Paying for Parking via QR Code

Update: A version of this article appears on Sophos's NakedSecurity blog

Last year I blogged about how easy it would be to pay for parking via QR code. Now it looks like Islington Council have partnered with Verrus to make this a reality.

But is it any good? Well.... nearly. Let's take a look.

The Initial Impression

The QR code is fairly clear and I was able to scan it without issue underneath street lighting. Sadly, there is no call to action. What does scanning the code do?
Islington Parking QR Code
(My camera has somehow mangled the photo. Sorry!)

Code Density

They've used the highest level of error correction ("Q") which is a good idea. In an external environment codes can get damaged or dirty. The higher the EC, the more chance the code will be readable.

However, they've shot themselves in the foot by using an absurdly long URL for analytics purposes.

Surely this could be made more efficient?

Or even better

Because, you see, the code only goes to the main payment site - leaving the user to type in the parking bay's ID number.

Code Destination

After scanning the code, this is what the first time user sees.
QR Parking Destination

Annoyingly they've hardcoded the zoom - so users with impaired vision (or fat fingers) won't be able to use the site.

<meta name="viewport" content="width=320,
   maximum-scale=1.0" />

The site is a little bland - and the "sign up" button is hidden out of the way - but it's the functionality which concerns me the most.


If you've never used the system before, you need to register on this screen.
QR Parking Payment
While it's good that they'll take payment from international users, it's plain dumb to require someone to type in a credit card number.

What if there's a gang of vicious hoodies waiting to snatch credit cards from unsuspecting users?
How fiddly is it to type out a 16 digit number when you're in a hurry to park?
Who is going to remember yet another password or PIN?

(Incidentally, take a look at the above screenshot. Is their branding "paybyphone" or "PayByPhone"?)


Here's how I would set the scheme up...

  1. URL in the QR code reflects the location it is in. E.G.
  2. User scans code, selects the amount of parking they want to pay for. Clicks "Pay".
  3. A mobile payment solution charges the amount to the user's bill, or deducts it from their credit.
  4. User walks away happy. No need to register or remember a Personal PIN Number for identifying herself.

Scan, select, click. No typing, no memorising, no hassle. Surely that's better than fiddling around with credit cards?


A little disappointing. A great first step, but it could be made so much easier with mobile payments.


I currently work for InMobi who have a product called SmartPay. There are several other cross-network payment solutions like Boku or Beem.

This blog is personal and does not represent my employers in any way.

2 thoughts on “Paying for Parking via QR Code

  1. Neil says:

    Thanks for the constructive feedback we will take it on board. There are a couple of points I would like to make:

    1. Location aware QR codes. We considered this but the logistics of installing or mis-installing individual codes on each meter is considerable. In general we are undecided about the usefulness of QR codes for parking, vulnerability to vandalism, graafiti, etc.

    2. As you are probably aware the cost to Islington to charge the cost to the mobile phone bill would be close to 30% as opposed to credit card rates of 2%. No council wants to give up 28% of their parking revenue to the mobile carrier. Happy to be proven wrong on this, will SmartPay do it for say 5%?


  2. […] if it exists. Besides, what security can you actually add to a QR code? So what’s the risk? This is not such good example (as shown on Terence’s blog) . The Verrus paybyphone service takes you straight to a mobile site […]

Leave a Reply

Your email address will not be published.

%d bloggers like this: