QR codes can be a great tool for churches to streamline donations, provide quick links to events and event make it easy for guests to let you know they visited your church. But they do come with risks. Here are some of the main concerns with QR codes and how your church can mitigate those risks.
First though, what are QR codes? A QR code (short for Quick Response code) is an number of black and white squares or pixels set in a grid that stores information for a “reader” to read. A smartphone or camera can quickly read and process the information contained in a QR code’s arrangement of pixels, making it a great way to store and access data. Common uses in churches include use for storying links to digital bulletins, online giving forms and event registration.
QR Codes Risks
Phishing Attacks – Scammers can replace a legitimate QR code with one that redirects donors to a fraudulent or inappropriate website
Malware & Data Theft – Some malicious QR codes can install malware on a donor’s device, potentially stealing personal or financial information.
Redirection to Fake Payment Pages – A fraudulent QR code can lead to a page that looks identical to the church’s donation site but steals payment details.
Tampering with Physical QR Codes – A scammer might print their own QR code sticker and place it over the legitimate one in church materials.
QR Code Scams at Museums & Churches and Other Non-Profits
While there haven’t been many publicized cases of QR code hacks specifically targeting museums or churches, security experts have warned that these institutions are vulnerable because they frequently use QR codes for:
- Donations (Churches and Museums)
- Membership sign-ups & ticketing (Churches and Museums)
- Interactive exhibits (Museuns)
Museum QR Code Scam Example
A hypothetical museum-related hack could involve a scammer placing fake QR codes on museum placards, redirecting visitors to a phishing site that looks like an official donation or ticketing page. If visitors enter their payment details, their funds and personal information could be stolen.
Church QR Code Scam Example
A church in the UK reportedly encountered a scam where fraudsters placed fake QR codes on donation envelopes and posters. The fake codes led to a phishing page mimicking the church’s website, deceiving donors into sending money to a scammer’s account instead.
How a Church Can Protect Donors
✅ Use Custom QR Codes – Generate QR codes with your church’s logo embedded to make them harder to fake. You could build your own at QRCode Monkey and point it to Faith Teams or other ChMS resources (for giving, events, groups and forms).
✅ Host your QR codes on a Secure, Recognizable Domain such as the one representing your website
✅ Print your QR Codes on Trusted Materials – Place QR codes only in official church bulletins, screens, or signage that cannot be easily altered.
✅ Encourage Direct App Donations – If your church has an app (for example, Faith Teams Community), encourage donors to use it instead of scanning QR codes.
✅ Regularly Check Printed Codes – Inspect printed QR codes in the church to ensure they haven’t been tampered with.
✅ Educate Donors – Remind church members to double-check the URL before entering payment details and to report any suspicious activity.
By taking these precautions, your church can safely use QR codes while minimizing the risk of fraud! Let me know if you need help setting up a secure donation system.

