> This can be important in some scenarios, like paying to a street musician, or donating to a cause by just pointing your camera at a billboard, or a graffiti, or a printout on something.
Pointing a camera at something that deducts money from you seems extremely ripe for abuse, what’s to stop someone from putting fake QR code’s over real ones and hijacking payments?
The act of paying indeed should involve pressing a button "pay $amount to $party", and the flow should go through a server verifying both parties.
I'd say that paying with a contactless card has a problem here, an NFC credit card lacks a confirmation button, and the one on the terminal is controlled by the receiving party.
> Pointing a camera at something that deducts money from you seems extremely ripe for abuse, what’s to stop someone from putting fake QR code’s over real ones and hijacking payments?
How would that work? If someone somehow put a fake QR code over a merchant's real one, the merchant or person you're paying would not get a notification when you scanned their code to pay them. Thus, both parties involved in the transaction would be alerted to the situation immediately. The wrong QR code would be tied to someone's account and be easily found by the system.
Pointing a camera at something that deducts money from you seems extremely ripe for abuse, what’s to stop someone from putting fake QR code’s over real ones and hijacking payments?