How to use QR codes safely and ethically

Since you can generate QR codes for free, large corporations, small businesses, and individuals all use them to interact with customers. The ways in which you can use QR codes are endless. As QR codes’ popularity grows in a post-pandemic world that encourages no-contact interaction, so do issues of safety and ethics. Follow these best practices so your QR codes remain both safe and ethically responsible.

QR code best practices to prevent cyber-attacks

Even though QR code technology is very secure, hackers still find ways to exploit the way people use QR codes in phishing schemes and other criminal acts. In fact, the most common way hackers exploit QR codes is when people don’t follow QR code best practices. When you create a QR code for your business, follow these best practices to reduce the risk of someone maliciously taking advantage of them.

Microsoft Defender

Stay safer online with one easy-to-use app¹

¹Microsoft 365 Personal or Family subscription required; app available as separate download

Learn More

Generate a QR code safely. Use a reputable, secure QR code generator so your code is unique, private, and does not send users to the wrong nefarious website.
Custom brand your QR code. You don’t need a black and white QR code. You can customize your QR code with your brand colors and logos to enhance brand identity. Hackers struggle to replicate a custom QR code and will often avoid it. The customization of your QR code sends a message of authenticity to your customers and they’ll be more likely to scan your code without worrying it’s fraudulent.
SSL certify your website. This digital certificate authenticates a website’s identity and enables an encrypted connection to keep transactions and customer information secure. When users see the padlock symbol on the left side of the URL, they are more likely to interact with the site knowing it’s secure.
Password protection. If you’re using QR codes to share private documents or exclusive content, set up your QR code with password protection. This way, users can only access the information after they’ve scanned the QR code and entered the correct password.
Check your QR codes periodically. If you have QR codes posted in a public place, check them for signs of tampering. Criminals can easily cover up your QR code with their own QR code, leading your customers to malicious websites.

“The most common way hackers exploit QR codes is when people don’t follow QR code best practices and expose flaws in the set-up process.”

Ethics of using QR codes to collect first-party data

You probably rejoiced when third-party cookies allowed you to track consumer’s behaviors across different websites and browsers, but consumers didn’t. People want their information private and only given with their consent. Due to new legal regulation and public concerns over privacy, large browsers continue to phase out third-party cookies that track user’s behaviors without their expressed consent. That means you need to turn to first-party data for marketing decisions.

First-party data is information given by the user itself. With the phase-out of third-party cookies, first-party data stands as the more ethical way to gather marketing information on consumers. While more challenging, first-party data offer more value because it’s more accurate and comes about by users actively participating in the product.

You can use dynamic QR codes to collect user’s data, but not in the way you think. Let’s say a user scans a QR code at a restaurant. If set up dynamically, you can see the time, location, device, and the browser used for that scan. That’s about it. You can’t track the whereabouts or gather personal information from a user’s phone.

After scanning the QR code, you can send that user to a survey or email signup form. That person can choose to give their information or exit the browser and not give their information. If the user chooses to fill out their information, you can use that information to find patterns amongst other users and tailor products and campaigns to meet their needs better.

Long story short: using QR codes to collect first-party data presents an ethical alternative to third party cookies because it doesn’t involve tracking people’s behavior. They choose to give information voluntarily. The only information people don’t formally give up is the time of scan, location of scan, device used for scanning, and type of browser.

Develop trust through transparency

When you create a QR code for users to interact with you or your businesses, you have an ethical responsibility to follow QR code best practices to reduce the risks of cyber attacks on your business and patrons. You also have the responsibility to let users know if their information has ever been compromised. Finally, you have the responsibility to let users know when you collect their data and what you plan to use it for.

Be as upfront and transparent as possible with your patrons. When they scan your QR code, let them know what information you’ll collect. When they give information in a survey, let them know how you’ll use it.