Is the QR Code at Kroger Safe to Scan? Quick Answer

Three types of Kroger QR codes — and how safe each one is

1. In-app Kroger Digital Coupons and Kroger Pay — safe

QR codes generated inside the official Kroger app — including Kroger Digital Coupons, Kroger Pay at checkout, and your Kroger Plus loyalty barcode — are safe. These codes are created in real time by Kroger's own systems and never leave the app environment. The destination is always kroger.com or the app's internal payment flow. Download the Kroger app directly from the App Store or Google Play and use it as your primary way to interact with Kroger's QR ecosystem.

2. Self-checkout and fuel-center kiosk QR codes — low-to-moderate risk

Kroger's self-checkout lanes and fuel-center payment kiosks display QR codes for receipt lookup, payment, and app download prompts. These are generally safe at staffed checkout lanes where tampering would be noticed quickly. The risk is higher at unattended locations — standalone kiosks in Kroger Marketplace stores, fuel-center payment terminals, and Kroger-branded gas pumps — where a scammer can affix a fake QR sticker over the legitimate one without staff noticing. The same sticker-swap technique used at grocery stores and gas stations applies here. Before tapping, check that the URL preview your phone shows includes kroger.com.

3. QR codes in texts, emails, or printed flyers claiming Kroger deals — high risk

This is where most Kroger-related QR code fraud happens. Scammers send SMS messages, emails, and social media posts claiming to offer “Kroger Fuel Points Bonuses,” “$100 Kroger gift cards,” or “loyalty reward upgrades.” The QR code in these messages leads to a convincing fake Kroger login page that harvests your account credentials and stored payment methods. Kroger coupon phishing is among the most common retail impersonation scams in the United States. If you did not go looking for a coupon, treat any unsolicited Kroger QR code as suspect until verified.

How to verify any Kroger QR code in one second

You don't need to be a security expert to spot a fake Kroger QR code. A single check before you tap is enough in almost every case.

• Check the URL preview. Your phone's camera app shows the decoded URL before you tap. A legitimate Kroger QR code will always resolve to kroger.com or a recognized Kroger subdomain (such as kroger.com/d/digital-coupons). If you see an unfamiliar domain, a URL shortener, or anything with hyphens and extra words like “kroger-rewards-2026.com,” do not tap.
• Run a fingertip over the code. A sticker placed over a legitimate kiosk QR code often has a slightly raised edge. If the QR code on a kiosk screen feels like it has a layer on top, it likely does.
• Use QRsafer first. QRsafer decodes the QR code and checks the destination URL against threat intelligence databases before your browser opens anything. You see a safety verdict — including the full destination URL — before any redirect or tracking pixel can fire.

What to do if a Kroger QR code took you somewhere unexpected

1. Close the page immediately. Do not enter any information and do not tap any button — including prompts that say “close,” “cancel,” or “no thanks,” as some pages trigger downloads or permission grants on any tap.
2. If you entered Kroger account credentials: go to kroger.com on a separate device, log in, change your password, and review your saved payment methods and recent order history for anything you did not authorize.
3. If you entered credit or debit card details: call your bank or card issuer right away to report potential fraud and request a replacement card number.
4. Alert store staff and describe which code you scanned. If it was a tampered sticker on a kiosk, staff can remove it and prevent other shoppers from being victimized.
5. File a report at reportfraud.ftc.gov with a screenshot of the QR code and the page it opened if you have one.

Frequently asked questions