QR Code Safety Checklist for Restaurants

Restaurants use QR codes for menus, ordering, payment, receipts, loyalty programs, reviews, and Wi-Fi. This checklist helps owners and managers reduce sticker swaps, fake payment pages, and customer data collection scams.

Daily front-of-house checks

Inspect table tents, counter signs, menu cards, restroom signs, and window posters for sticker overlays.
Scan one sample menu QR code from each dining area and confirm the domain matches the restaurant or approved ordering vendor.
Check that payment QR codes show the correct restaurant or business recipient before customers pay.
Remove any handwritten or unofficial QR signs that staff did not place.
Tell the shift lead if a customer reports an odd URL, unexpected login prompt, or wrong payment recipient.

Weekly manager checks

Compare posted QR destinations against the approved domain list.
Review receipt QR codes from the point-of-sale system and confirm they lead to the expected survey, loyalty, or receipt page.
Verify Wi-Fi QR cards do not ask customers for unrelated account passwords or payment details.
Replace worn signs so sticker tampering is easier to notice.
Photograph official QR signs and keep a simple reference folder for managers.

Approved QR destination list

Keep a short list of approved destinations somewhere managers can find it. Include your menu domain, ordering provider, payment provider, loyalty platform, review link, reservation platform, and Wi-Fi instructions.

Staff do not need to memorize every URL. They need to know what looks normal and who to ask when a code opens something different.

  • Menu and ordering domain
  • Payment provider and correct business recipient
  • Receipt, survey, and loyalty domains
  • Reservation and waitlist provider
  • Official Wi-Fi network name and password instructions

If a fake QR code is found

  1. Cover or remove the code immediately. Do not leave it visible while you investigate.
  2. Photograph the sign and destination URL. Save the location, date, shift, and who found it.
  3. Check whether payments were diverted. Compare customer receipts against your payment processor.
  4. Replace it with a verified sign. Use the approved destination list, then scan the new code before posting.
  5. Brief staff before the next rush. Tell them what happened and what customer questions to escalate.

For customer-facing scam examples, see restaurant QR code scams, fake QR code at checkout, and are receipt QR codes safe?

Frequently asked questions

How often should restaurants inspect QR codes?

Restaurants should visually inspect public QR signs daily and do a deeper weekly check of destinations, payment ownership, printed materials, receipt codes, and Wi-Fi signs.

What are signs a restaurant QR code was tampered with?

Warning signs include sticker edges, bubbling, misalignment, mismatched paper stock, unfamiliar domains, payment recipients that do not match the restaurant, or a code that asks for login details before showing a menu.

What should staff do if a customer reports a fake QR code?

Staff should remove or cover the code, save photos and the destination URL, notify a manager, verify whether payments were diverted, and replace the sign with a known-good version.

Does this checklist guarantee compliance?

No. This is an operational safety checklist for reducing QR tampering and phishing risk. Restaurants should adapt it to their own legal, payment, security, and vendor requirements.

Give staff a safer way to test codes

QRsafer previews destinations before pages open, helping managers and staff check menu, payment, receipt, and Wi-Fi QR codes.