Over the past few years, organizations have dramatically increased their use of quick response (QR) codes to share information with customers. But they’ve not paid much attention to the associated security and privacy risks, and if customers aren’t worried, they should be. Social engineering is the most common risk, and organizations face both direct and indirect damage. Security and risk pros should read this report to inform their mitigation strategy at the three levels of QR code implementation risk: the user, the code, and the digital ecosystem.