#
 

Articles from Parking Today

Following is a full article from Parking Today's print magazine.

Browse more articles

Search for articles

Tackling QR Code Fraud

March, 2022

Todd Tucker and Chirag Jain

Depending on your reading of history, the parking business as we know it today originated in Oakland, California around 1929 when the local commerce association organized, managed and constructed the first private parking facility. 


“Parking”, as a noun, goes back further than that to as far as 1812 when the case of Rex vs Cross came to England as a result of someone leaving their wagons on the street for too long. The court proclaimed that the street was “not to be used as a stable yard!” Other opinions exist about when it all truly started. However, we can all agree on one immutable fact - whenever it all truly started, fraud in parking payments began exactly one minute after payments for parking started being accepted. 


For anyone who has worked in parking, we all know that fraud and theft are ever-present and many of the policies and procedures that exist in our industry are focused on curbing opportunities for theft and fraud. 


Cash was easy to steal, credit cards were harder, but it still happens (even today) due to skimmers and other theft methods, and now with the advent of digital payment methodologies, it’s even harder - but not impossible. 


So, the emergence of fraud associated with QR codes on parking lots and street meters isn’t terribly surprising. It’s no surprise that most competent mobile phone and digital payment companies had policies and procedures in place to monitor, catch and prevent QR code fraud from inception.


Here are just a few of the headlines running across the airwaves right now:


Parking Station QR Code Scam and How to Stay Safe


Phishers on the Prowl with fake Parking Meter QR Codes


QR Code Scammers hitting on Street Parking in Texas Cities.


First, let’s review why we want to use QR codes in the first place and why this methodology for conducting parking has taken off like a rocket in the past years. 


They are such a common way to conduct business in every business setting now – restaurants, gas stations, retailers, airlines – literally everything. Why?


1- QR codes create quick and robust engagements with consumers without downloading apps or any “heavy” pre-work needed to reach the engaged relationship with the customer.


2- Data - data - data! No longer are consumers anonymous. Now we have a real knowledge of who/what/where/when/why a customer made a purchase with us plus now we have a medium to follow up with them and build loyalty upon when they opt to share their contact info with us.


3- QR code payment flows are super easy and cost effective to set up. You can fully digitize your business for the cost of a sign and avoid or delay expensive equipment upgrades.


4- Removing cash from the equation has been a goal of parking and transportation companies and QR-code-enabled payment flows do that very simply. QR code fraud will always be eclipsed by cash and credit card transactional fraud. 


Now that we remember why we want to use QR codes and that the benefits far outweigh the risks, let’s review some best practices and procedures for monitoring and curbing QR code fraud in and on your properties. 


Signage Inspection: Where possible, have personnel check the signage daily for any obvious irregularities. Scammers tend to create sloppy work in an effort to move fast, capture small rewards, for as long as they can get away with it. 


Many times, the signage will clearly look altered or off. Is there a shiny new QR code sticker on top of an old, faded sign? These types of cues can lead you to finding issues fast and allow action to take place. 


Traffic Monitoring: Work with your QR digital payment company to review weekly reports on traffic per each QR code. Higher functioning companies can track their QR code traffic down to every single sign and unique code placed on the signs. 


So, if trends per each QR code show a drop off or cessation of sales on a particular lot’s QR code sign, then we quickly can identify an operational concern that we can investigate quickly and take action. 


Tracking the Domain: When you catch an invalid QR code, be sure to scan it and take down some vital information before removing it, so that some level of information can be obtained and possibly traced to the fraudster. In optimal cases, we can track these users and shut them down. 


Sign Scanning Rhythm: One of the easiest ways to check the validity of each QR code is to scan them rhythmically every week and verify the URL you are being directed to. They should all look the same and have the same URL address, with the landing pages being consistent on each QR code scan. 


A little diligence each week, that can be conducted when your site Supervisors or Managers are walking their property (daily is best right?), can yield a secure environment where you and your clients feel comfortable with your QR code transaction network. 


Apple Pay/Google Pay: Encourage or partner with payment systems that allow for the more sophisticated types of scanning features. For example, Apple’s App Clip proprietary QR codes are much harder to counterfeit than a standard QR. Moreover, App Clips takes an Apple customer to a very specific Apple payment flow that is virtually impossible to mimic by cheap hackers trying to make a fast buck. 


By taking these precautions and educating on-site personnel and customers about the risk of QR fraud and how to prevent it, we can all enjoy the benefits of QRs without the worry. 


Choosing trusted payment processors is always one of the best ways to prevent any kind of fraud, so find a partner that you trust and work together to create a safe environment that your customers are confident visiting. 


Todd Tucker is SVP and General Counsel, Arrive Mobility Inc. & Flash. He can be reached at ttucker@arrive.com. Chirag Jain is Co-founder & CEO, Get My Parking. He can be reached at chirag@getmyparking.com

#