There’s been a great deal of discussion recently about the increasing integration of QR codes into the parking experience. Specifically, some have raised concerns about the potential security complications if not implemented or monitored appropriately.
QR codes have become integrated into many aspects of parking technology, from parking meter payments, to parking garage access. However, as adoption rates increase, scammers are on the lookout for gaps in the business processes involving QR codes. In a recent case, authorities found that someone had placed fake QR codes onto parking meters throughout a city, sending unsuspecting patrons to a fake payment site.
As parking technologies continue to become more sophisticated, the responsibility to protect consumers grows as well. Processes using QR code technology are no exception. There are many scenarios where it is an extremely valuable and convenient solution for parking operations, but some in which it should be avoided or used very cautiously.
The use of QR codes for parking business processes in itself is not harmful. But if they are not installed in a trusted, controlled, and physically secure environment, they could be targets for tampering. For instance, scammers could replace legitimately posted QR codes with fake ones, leading the customer to malicious links or even to download malware on their phones.
In parking, QR codes are best suited for parking garages and gated lots rather than for open street parking or un-monitored facilities. Vending the gates is an ideal process to automate with QR codes, but care should be taken if QR codes are used to prompt the customer to initiate payment processes.
Customers should be taken to the payment process via a secured link sent to them only after they have been able to physically verify a trusted and expected second factor outcome, like the opening of a gate arm. If that expected second factor outcome does not take place, it would caution the customer that something is wrong, and they can notify the attendant immediately to take corrective action. This prevents any other customer from exposure if it indeed happened due to a fake QR code.
For example, only after the customer sees that their scanned QR code has successfully opened the gate (thus establishing the QR code’s verity), would they then trust an eTicket link, sent to their mobile device, after they have successfully entered through the gate. Once this trust is established, they would be willing to safely use that eTicket link for payment, before proceeding to the exit gate. For added safety, we propose our customers use our unique system of Dynamic QR Codes.
Finally, there are also a number of physical design-related precautions that are necessary to protect the process. Proper branding and signage elements will inform the customers of the exact steps and screens to expect during the parking process, while creating a professional and quality image for the garage. In addition, simply locating the signage in a convenient location, but secured behind or within a clear box or structure will eliminate the opportunity for anyone to tamper with the actual QR code. As parking professionals, it is important that we are constantly looking at all aspects of our parking operations to ensure that the public is protected both physically, as well as digitally. The responsible integration of these valuable technologies will not only ensure that we keep our communities protected, but that we maintain the highest standard of quality for our organizations.