Since Quick Response (QR) Codes are so new, there aren’t many security measures or protections in place to ensure that QR codes are doing what they’re supposed to be doing. How do you know if a certain QR code is safe? How do you make sure that your code doesn't end up getting hacked and harming you or others?
To address the QR security dilemma, DirectRM (DRM) has developed its proprietary Quick Response Secure Code (QRSC) technology called DA-Quick Response within the domain of identity management. The Direct Authenticator server can now present challenges, activate URL’s and other types of end-user information in the form of QR codes. The reality is, there will be a strong push towards implementing QR for identity protection with ATM’s, e-Commerce traffic, mobile transactions and Point-Of-Sale.
It’s critical to emphasize that DRM’s DA-Quick Response is one of the 8 methods of 2 Factor Authentication that works with the Direct Authenticator core engine platform. There will be no changes in the back-end with an implementation and deployment of a QRSC solution. In order to comply with DRM’s QRSC, the user requires a smart device with internet connectivity. The user downloads the DA-Mobile e-token for free from Google Play or the App Store. Upon a successful installation of the Mobile e-token, the user will be able to conduct transactions with complete identity protection.
In order to translate QRSC into practical usage, the point-of-sale (PoS) would be a good everyday event to describe:
- Upon purchase of merchandise and while checking out via a PoS terminal, the terminal will generate a QR as part of the final authorization with respect to payment due.
- The user will open Mobile E-Token app on their smart device and read the QR code which will prompt the user to enter their personal Identification Number (PIN) on the dial pad.
- Once the correct PIN has been submitted, the SPPT will submit a One Time Password (OTP) via a newly generated QR code from the SPPT.
- The PoS terminal, will read the QR code with all the vital information such as user credentials and the One Time Password.
- The transaction request is sent to merchant’s server which in turn, communicates with the Direct Authenticator server for verification purposes.
- If the verification is correct then the authorization for the sale is allowed.
- Each verification transaction is encapsulated with hair and fiber type of forensics for regulatory compliance.
- Finally, the Director Authenticator will inform the issuer the status of each transaction.
Only Direct Authenticator DA-Quick Response can provide the level of security now required to successfully deploy the Quick Response Technology in a changing, ever growing mobile environment.
You can download the software from here.