Following news that an Adelaide man has been charged with placing fake QR codes over official venue check-in posters, now is a great time to refresh yourself with the best ways to protect your customer’s privacy when asking them to scan into your venue.
Use the official SA Government check-in posters.
While we understand that the aesthetics of the official check-in posters aren’t great, you should avoid confusing your customers with customised check-in posters, placards or POS displays. Your customers may have heightened suspicions following recent events and displaying the official check-in posters will put them at ease.
Display posters inside your venue.
Avoid placing check-in posters on the outside of your venue and in public-facing windows. Where possible, you should display the check-in posters inside your venue. It is less likely that tampering will occur if the malicious actor must enter your venue to place fake QR codes.
Check your check-in posters daily.
Make it a routine to check your check-in posters for tampering daily. A simple visual check should be enough to verify that no stickers have been placed over your genuine QR codes. If you display your check-in posters in a window, be sure to check the exterior of the window for any unofficial stickers.
You may even consider scanning your check-in posters yourself to verify their legitimacy. If you choose to do this, remember that QR codes can trigger events on your mobile device like adding a contact, joining a Wi-Fi network, installing an app or sending an SMS. Keep an eye out for triggers that you don’t expect and be ready to exit the web browser if an unexpected trigger starts processing. If the QR code triggers an unexpected event, you should notify staff at the venue.
Recommend using official COVID-Safe Check-in within the mySA GOV app.
If your customers ask, you should suggest using the mySA GOV app for check-ins. The app has been designed to notify users when a scanned QR code is not official. This is the easiest way to ensure your customers are not inadvertently sharing personal information with malicious actors.
Listen to your customers and report tampering to police.
If a customer reports that a QR code is behaving unexpectedly, or if you notice something suspicious, you should contact SA Police immediately. If it is possible to cover or remove the offending check-in poster from public view without affecting the viability of any evidence, you should do so. If you cannot remove the offending check-in poster, ask a staff member to wait with it until you receive further instructions from SA Police.
We still recommend using the mySA GOV app.
Openly still recommends that your customers should use the mySA GOV app rather than the manual check-in forms where possible. There is still a significant privacy risk in using manual check-in forms that are stored and managed by your venue over using the official Government app.