Why the Chinese love clunky QR codes, despite privacy and security shortcomings

Posted on Jun 1, 2017 by Glyn Moody
Share Tweet

As you may have noticed, there’s a lot of interest in bitcoin at the moment. According to one analysis, a key factor driving the digital currency to record highs is rising demand from China. That may be true for serious investors there, but for most of China’s billion-plus citizens, when it comes to digital payments, there’s a far more important – and far more humble – technology: QR (Quick Response) codes. A recent article in the South China Morning Post reveals the extraordinary size of the QR economy in China:

“According to internet consulting firm iResearch, payments made via mobile devices by Chinese consumers last year reached 38 trillion yuan (US$5.5 trillion, HK$43 trillion), more than half the nation’s GDP.

Thanks to QR code’s rapidly increasing usage at off-line shops, the amount of mobile payments on the mainland is now 50 times greater than that of the US. Mobile payments in the US totalled US$112 billion in 2016, according to Forrester Research.”

China’s embrace of QR codes contrasts with the almost complete indifference in the rest of the world. That gulf seems to be down to one key online service – WeChat – still little-known in the West despite its dominant role in China’s digital realm. WeChat was first launched in 2011 as Weixin (“micro-message” in Chinese). It was originally a basic messaging app, but as its popularity has grown, it has become a complete mobile Internet platform, offering every kind of social media function, as well as an integrated digital payment system that has allowed it to become an important e-commerce platform. It has recently added a search engine and news feeds, and has around 900 million active users.

Central to the way people use WeChat is the QR code, as the Wall Street Journal explained earlier this year:

“Each WeChat account, including those owned by businesses, comes with its own QR code. By pulling up their own QR codes or the code scanner, WeChat users can add contacts, make or receive payments or pull up web links instantly without having to type on a small phone screen.”

As a result, QR scanning has become a common way of exchanging business cards, sending Web links, making online searches and using credit cards. That’s a remarkable achievement, given that QR codes were only added to WeChat in 2012, and were as unknown then in China as they remain today in most other countries. Now, for hundreds of millions of Chinese citizens, modern life without them is unthinkable.

That’s great news for the Chinese government. Unlike bitcoin payments, QR payments are trackable. Indeed, most of them are made using WeChat, so the authorities only need to go to the parent company, Tencent, if they want details about someone’s spending habits. Chinese Internet companies know full well that they will be allowed to make healthy profits provided they cooperate with the government when required to do so.

China already has an unenviable reputation for its control of the digital sphere. The Great Firewall of China imposes strict censorship on material coming from outside the country. Online surveillance is routine and extremely effective. And as Privacy News Online reported back in 2015, there are plans to go even further by introducing a social credit score that will take into account the things you buy, they things you post online – and what your friends do and say. Given those existing and future mechanisms to watch what people are doing, it’s probably no surprise that the QR code system isn’t seen by Chinese citizens as particularly problematic for reasons of privacy.

But one other aspect has become more of an issue. After $14.5 million was stolen from Chinese citizens through the use of fraudulent QR codes, the state-owned newspaper China Daily published an op-ed on the topic of QR fraud:

“There are two reasons why QR codes are a popular means of conducting criminal activities. First, the code technology is not very secure and it can be manipulated by criminals. Second, QR codes are a kind of information technology that cannot be verified as genuine by the eye. Some criminals paste their own QR codes over the original ones to illicitly obtain money, as ordinary consumers simply cannot tell the difference.”

The article went on to note that both WeChat Pay, and its main rival, Alipay, from the Alibaba group, are working on ways to protect QR users:

“Alipay has a website detection function, used to determine whether an embedded QR code being scanned is a malicious link. If it detects a security risk, the system will issue a security prompt, allowing users to determine whether to proceed or not.”

Given the central importance of QR codes to the Chinese economy, it seems likely that more such mechanisms will be put in place in order to minimize the risks. Certainly, there is no reason to believe that the use of QR codes will diminish in China in the foreseeable future, despite the popularity of bitcoins among some investors there. After all, QR codes are convenient for users and businesses, profitable for Internet giants like Tencent and Alibaba that offer them as part of their payment services, and a perfect way for the authorities to keep an eye on every aspect of their people’s lives.

Featured image by Yaohua2000.

About Glyn Moody

Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, "Rebel Code," is the first and only detailed history of the rise of open source, while his subsequent work, "The Digital Code of Life," explores bioinformatics - the intersection of computing with genomics.

VPN Service