As commonplace as quick response code scanning may be in China, scams are becoming a problem.
Many residents of the Chinese city of Guangzhou fell victim to a fraudulent QR code that scammed them out of millions of dollars.
The scam stole an estimated RMB90 million (about US$13.03 million) from unsuspecting smartphone users.
The use of quick response codes has become exceptionally commonplace in China. They are used as a part of mobile payments to let people complete transactions at the local convenience store. They are found on product packaging to allow consumers to learn more about what they’re buying. They’re even found on admittance tickets and event programs. That said, more recently, a fraudulent QR code was the heart of a massive scam.
The frequency of seeing a fraudulent QR code is beginning to grow in China and it is becoming problematic.
The reason is that the QR code technology being used is not the most secure form of transaction available. Moreover, it is essentially impossible for a person to know whether or not a quick response code is legitimate just by looking at it. After all, it’s simply a black and white pixilated square. Without a scanner, it’s hard for a person to tell one from another.
A growing number of reports have been filed indicating that scammers are placing their own QR code stickers overtop of the legitimate ones. This dupes consumers into paying money into a criminal’s account instead of the intended target for the money.
Two of the biggest Chinese mobile payment platforms have made a concerted effort to fight this growing problem with fake QR codes. Alipay and WeChat have launched mobile security software to provide users with monitoring and a more secure experience. Alipay’s version of this effort comes in the form of a “website detection function” which monitors accessed links and cautions consumers when a compromised link has been detected.
The goal is to make it possible to warn consumers of a fraudulent QR code before a transaction is completed. In this way, the mobile device user can back out before they have paid into a criminal’s account.