Sounds good, and you probably have the best intentions, but right now, that would just make you standard no. 15.

It's quite possible that the third sign on OP's parking lot would have led them to a perfectly user-friendly app with a pleasant and simple payment flow. But with so many apps to choose from and each lot only supporting a random subset of them, it'd be basically luck if you get to use the "good" app, even if there exists one.

You can also imagine a world where you have a single phone number saved. You text it "I'm at XYZ parking lot in ABC city, how do I pay?" and it gives you the easiest possible option.

Definitely standard no. 15, but there's room for something better to win out here right?

One obstacle to this is mentioned on the OP: People might not actually know the street address of the parking lot they are standing in, so you'd have to use some other means of identification, like a lot number or geolocation - however, then you're back to requiring an app...

Not necessarily. "I want to pay for parking" -> "Click this link" -> quick automatic web based geolocation and redirect back to the SMS thread -> done.

Good point actually. But if you already got the user onto a webpage, why not complete the flow there?

Mainly because the message thread is implicitly authenticated, so no additional web login required -- and we want to allow for conversational payments, where you can ask as many questions as you need before committing to pay.

So an enterprising individual puts a QR sticker right near or over yours and does the same thing, except theirs is a scam.

- That should take all of 4-16 hours to setup the software / web side and payment processing [processors who do cannabis / adult products].

- 1 hour to run to Staples and get some laser Av3ry pre-cut stickers.

- 1 hour to replace | supplement your 'real' stickers.

Sure -- phishing is a huge problem, but it's also an argument to never build anything ever, because QR codes, sites, apps, emails, etc. can all easily be cloned and used as a phishing attack vector.

I'm not sure if the term "phishing" even applies here. The scam would be straight up fraudulent credit card billing -that most users wont even notice.

During the processing part, The scammers could very well just overbill the user by saying "Do you agree to $2 for parking?" and then charge the user $50. Then say a "We will hold $50 while the transaction is approved" just like a gas station.

Your service will get all the complaints and the scammer just gets the cash.

I'm not saying it's a bad idea or anything, however there are many bored smart teenagers and many hungry people with sliding ethics.

Hell, an even better scam is to copy your QR code from each unit and then bill the user for $X more as a "convenience fee" ... then auto-submit correctly to your service.

I mean, that might not even be illegal [in the sense that the customer agreed to the fee].

Nope, QR codes are the easiest phishing vector. Just slap a sticker over the old one.

Scanning the QR code makes your device text the company? Or you scan it and enter in your phone number? What if I don’t have a saved card? Still seems just as bamboozling

It pre-fills a text message which you can send to authenticate yourself. If you don't have a saved card, you're prompted to enter one via a web url.

I assumed it was using one of those old pay-by-SMS mechanisms to bill the user, so they have to first type in their phone number?

No way am I giving your startup* my phone number. Maybe you can have a custom-generated, one-use-only email address that I can turn off so you don't spam me. (Your startup may be virtuous, but most startups fail, and then my data becomes an asset that gets sold away in bankruptcy.)

I also hope that your startup has been advised on the very significant TCPA liabilities this approach risks. Even if you do everything right, you're going to face lawsuits saying you don't. I have very mixed feelings about the TCPA, and it does hamper "innovation" in some circumstances, but I am delighted that it carries significant litigation risk for anyone who thinks it's a good idea to send me SMS messages. I. Don't. Want. Them.

Actually "single use phone numbers" is a service we've considered building for consumers.

In Croatia you can pay via SMS, just send a message to the phone number listed on the machine, you type in your plate number and receive a confirmation. The only caveat is some additional transaction cost over paying via the machine.

50-75% of the year I have service on my phone that only supports IP networking and does not support SMS or calls - a data only SIM.

Totally fair. It's entirely possible to have a fallback web url here though.

I know text is still a thing in the US, but everywhere else, that's a huge no no. Phishy as hell.

Good luck nonetheless.

Doesn't have to be hugely phishy if you have a saved contact card with a number you trust. That's often safer than some new app or web url that is imitating another.

The problem is requiring a smartphone in the first place

Assuming you've linked a card in the past, or you have a basic browser of any kind to link one, our thing does not require a smart phone. Just SMS.

Unless I’m missing something, one still needs to scan the QR code though. That’s a smartphone feature.

What if I don't want my card on file someplace new?

What if I don't have my phone?

What if my phone doesn't have a camera?

What if I don't have a card?

...then you'll need to use a slightly less convenient way to pay? Not sure what you're angling at here.

My rear camera doesn’t work, am I screwed?

I left my phone at home. I know I'm screwed.