This use of quick response codes remains rare, but it is clear that it presents a new security threat.
Cyber thieves have now opened up a new channel that allows them to make purchases in the name of innocent consumer victims, and they are doing this through the use of QR codes.
These barcodes are becoming increasingly commonplace in marketing as well as mobile payments.
The first case of this use of QR codes to make fraudulent purchases was in Pima County, Arizona. It remains limited to this single case, so far but there doesn’t seem to be anything standing in the way of criminals who wish to do the same thing in the future. The way it works is that they use their computers to apply for a virtual credit card in the name of an unsuspecting victim. Then, they use that card to make purchases in the name of that victim, who then receives the bill.
The QR codes essentially open up a path to allow thieves to steal merchandise from stores in someone else’s name.
One of the victims in this case, who has requested anonymity, explained that they truly didn’t see it coming. They explained that they had taken precautions to keep their most important data private. “It’s so scary because I don’t put my social security number on anything like at the doctor’s office. I don’t write it on any forms.”
That said, according to Marana police, a criminal still managed to obtain the victim’s personal information, enter it into a computer, and then downloaded a QR code app in order to be able to use it. Detective Mike Torres said that “You just scan it in as your credit card and it automatically adds or deducts from the line of credit.”
The police are currently looking into how the thieves were able to obtain the information in the first place. That said, they have found a ledger in the vehicle of the 34 year old suspect, Jacob Aguilar, where the personal data (including name, date of birth and social security numbers) of at least 42 people was listed, according to Det. Torres. Using QR codes, the criminal was able to turn that data into a credit card that could be used in a mobile wallet.