When compared with the mainland, where cashless transactions are almost ubiquitous, Hong Kong is seen as a laggard in the adoption of QR codes and smartphone-based transactions to settle payments and bills.

But developers at the Electronic and Computer Engineering Department of Hong Kong University of Science and Technology are developing the next generation of barcode that has the potential to revolutionize the retail and shopping experience.

Their proprietary PiCode, a barcode variant that employs images instead of the black-and-white lines and blocks that comprise conventional barcodes and QR codes of today, is set for trial after developers spent years looking for optimal and secure picture- and video-embedded code systems.

Picture-embedded barcodes offer considerable potential in consumer marketing, with businesses searching for ways to convey information to consumers in a less intrusive way.

Picture or video-embedded codes, or picodes or vicodes, work by embedding data into a video clip, which can be regarded as a series of picture-embedded codes, and consumers can find out more about a particular product by pointing their phone cameras, equipped with a customized software scanner, when a short clip is being played.

HKUST’s logo is transformed into a picode. Photo: Handout

While today’s QR codes are frequently used to make simple financial transactions or send discount coupons, a video-embedded code is capable of transmitting more complex information, such as a product brochure, even without internet connections, said HKUST developers.

The technology enables businesses and consumers to interact via a simple display, even when mobile data is unavailable, such as inside a plane or aboard a crowded train, where users frequently encounter slower network connection due to limited bandwidth.

Video-embedded codes also feature enhanced security over common QR codes.

In the mainland and elsewhere, there have been cases where criminals have stolen funds from users by tampering with QR codes, and a simple scan may result in loss of money. That is because a simple barcode or QR code contains very few little data, tens or hundreds of bytes, which means a criminal can retrieve the entire code to manipulate it to create fake QR codes to steal funds from users. Malicious QR codes are easily created and can be affixed over legitimate ones.

The only sort of QR code that can carry executable data is the URL data type. These URLs may host JavaScript code, which can be used to exploit vulnerabilities in apps and operating systems on a user’s phone and gain access to the camera, full Internet access, contact data, passwords, GPS, browser history etc. These actions could occur in the background while the user is only seeing the QR code reader opening a seemingly safe webpage.

By comparison, video-embedded codes, by virtue of the multiple image frames and the considerably larger amount of data they contain, are much harder to manipulate to embed malware or links to dangerous webpages.