QR Code
Full Title or Meme
A QR Code is just a specific two dimensional extension of a bar code.
Context
- Used on Web Sites and physical sites to carry URLs and similar encoded Identifiers.
- Is not proposed as a cure-all for places where fully digital transmission of information is not trusted or not possible, or as a fall back for digital device not functioning correctly.
- It is often proposed as a solution to digital exchanges where a radio signal is not possible.
Problems
- The FTC Is Concerned About QR Codes 2024-02-28 for example car parks with a payment QR code are being pasted over with scam sites that will be happy to take your money.
- QR Code Scams Grow as Digital Barcode Popularity Rises 2024-01-03
- A report by Vint Cerf[1] shows a common disconnect between the holder of the Smartphone that processes the app, the site where the holder is and the owner of the website where the holder enters private information. The necessity for informed consent by the holder is a strong binding between the site getting the data with the transaction that the user is asked to complete. It is in restaurants where this is a common occurrence for the restaurant to contract with a Third Party service provider, who will be the data collector for the transaction.
- A 2022-01-22 phishing scam to watch out for: fraudulent QR codes on parking meters
- See other attacks on the wiki page Wallet#QR Codes and the wiki page Quishing.
Mastercard
POS
The diagram below shows how Mastercard MPQR (Merchant Presented QR) works. There is π§π¨ ππ¨π πππ«π¦π’π§ππ₯ π¨π« π©π‘π²π¬π’πππ₯ πππ«π involved.
πΉ Step 1: The merchant presents its QR code at checkout. There are ππ°π¨ ππ²π©ππ¬ of QR codes: - ππ²π§ππ¦π’π: the code is generated for each transaction and includes the payment amount - πππππ’π: the code is used for all transactions
πΉ Step 2: The customer scans the QR code using a mobile app and confirms the payment.
πΉ Step 3: The payment app sends transaction data to the transaction originator to initiate MPQR payment.
πΉ Step 4: The transaction originator debits the customerβs account in the customerβs bank.
πΉ Steps 5 and 6: The transaction originator sends a payment request to the Mastercard network. Mastercard routes the payment request to the merchantβs bank.
πΉ Steps 7 and 8: The merchantβs bank approves or declines the request. If it is approved, the merchantβs bank credits the merchantβs account.
πΉ Steps 9 - 11: The payment response is sent back all the way to the mobile app.
References
- β Vint Cert On QR Codes and Safety CACM 66 No. 2 p. 7 (2022-02)
