I"m curious how these QR payment systems have secured their QR codes.
What kinds of security mechanisms are there in place?
Decoding the QR gives a random string looking like some hash result that contains data for the payment to happen. What kind of encoding/encryption is done here?
Like this QR data contains name and phone number of a recipient.
+huM1AUuk+vG1GuWAKLn68VlUpekvkR3pr/TJV6rd1qDoW7Cu4Gs2Sh6xtC9B2Z+fSLqeN+GqUlQnr+zbTVhYEiwgaHseRMKNyrzcfI4rxRrPMWXSfTfSjJrlOEHVTajJfwLK1+d2xGq3LiIwzRDMykD
RmkcuYbsx6u25LaH3YM=
And this one contains just the recipient"s name.
2810050501011MFF97FUSA49
(As scanned from Paytm"s app )
Data required for payments to happen is not kept in plain text and there"s a strong reason to do so, else any QR can be tampered and replaced to create a fake one impersonating the genuine recipient or, a malicious code can be put into the QR to steal personal data or a link to some malicious website.
There must be some digital signature to verify authenticity of QR and some sort of encryption to encrypt actual data from being tampered.
What exactly are the security protocols / Best practices used by these QR payment systems?