Vincent Boucher is steamed after using a QR code parking in Red Deer and getting scammed.
Boucher parked downtown next to the courthouse on Wednesday morning and scanned the QR code to pay his $3. The payment did not appear to go through right away and a message asked him to wait.
He then paid a second time but was immediately suspicious. Later, when he checked his bank account on his phone, two payments of $4.26 had been taken by someone going by PYD*WHOOPE and DAGAMEBOX., who clearly had nothing to do with HotSpot.
Boucher marched into City Hall to take his complaint to the parking department.
They told him they had heard of concerns and gave him instructions on how to download the HotSpot app.
Boucher said the city should do more to warn people about potential QR parking scams.
"The city knows about it and they're not telling people. How many people have been ripped off?"
Boucher suspects the small amount pilfered is intentional. Scammers are hoping people do not notice a small amount missing from their bank accounts.
He now must go to his bank to alert them that his banking information has almost certainly been stolen.
City parking and licensing supervisor Amy Fengstad said the city has received about a dozen QR-related complaints since HotSpot was rolled out in mid-September.
The problem is related to the vulnerability of cellphones for pop-ups, malware, phishing scams and numerous other devious attempts to steal personal information and money through the mini computer most walk around with in their pocket all day.
QR-related parking issues that have come to the city's attention relate to the way phones have been used to read the codes as part of the fast-tap system.
Fengstad was unable to replicate the issue Boucher had when she used the QR codes in the block where he was parked.
"So it's not the signs themselves. The biggest thing is to use your built-in camera.
"There are some people that have downloaded third-party QR-scanning apps which then allows different advertisers and things to pop in front of what you're scanning.
"That's where the issue seems to be happening. What we're seeing predominantly is Android devices. I would say 95 per cent of the issues we've heard about have been an Android device," she said, adding older Android devices appear to be more susceptible.
The city has posted a warning about using the phone's camera rather than a third-party QR app on its website at reddeer.ca/parking.
After scanning the code, also ensure that the website you see is the official HotSpot site (hotspotparking.com) before interacting or providing payment information.
"Be aware of what you're clicking on because (a cellphone) is a computer and there's a possibility for people to get in there with different advertisements or links that you didn't intend to go to."
Fengstad went out to the block where Boucher was parked and was unable to replicate his experience, although she was using her iPhone and not a third-party app.
"I do believe it's device-specific."
Boucher said he used his Samsung 24, which can read QR codes without a third-party app. He believes many others could be unwitting scam victims and does not think the QR code should be promoted until problems are resolved.
The city is reviewing its parking signage as part of a review of the new system, which will include the input from more than 4,000 residents who provided feedback through an online survey posted on the city's website on April 15 and which closed on Wednesday.
The trick is providing enough – but not too much – information on signs, while anticipating the wide range of technical confidence of cellphone users. Adding a QR warning will be considered but it may just create more confusion or add more signs when some have complained to the city there is too much already.
"I'm hesitant to add another sign out there without reviewing holistically all the messaging for the parking program. (A QR scam warning) is something we're considering and we do want people to be aware of it."
One Advocate reader expressed concern whether the HotSpot app shared information with third parties.
It does not, said Fengstad. The protection of parking system users' personal information was a key condition in the procurement process.
The parking review is expected to be done by the end of the month.
QR code scams have been making the rounds for some time. The Canadian Centre of Cyber Security offers a number of tips such as using private browsing mode or using a browser with anti-tracking features and deactivate cookies and storage of site data.
After scanning a QR code, check the website URL if a password or login information is requested is another tip that could save cellphone users future grief.
Report suspected fraud to the Canadian Anti-Fraud Centre at https://antifraudcentre-centreantifraude.ca/ or Cyber Centre at cyber.gc.ca