QR Code Security Wizard
The following guide aims to help users identify relevant threats and select the appropriate security mechanisms they should implement, considering the constraints and requirements of a given QR code deployment.
QR code criteria
The following guide aims to help users identify relevant threats and select the appropriate security mechanisms they should implement, considering the constraints and requirements of a given QR code deployment.
QR code support
The base of the QR code is its actual support. It could be physical, namely printed on a label, or digital, in a digital wallet or web page.
Payload content
The payload embedded on the QR code can be directed at different audiences.
- A public audience defines a lambda user that can read the content without previous steps (for example, registration) or knowledge.
- A private user has an expected purpose of the QR code and possesses a dedicated application to read a custom payload.
The payload carries information through two non-mutually exclusive means. The most common way is via a URL, linking web resources that can be accessed with any QR code reader. Alternatively, the payload could be a custom package, as plain text or with a structured language.
Type of reader
The choice of the reader depends on the target audience (public/private) and the type of payload (custom package). The three options include:
- The default smartphone applications allowing any users with a phone to access the linked resource;
- A custom-developed smartphone application which makes custom data accessible to targeted users; and
- A web-based application, with a similar principle as the custom one but which relies on the use of an external scanner, such as a webcam, camera or dedicated hardware.
Congratulations, you have finalised the digital QR Code Security Wizard!
Click on the buttons below to download the report.