STUDY: QR Codes Lure Diners into a False Sense of Security
Despite 96% of United Kingdom respondents having scanned a QR code in restaurants or retail stores in the last six months, almost half (48%) still don’t know if they have mobile security software. That’s according to a study by Ivanti, the automation platform.
While this study focused on consumers in the UK, contactless transactions are having their moment in the US and around the globe. With the UK economy reopening, it appears QR code use is steadily increasing across the hospitality and retail industries. More than half (58%) of respondents have scanned a QR code in a bar or restaurant, a notable increase from 45% six months ago. Four in five (80%) of consumers agree QR codes makes life easier in a touchless world. As these venues continue to serve an increasing number of customers and reopen fully, scanning a malicious QR code without the correct security could compromise the integrity of a device and any data it holds.
According to the survey, 70% of UK consumers want to see QR codes used more broadly in the future, with 69% open to using QR codes for future payments. Those willing to use QR codes for payment are up nearly 20% compared to six months ago.
The research also found that 85% of respondents feel secure using QR codes for financial transactions, but over half (53%) cannot distinguish a malicious QR code. QR code use is set to increase rapidly, but unsuspecting Brits remain the perfect target for hackers on the High Street.
In addition to being unable to identify a malicious QR Code, areas of concern are:
- 65% of respondents think QR codes only open a link.
- 55% don’t know that scanning a QR code can download an app.
- 86% don’t know that scanning a QR code can start a phone call.
- 82% don’t know that scanning a QR code can initiate a text message.
“Hackers spent lockdown exploring new ways to exploit consumers, so we can expect hackers to get even more creative with QR codes now that the UK is reopening shops, bars and restaurants,” warns Ivanti. “For example, a malicious QR code can easily be pasted over the one provided by a restaurant or bar, to trick a user into paying for the bad actor’s next holiday instead of a round of drinks.”
By not knowing if their mobile devices are secure, people are directly putting businesses in jeopardy of cyberattacks. With an increasing number of employees utilizing their mobile devices for business purposes, it is critical that organizations re-evaluate their security strategies to center on mobile devices.
Ivanti says a full-service unified endpoint management (UEM) solution paired with Mobile Threat Defense (MTD) can automatically identify and secure any device across its network to monitor any attempt to access business data. Adopting a UEM with MTD solution helps ensure companies can mitigate up to 95% of cyber threats, including malicious QR codes.
The study polled over 500 consumers across the UK as a follow up to a September 2020 report to understand how consumer attitudes and usage of QR codes has evolved over the last year. To view a full list of the results, please visit here.