Barcode Scanner App Decrypts Encrypted Data Embedded in IDs and Badges

  • Encrypted QR Codes, encrypted barcodes (PDF-417, DataMatrix, etc.), and encrypted NFC tags will become the standard for printed materials that include Personally Identifiable Information (PII).
  • GDPR has ushered new permission requirements which primarily affect the digital world but spills over to the printed world as well.

This first article will focus on Trade Show Badges for Expositions. Why? Because we’ve already seen how GDPR has required changes in the generation and printing of those badges.

Lead Retrieval

In the past, event organizers could embed the QR code barcode on the badge with the contact information of the attendee. In many cases they used VCard formats including the attendee’s Name, Company, Address, and their email address and phone number.

The reason they do this is for “Lead Retrieval”, where an exhibitor could scan that badge with a free, consumer-focused QR code reader and save that person’s contact information for follow-up after the event. This is an inexpensive Lead Retrieval method for exhibitors because the exhibitor doesn’t need the services of a technology provider to retrieve their leads.

However, since anyone could scan the badge’s QR code, the attendee’s information is exposed to anyone who scans the barcode – either while the attendee is wearing the badge or even when discarded.

Embed a Human-Readable ID Alone

The most common method used for the past 10 years by our event technology clients is to embed the badge’s barcode with just an apparently meaningless ID. The personal data is stored in an associated database on our servers or their servers. They present the ID and associated personal data to the exhibitor for follow-up behind a password-protected website.

Embed an Encrypted ID plus Contact Information

A new method now being used by our event technology clients is to encrypt the ID and personal data and embed that in the barcode. Because it’s AES 128-bit encrypted, a consumer QR code reader presents nothing but gibberish. Our app does the decryption immediately when scanned by the exhibitor’s smartphone, tablet or purpose-built computer. And since access to our app is password protected by the event technology companies, the personal data is exposed only to the exhibitors.

Which method is best?

Finally, that depends on the technology provider and the event itself. Contact to explore which option is best for your events.