Do Menu QR Codes Pose a Risk to Your Privacy?

In an effort to prevent the spread of COVID-19, the restaurant industry is ditching the old-school menu cards and is transitioning to digital menus or scannable Quick Response (QR) codes.

Since QR codes allow for easy menu updates and touchless transactions, they are becoming increasingly popular and might be here for the long haul.

But is this contactless technology causing more harm than good? So QR codes threaten your privacy and security?

If you dine at restaurants often, you might be familiar with the QR code that you can scan on your smartphone to bring up a digital menu. This black and white pixelated square lets you browse food options, order a meal, and can also let you interact with your server.

As convenient as QR codes are, they do raise a few eyebrows when it comes to privacy concerns.

A QR code can be linked to anything which increases the ability of any business to track and analyze customer behavior, and collect personal data such as email addresses, credit card information, order history, and phone numbers.

The collected data can be fed into databases without customer consent and can then be used for target marketing and promotions.

Besides these privacy concerns, menu QR codes pose some other dangers as well.

Eating a meal inside a restaurant should not be a daunting process but unfortunately, many businesses are taking advantage of the touchless QR codes by exploiting the sensitive information of diners.

Here are some privacy concerns and issues that menu QR codes can pose.

A QR Code Can Be Linked to Anything

A QR code is programmable and can therefore be linked to anything. Many restaurants knowingly or unknowingly use these QR codes to track you with options like when, where, or how frequently you scan the code.

QR code systems can also activate cookies which can track and add your purchase history, name, phone number, and credit card information to various databases. In rare instances, this data can also be sold to other establishments without your consent.

They Can Raise Security Concerns

QR codes can be vehicles for carrying out cybercrimes. Since the code is undecipherable and transfers data directly into your phone, it can very well trigger an action that you cannot inspect first.

Have you ever blindly clicked a link inside a phishing email coming from an unknown sender? You can easily end up doing the same with the QR codes as they’ve been used in targeted phishing scams because the fake sites they take visitors to can look just like a legitimate website.

With too many distractions, a hungry belly, and depending on your operating system, QR code reader app, or the QR code itself, chances are high that you end up clicking on something without checking it's safe first.

Lack of Privacy Controls

The majority of QR code systems lack clear privacy controls. There is no transparency and no options for consumers to opt out. Worst of all, these QR codes can open up other apps or websites and feed information to them.

Since QR menu codes are simply designed to scan and move on, as a diner, you have no control over its mechanics or what happens behind the scenes once you activate the code through your phone.

Potential Malware Attacks

Some scammers have been known to insert their own QR code sticker over a legitimate QR code. This way they can redirect a diner to a different payment target, or to a website that hosts malware.

Some QR code software cannot be trusted. If a restaurant ends up investing in non-trustworthy QR code software, it can inadvertently direct visitors to a malware site.

Attackers can even repurpose legitimate URLs if the domain name expires or the website is compromised.

Implications to Equality

Many restaurants have fully transitioned to digital menus and do not offer physical menu cards anymore. Besides the privacy concerns, it also raises a concern for equitable treatment for all customers.

Even today, many people cannot afford a smartphone. This includes a lot of elderly folks, people who take home the minimum wage, or those with disabilities. Any person can be turned down for a meal simply because they cannot scan a QR code, and that's unfair treatment towards the most vulnerable in our society.

QR codes are essentially web links and therefore should be approached with the same caution that we exercise when accessing a web link inside an email or a text message.

Here are some tips to follow while using the QR menu codes inside your favorite restaurants:

Treat any QR code like an unknown link. Always consider the prospect of landing on a malicious site or a scam when following anything generated by a QR code. Downloading a security suite will also help keep your device safe.
If you feel that the code cannot be trusted, it's best to find the menu through another source such as by manually going to the restaurant's website or requesting a physical paper menu.
Use QR inspecting software that will allow you to inspect the code or the action it will trigger before it is passed to your browser or another app.
Always be vigilant regarding any QR code that has been stuck on top of another one.
You might notice signs on the restaurant walls offering you free Wi-Fi if you clicked on a certain QR code. This can be a red flag and you should always confirm the legitimacy of the QR code before using it.

Enjoy a Meal Without Compromising Your Privacy

No one can deny the convenience of using a QR code when eating out, but if you are not 100 percent sure, simply ask for a physical menu.

Your privacy and personal information are valuable. Therefore, taking the long road of requesting a physical menu, being aware of what you are scanning, or searching through the restaurant's website directly instead, is a small price to pay to safeguard your privacy.