- OFFLINE QR code: links to the document within KSeF once submitted
- CERTYFIKAT QR code: validates the issuer’s KSeF digital certificate and authenticity [luno-group.com], [koda-advisory.pl]
How Scammers Exploit This
Fraudsters can create and embed counterfeit QR codes in an invoice PDF that look legitimate but actually redirect the scanner to malicious or nonexistent websites. Thus, even if the PDF looks real, the QR codes don’t guarantee the invoice will match what’s in KSeF—because:
- The OFFLINE code may not link to any actual invoice in the system
- The CERTYFIKAT code may not verify correctly, or may fake certificate details to appear valid
This trick can deceive buyers into thinking they’ve received the real offline invoice—leading them to pay a fraudulent invoice or expose sensitive data .
⚠️ Why the Buyer Lacks Assurance
By scanning both QR codes, a buyer expects:
- To retrieve via the OFFLINE QR code the exact invoice from KSeF
- To confirm via the CERTYFIKAT code that it was issued by a real certificate holder
However, counterfeit QR codes can point elsewhere entirely—meaning the buyer can’t automatically trust that what’s in KSeF matches the invoice in hand.
️ What Buyers Should Do
- Validate using official KSeF portal or application—not just by scanning the QR codes in the PDF.
- Check:
- The invoice appears in KSeF with the same date, number, amount, and buyer/seller data
- The certificate details match the real issuer
- Implement controls in procurement workflows: flag invoices for verification if they arrive before being confirmed in KSeF and follow up through official channels.
This vulnerability reveals that QR codes, while convenient, shouldn’t be relied upon blindly when invoices are issued offline. Buyers must use KSeF itself to fully verify both existence and authenticity.
Briefing document & Podcast: Poland E-Invoicing, E-Reporting and KSeF Mandate – VATupdate
- See also
- Join the Linkedin Group on Global E-Invoicing/E-Reporting/SAF-T Developments, click HERE
- Join the LinkedIn Group on ”VAT in the Digital Age” (VIDA), click HERE
Latest Posts in "Poland"
- Amendment to Regulation on the Issuance of Invoices Published
- Poland: Regulation on KSeF 2.0 Exemptions Officially Published
- A contractual penalty is a punishment… Or is it already a service?
- Filling Podmiot3 in KSeF: Time-Saving Benefits for Accountants and VAT Taxpayers
- Offline Invoices in KSeF: QR Codes Vulnerable to Fraud and Counterfeiting, Experts Warn
