As vaccines started to become available, a major question began to pop up: will businesses require proof of vaccination status? Immediately post-vaccination, you were handed a small, handwritten card with your name and vaccination dates. In a matter of weeks, individuals who did not wish to receive the vaccine began fabricating their own cards from the thousands of vaccination cards uploaded onto social media. If businesses are going to require proof, a more secure method is necessary, which has led to the work of organizations like the COVID-19 Credentials Initiative and others.
This report focuses on the design criteria that developers may keep in mind when designing the user interface and flow of a vaccine credential application and will not cover any suggestions for retrieving this data. You can find the latest version of the report on the LFPH GitHub.
One of the quickest forms of data verification is a QR code. A QR code also maintains a certain level of privacy, since information of what is embedded within the QR code does not need to be human-readable in order to be read by the scanner’s system. There are three scenarios identified in the report where a person would need to present their credentials, as well as design criteria based on each scenario:
- The person could visit an establishment that uses a QR code scanner, and would need to present their QR code. That QR code needs to be in a prominent location in the app to allow for fast access.
- The person is at an establishment that doesn’t have a QR code scanner. The business may present a printed QR code. The visiting person would scan the printed code and be redirected to their COVID credential app to reveal their vaccination or test status and check-in.
- The user could be at an establishment that may or may not have a QR code scanner, and also requires additional information in addition to vaccination status (i.e. symptom check or both vaccination and a negative PCR test). Therefore, the QR code should be in a prominent location, but additional information required to verify a user should be easily accessible beyond the QR code.
These suggested features and data elements can serve as a guide for those developing a vaccine credential application. The criteria was established based on usability and mitigating falsification. Please see the recently published report for more details about the use cases, design criteria, a literature review of other credentials (both digital and physical), and a survey conducted to learn about users’ mobile tickets and mobile wallet usage.