QR code use rises but consumers don't recognize the potential dangers
A side effect of the COVID-19 pandemic has been a rise in QR code usage as the need for touchless transactions has increased.
A new study from automation platform Ivanti reveals that 83 percent of respondents say that they used a QR code to make a payment (or complete a financial transaction) for the first time ever since March 2020, with 54 percent doing so past three months alone.
Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor's office or picking up a prescription -- with an increase from nine percent in 2020 to 14 percent in 2021.
Meanwhile, social activities like dining out or enjoying a drink at a bar have seen QR code usage decrease from 44 percent to 36 percent. Offices and places of work have seen an increase in usage, going from 11 percent to 14 percent.
Consumers have also grown more comfortable with QR codes that have a financial purpose. 65 percent report noticing an increase in places where QR codes can be used for payments, and 87 percent feel secure using a QR code to complete a financial transaction.
However, there is a lack of understanding of the risks QR codes can pose. While 47 percent know that a QR code can open a URL, only 37 percent are aware that a QR code can download an application and only 22 percent are aware that it can give away your physical location.
Two thirds of respondents feel confident that they could identify a malicious URL, but only 39 percent say they could identify a malicious QR code. In addition 49 percent state they either don't have or don't know if they have security installed on their mobile device.
"As a result of the pandemic, employees are using their mobile devices more than ever be access corporate data and services from any location," Chris Goettl, senior director of pro management at Ivanti. "As QR codes continue to increase in popularity and use, they will undoubtedly be leveraged more and more by cyberattackers to infiltrate devices and steal corporate data. This report underscores how critical it is that companies of all sizes prioritize mobile security for their employees, regardless if the device is company or employee own Organizations should implement Mobile Threat Defense (MTD) to defend mobile users a QRLjacking, phishing attacks, and to identify mobile OS or application vulnerabilities."
There's a summary of the findings in the infographic below and the full report is available from the Ivanti site.