I am not saying to NOT use PayPal! I am trying to convey that there are safety measures that must be taken. My point is QR codes is a great tool in some circumstances. I just believe the security factor out weighs the convenience from a buyer's standpoint. As I have said the best security is being pro-active. Sadly most of us have way too much private information stored in our smartphones (especially those who also have their emails synced). I am one of those who is guilty of this practice! Would I use QR coding? Yes... under the circumstance of creating the QR myself or internal use in my own business (minimal risk). But never for a payment gateway!
Now knowing this, do you not think as a PUBLIC service to those who read your info should also be made aware of the dangers of QR coding (please read RISKS below)?
On another note for those who wants more answers or info to e-commerce/merchant accounts please start another thread, as I believe the OP meant this thread to be about QR coding. If the OP doesn't mind talking about it here then I will gladly share what I know and if not then I'll look out for the new thread.
Is this enough Proof for you?
QR Code on Wikipedia
Risks
Malicious QR codes combined with a permissive reader can put a computer's contents and user's privacy at risk. This practice is known as "attagging", a portmanteau of "attack tagging".[36] They are easily created and can be affixed over legitimate QR codes.[37] On a smartphone, the reader's many permissions allow use of the camera, full Internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.[38][39][40]
Risks include linking to dangerous web sites with browser exploits, enabling the microphone/camera/GPS, and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions),[41] and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity,[42] and even containing malicious logic themselves such as Javascript [43] or a virus.[44][45] These actions could occur in the background while the user is only seeing the reader opening a seemingly harmless web page.[46] In Russia, a malicious QR code caused phones that scanned it to send premium texts at a fee of US$6 each.[36]
Another good read by
PCWorld and another good read about
Malicious QR's
Tips for Quick Response Safety
(excerpts from PCWorld-Aus)
• Never implicitly trust any QR code. Be suspicious and alert when you go to use it.
• Make sure you have security software installed on your mobile device. The vast majority of smartphone, tablet and e-reader users currently do not have any security software installed. Yet these devices can be even more susceptible to malicious attacks by cyber criminals. Free and paid security software solutions, like AVG Mobilation for Android, are available for most device platforms.
• If QR code takes you to a web page which asks you to provide your user name, password, bank account details, and/or credit card details, then the person behind the web page is either a thief or an idiot! So don't provide those details to them.
• If a QR code takes you to a web page where you need to login, then don’t login. Instead, go directly to the web page by putting the correct URL into your browser address bar, or via some other trusted means. Doing this means you are much less likely to fall victim to a phishing scam.
“Our surveys show that the majority of people aren’t even password protecting their smartphone and tablet devices,” said Borrett. “Yet they need to be doing much more, including installing a good security solution like AVG Mobilation for Android. Then they will have protection in place that will check apps and web site content for malware should they be tricked into using a malicious QR code.”
I really don't think my post is for you. You have warned everyone. Thank you. I won't be replying to anymore of your posts as you are not really the intended audience.
I'm sorry you feel that way! Please let me know when the honey moon phase and coolness factor of QR codes has faded. That way we can correspond in an adult manner. This 'I won't be replying to anymore of your post as you are not really the intended audience" is just infantile. There is a HUGE flaw in QR's that you are not willing to admit or at least make yourself and others aware of!
Exactly who is your intended audience? If anything I have a better grasp of QR coding then most. I've used it in a 'Big Brother' kind of way. I would design flyers for my clients w/ QR's. I would be able to tell the demographics (city, gender, aprox age, computer/phone, OS, browser, what page they visited and what page they left, etc.). How? With scripting on a website and Google Analytics.
So I am well aware of the powers of QR's... watch this video and see how easily this guy cloned a site with login and password and used QR's... not that far fetch to clone PayPal login page... is it? So before you decide to take your ball home... do a little reading on some of the links I posted... after all it is not I who solicited 'any advice' on a public forum about QR's.
