Barcode Security: How Secure is Your Scan?

We all love to do it. Take out our mobile phones and simply scan the barcode to pay at our favorite coffee shops. It’s fast, it’s convenient, and it’s the future! But is it secure?

Barcode mobile payment has been picked up by many notable brands – the largest being Starbucks. Every week, more than 4 million mobile transactions are initiated by the Starbucks mobile app. These are closed loop mobile payments that replicate the Starbucks gift card experience – which has relatively low tender. But what happens when barcode technology becomes the interface for your entire mobile wallet? Suddenly, your bank and credit cards are involved.

2D barcode technology comes with its security concerns. To start, they can be easily replicated. The infrastructure that supports them is one-way technology made to just scan barcodes – which are imprinted on a single card. With barcodes going digital, the opportunity to exploit and replicate those codes increases significantly.

As an example, here are a few headlines that highlight concerns around using barcode technology for mobile payments:

• Starbucks faced a major problem where on-screen barcodes could be replicated with a simple screen grab
• China’s central bank suspended mobile payments through QR codes amid security concerns regarding the identification process

As mobile wallets are set to hit 47% adoption in the U.S by 2017, the security concerns must be addressed. Amid the rising concerns of screen grabbing and identification, here are solutions Clearbridge Mobile proposes that solve these barcode security problems:

• Embed a layer of encryption on the bar/QR code so that is encrypted on the phone and decrypted on the payment terminal.
• Create customized barcode tokens that have a one-time use and cannot be replicated. As an example – think of barcodes that are scanned for concert tickets.

Register the Conference Now (at) BPEF 2019

Write us to Connect

Follow us on Twitter