Youtap uses secure algorithms to verify data and prevent the risks associated with tampering. Merchants and customers can feel safe in the knowledge that Youtap conforms to strict QR code standards as set out by EMVCo — the same QR code and security standards that Visa and MasterCard apply.

DR MICHAEL JOHNSTON is Chief Technology Officer at Youtap — He holds a doctorate of nuclear physics from Manchester University with over 20 years experience in worldwide telecom and IT industries, Mike has in-depth experience in the development and implementation of high volume transaction processing solutions.
Prior to entering the telecommunications and financial marketplace Mike pioneered development in London, UK in the fields of Medical Physics (Breast Cancer Research) and International Financial Markets.

For more information about Youtap’s QR code solution, visit our website youtap.com