Securing QR Codes: Navigating The Evolving Landscape Of Consumer Safety

how much I can talk about QR codes um but anyway thank you for joining um before I go into it a bit of a background on me uh so I'm the co-founder and CEO of Kuala uh which is centered all around QR codes um and I graduated from car University last year with a degree in Business nothing to do a cyber um but I quickly joined cyber Innovation Hub which I wanted to learn new skills in a growing industry and part of cyber Innovation Hub is is they look to create an ecosystem of cyber in Wales and they have two programs one is all about upskilling um people in cyber and the other is a venture building

program where they spin out um cyber startups uh all in Wales so I joined there they built a team around the problem and then my role as more the commercial side is to commercialize the business and yeah it's all centered around QR codes so a quick agenda we're going to take a look back at the history of the QR code and what led to its rapid growth here in the UK B so globally why we suddenly trusted this technology that was put in front of us and now the increase in malicious usage of QR codes and whether that is going to be the end of the QR code or it's going to serve us for another 20

years to start things off I thought i' do it a bit differently but weirdly enough these four animals have all led to where the QR code is today and have all played a big part in fueling its growth if you can con connect the dots now fair play but it will all be revealed throughout so to start off what um to why we have a QR code in the first place we have to go back to the rout to why it was invented and in the early 1990s the manufacturing and retail industry were getting fed up with the limitations of the barcode due to it being only scanable one dimensionally not holding much data and actually took up too much

space on a product now this then LED denzo wave employee Masahiro Hara to take um the challenge of inventing something that was going to replace the the barcode and while playing a game of Go he realized that that if you put black and white dots in a certain pattern it could then be scannable horizontally and vertically and this created as we know the two-dimensional barcode the QR code but when it was first invented it was still pretty rubbish and it was very hard to scan via machine reader this is then when he came up with the eyes the free dots which is said to be by looking at skyscrapers in Tokyo and this then gave

the QR code its name the quick response and this was quickly adopted by its parent company Toyota into its cban processes now during this time this was beginning to roll out across Asia but we still didn't really see it here in the UK that wasn't until mad cow disease where I can bring in the cow and this was before my time but but in the late 1990s and early 2000s there's infected beef that was causing huge uproar um and killed 179 Brits here in the UK um this spread uh this led to huge regulations and requirements over transparency of Supply chains and manufacturers and people working in supply chain were trying to find something that could hold

more data was easy scannable and could track from the source and where the product ended up which the QR code emerged as the missing piece to the puzzle now within this time after 2010 QR codes were beginning to come com become commonplace across Asia we had Mega apps such as WeChat and Ali alipay that revolutionized Q code payments across the emerging economies and this was quickly followed um within Brazil and India with paytm uh one of the main benefits here is that you could just print off a QR code and stick it on your stool whereas us here in the UK would use the POS systems now to this day QR codes are still the preferred payment

method across Asia the next big break didn't come until 2017 when Apple and Android finally introduced the scanable technology into its inherent um into the inherent Q uh say QR code so often Air camera technology and then as we sure we're all aware I'm saying it's the bat but covid-19 was the biggest Catalyst for QR codes here in the UK and globally and we saw it take off rapidly in fact people say it took 26 years really for the QR code to take off and within a matter of months we saw 75% increase in qco scans here in the UK and in Industries such as Hospitality we saw 25 times more qos used within the first three months than

we had in the 20 years prior to that but you look back now and you think well why did I suddenly start scanning these black and white dots and why did I trust it well the real reason we didn't really have a choice all of a sudden QR codes were everywhere and we had no choice of to interact with them as we now living in this condus free Society we're having to use them to scan in um to view menus scan into events and even the covid-19 certificates had a QR code where 2.3 billion were created and what's really interesting it wasn't just the younger demographics that had to interact with this techn technology it was from 16

children all the way to your to your grandma and grandparents are having to use QR codes and then other Industries started to pick up on how good this technology can be in connecting with consumers and marketing saw a 323 growth from 2021 to 2023 as they could now see it as a great tool to promote people and interact with their consumers and this has then led to one of the most successful um ad campaigns of all time by coinbase which is part um an ad on the Super Bowl where it's just a QR code bouncing on the screen just like you would a DVD um symbol and it led people um intrigued to scan as they wanted to know what was

lurking behind the QR code now 20 million people scan that QR code in a matter of minutes which actually ended up crashing the site so where are we today well 91% of the UK have scanned a QR code before and 37% of people on average scan at least once a week now that represents significant number of people and just think how often we see QR codes and not everyday lives oh well that was a chart basically saying that this is actually very low compared to the worldwide average in Nations outside the UK people are scanning QR codes on average every single day and across Asia you're interactor QR codes at least 10 to 15 times but as why I'm speaking here it's

because QR codes are becoming increasingly more dangerous we've seen over 3 million malicious instances revolving QR codes in the UK in just the last year and since July we've seen a 2,000% surge in QR code fishing campaigns showcasing this is a new method for fraud to gain access to our personal details and no wonder when 80% of the UK population think that qodes are safe we never really stopped to think what could be lurking behind the qod who about to scan but what's interesting despite the qod are still taking taking um up usage across the West it's been a problem since the get-go and 70% of all mobile payment fraud in China is QR code

related and in the city Alone um bangaluru in India there are 20,000 QR code SCS with just the last few months oh this the pictures aren't working but um one of the main reasons for this is the social engineering tactics and how easy it is to deceive people into scanning a malicious QR code I mean just think how easy it is to stick a fake QR code over the top of the real one and have no idea that it's going to take you to a harmful destination but also now seeing more signs and letters impersonating Brands to look the exact same and you have no idea there's recently a hmrc letter that's being sent around um via the post

post had a QR code on looked legit people scann the QR code typed in personal details and before you know it you're giving away your data and often giving away your financial details as well and we've also seen a huge increase as mentioned in QR code fishing campaigns know as quing which is where an email um a QR code is sent via email and often in IM image format this is because often with the current URL Checkers it go it gets picked up in the security processes but as it's sent via an image it often goes through and we've also seen a huge increase in hacking the QR code destination or redirection this is even now happening on products where

they're hacking um the redirection of where the destination is taking you so again when you're scanning you actually never know where that QR code is going to take you then that was the fish up there which was the other animal but this is just the Gateway for all the common cyber attacks that we all know um there is the problem at the sore so anyone can generate a QR code currently from the generation side there's very limited um checks for anti- fishing technology anti-malware and it's so easy to generate and what these images were pointing out was the fact that you can generate a malicious one and a safe one and they look identical there's no way of checking from the eye

if the QR code is safe and they are now taking the headlines um there's been recent why is that not working yeah yeah give me one second oh it's because of um Matthew's Hotpot [Music]

so right we're do it about but anyway these are these are the recent headlines picking up on the stories that qco scams are our problem um we've seen a huge increase globally in and BBC especially now are picking up on it ITV but what's really interesting which was up there is that brands are still using QR codes um yet they are trying to educate people that QR codes are dangerous we recently set up our banking um tide account and it was scammed bya QR code and just above above it was be wary of QR code scams because there's very little Solutions out there currently and as mentioned the ram occations can be great for individuals

this can be great financial loss but we've also seen a huge increase in the theft of personal um information and data but also malware injection you never know once you click that link where you're going to and we've seen a huge increase in malware injection all stem from QR codes and the ramifications are also great for businesses we've seen businesses be hit by QR code scams and have huge financial losses but also just think of a business utilizing QR codes in their everyday everyday operations this can have great brand reputational damage leading to a lot of customers legal repercussions but also huge operational disruptions and to prove that this isn't all just waffle these are actual case

studies of where it has happened so there's a recent case study where a manufacturing company was sent a QR code VI by email an employee scanned the QR code typed in the company details on their work phone and had the company held at £20,000 Ransom back in November there was the uh case where the lady scanned a QR code to pay for a parking she ended up getting scammed 13,000 because it was again the Gateway of typing in your banking details it was actually a f it went on for I think it was six months the attack but all from the data they got that she typed in from the website they were able to block her

from her bank account and £13,000 was taken from her account and we've also seen a huge increase across across the e-commerce sector of QR codes now being more popular through payments but again you don't know where that QR code's taken you there been thousands of victims that have fallen there's been thousands of people that have fallen victim to QR code um payment issues via e-commerce and as mentioned hmrc and test centers um during covid people were very quick to realize that people were just scanning QR codes so they created fake letters um and signs getting people to type in their personal health information and this led to um SC again down the line but most recently in the

news even children's snacks so the PAW Patrol snacks the QR code uh redirection got hacked and it was on over a million products porn was uploaded onto children's snacks so as you can imagine for parents and children it's not probably great but usage isn't going to slow down despite all this QR codes are about to take off yet again as we get better connectivity globally we're about to see qos used even more and it expected to grow over 70% um from 2023 to 2027 7 and again in emerging economies they're utilizing this new technology and we're going to see a 400% growth across Latin America by the end of this year 80% of all ordering activity will use QR codes

and the payment industry is yet again about to boom we're about to see more QR code payments here in the UK which is why by 2025 2.2 billion people use QR code as a payment method and the global spend through QR code will reach free trillion but that's not all we're about to see them even more on products so gs1 which is the global body for if you want to sell any products here in the UK or globally you have to sign up and get a gtin code or EC code um they're now scrapping that and they're changing all their codes to QR codes so if you ever want to sell a product from 2027 is

going to be in QR code form and again that says the dangers with this uh P Patrol you never know where that QR code will lead you but of course it does have great uses as well we soon to see them even more in the surface uh Services sector use for sort of booking Taxi and even more so across hospitality and they're also going to be used to unlock augmented reality in the near future so the reason this slide looks so rubbish is to get the message across there really isn't any current industry best practices for consumers the current advice out there is to scratch the QR Cod before you scan and make sure it

doesn't look like a fishing attack which for the average person this is pretty hard to tell and for businesses the current device out there is to use short URLs and when speaking to a consultant re uh recently of um of a huge multinational retailer the advisor to put them out of reach there isn't really any solution out there so what's next are they soon to be replac well the current um technology that is trying to replace the QR codes are such as NFC tags RFID and snap tags which look cleaner than the QR code however realistically for this technology to even take off you need another pandemic where everyone is suddenly forced to interact with the

technology which realistically isn't going to happen and I was speaking with someone within the banking sector recently and we are trying to connect the dots or whether where QR codes sit now is is a very pivotal moment basically because it could be that if consumers start to lose trust in QR codes we'll suddenly stop seeing them at all and we were looking at the banking set and how it took sort of 20 years to take off it was met with a lot of skepticism loads of bad press due to a cou a couple scandals but the difference was there's constant Innovation whereas you look at where the QR code was 30 years ago and it hasn't

changed where it is today the scanning experience is the same there's been very little Innovation to safeguard this technology which leads me on well so what we are doing at kyala um we're tackling this problem headon so we've got a free to download consumer app which is out now um which checks to make sure the QR code just scanning is safe we also got our business services where we want to become the world's first dedicated secure QR code generator where there is a difference in scanning the QR code is visual verification constant monitoring and it is the world's first robust QR code so thank you for listening that one's fine and yeah if you got any questions about QR codes ask

me [Applause]

the use case is slightly different it's normally then you've got a digital signature so the device so for example an event my phone couldn't pick up that QR code it would just be the devices readable so that is more secure and robust but um if they are using a QR code that is scanable by anyone then that is where the main vulnerabilities are in

yeah yeah yes so and that that is oh sorry yeah so our goal at the moment is to create that ecosystem where we want every scan to be facilitated By Us in some format and every QR code generated bi Us in another format and one thing with the physical security is the fact that when you scan a QR code at the moment you don't know where it's going to guard trying to get the point across however with us we're trying to add that two-step visual verification in the fact that when you see one of our QR codes you expect to see visual verification that matches that qrcode with that one and the challenge is at the moment is

it's a huge education piece because we've got to raise awareness on the issue and what we're doing um in essence CU you because what we want is that if you don't see that visual visual verification that it's safe you then think twice about going on to the QR code destination so it's a big task at hand but that is what we're currently trying to do because it is a physical issue and the generation side as well if that answers that

yes so that that is like the end big picture goal is that it becomes sort of a standard for QR codes because I think it is a big thing in the fact that we should be able to just trust a QR code really like it shouldn't even be the case that you can do it maliciously and how easy it is to generate so we would like to be that standard and that sort of stamp Watermark sort of approval that the QR code you're about to scan is secure um we've actually seen that so Dubai um government are trying to bring in a secure QR code so that people can't create malicious ones and we want to

sort of do the same here in the UK with

that perfect right 2 minutes early as well thank you [Applause]