Home Page Navigation Contents Contact Sitemap Search

Quick Response-Code (QR-Code)

You can use QR codes to pay invoices, access a dig­ital menu in a restau­rant or visit a web­site. Any data encoded in the code cannot be read by humans. You should there­fore be careful when using them.

How to pro­tect your­self when using QR codes:

  • Only ever use QR code scan­ners (apps) which show you the con­tent of the code first and don’t process it straight away.
  • Always check the link des­ti­na­tion or pay­ment infor­ma­tion after scan­ning any QR code before opening the target page or com­pleting a transaction.
  • Never enter your log-in infor­ma­tion on any web­site you have accessed via a QR code.
  • Never allow anyone to talk you into pay­ments via QR codes.
  • Only ever use QR codes in sit­u­a­tions you con­sider stan­dard or safe.
  • Only use your finan­cial institution’s app to pay QR invoices.

A story of success

QR codes are used more and more widely. Orig­i­nally, they were used to mark assem­blies and com­po­nents in the car man­u­fac­turing sector. The abbre­vi­a­tion “QR” stands for “quick response”.

Nowa­days, QR codes are also used on invoices (QR invoice) or in the pub­lishing and mar­keting sec­tors to link phys­ical objects (prod­ucts, print media, posters, etc.) with the online world and make addi­tional infor­ma­tion avail­able this way.

As the con­tents of QR codes cannot readily be decoded by humans, these codes have to be scanned in first, e. g. using a smart­phone or a spe­cial reader.

Example QR code by “eBanking – but secure!” (linking to the www.ebas.ch website)

QR codes are easy to use and cheap to pro­duce. No par­tic­ular resources or tech­nical know-how is required for their cre­ation. You can gen­erate QR codes on numerous web­sites. Next to classic QR codes, there is also a trend to gen­erate cus­tomised and cre­ative QR codes meant to attract addi­tional atten­tion and serve as advertising.

Example of a cre­ative coloured QR code (of the NCSC)

Risks involved in using QR codes

These squares can be used to store any infor­ma­tion, from simple links to instruc­tions for a banking trans­ac­tion. With the rel­e­vant apps, these are easy to read and are even processed auto­mat­i­cally quite often. This plus the fact that users cannot usu­ally estab­lish what a QR code con­tains before it is read is increas­ingly abused by fraud­sters – espe­cially in view of the fact it is rather easy to create a QR code, for instance by simply taping over an authentic pay­ment code. All pay­ments ini­ti­ated by scan­ning the taped-over QR code end up directly on the fraudster’s account and not the one of the orig­inal recipient.

There is also an increase in phishing mails con­taining QR codes. These serve to hide links leading to harmful web­sites from antivirus soft­ware and poten­tial vic­tims. A QR code can also hide a link which might for instance lead to a mali­cious file or app, a dubious app store or an untrust­worthy Wi-Fi hotspot.

You should there­fore only use a QR code scanner (app) which dis­plays the decoded con­tents first and asks whether you would actu­ally like to visit a link or exe­cute a cer­tain action. Unfor­tu­nately, this is not the case with all mobile devices with an inte­grated camera app. There are sev­eral good apps to be found in offi­cial stores which can be installed for this pur­pose though.

A QR code is a square matrix made up of black and white, some­times also coloured squares or dots rep­re­senting var­ious data such as Internet addresses or pay­ment details in binary form. A spe­cial marker in three of the four cor­ners of the square indi­cates its orientation.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information