The problem with fancy variants on trying to "better protect" a QR code is that users don't know what to expect, and the lowest common denomenator of social compliance means they'll (have to, if they want to not be stranded) eventually scan whatever QR code is there, in an attempt to charge.
It feels like this whole "scan the QR code" is a reverse of the ideal paradigm that is (obviously) very easily exploited by scammers and opportunists, especially if payment information is requested! We spent long enough trying to train users to not enter usernames, passwords, and payment details into random web pages when asked... Now they're being asked to do it!
I don't think a QR on a small screen is the answer - people will just cover it with their sticker. If that's not good enough, they'll make a sticker that looks like a small screen with some frame around it.
We need to treat the charger itself as an untrusted piece of infrastructure, and do discovery the other way around. If a user knows they are going to an "ABC Corp" charger, there is presumably a route for them to use a relatively trustworthy discovery platform (i.e. an app store, their EV charging map already knowing where they are headed) to navigate the user to the genuine interface.
For the issue of "which charger to activate", I'm not an EV user, but this feels like if the car communicates any form of usable information to the charger, this could be used to help the user. Easy (and private) paradigms like unlocking a given charger by a map view wouldn't be intuitive for people with reduced spatial awareness (or at night when nobody has a clue where they are in relation to things on a map), but at a small enough charging station you could just ask the user to confirm if they are using "charger 3" (like gas station pump numbers), since that's the only port with a car not yet enabled to charge. For larger places, surely it's easier to use "pump numbers".
(Which is effectively what you are suggesting with a short code, but I think the QR part is a potentially bad paradigm we should try to kill off before it sticks around!)
It feels like this whole "scan the QR code" is a reverse of the ideal paradigm that is (obviously) very easily exploited by scammers and opportunists, especially if payment information is requested! We spent long enough trying to train users to not enter usernames, passwords, and payment details into random web pages when asked... Now they're being asked to do it!
I don't think a QR on a small screen is the answer - people will just cover it with their sticker. If that's not good enough, they'll make a sticker that looks like a small screen with some frame around it.
We need to treat the charger itself as an untrusted piece of infrastructure, and do discovery the other way around. If a user knows they are going to an "ABC Corp" charger, there is presumably a route for them to use a relatively trustworthy discovery platform (i.e. an app store, their EV charging map already knowing where they are headed) to navigate the user to the genuine interface.
For the issue of "which charger to activate", I'm not an EV user, but this feels like if the car communicates any form of usable information to the charger, this could be used to help the user. Easy (and private) paradigms like unlocking a given charger by a map view wouldn't be intuitive for people with reduced spatial awareness (or at night when nobody has a clue where they are in relation to things on a map), but at a small enough charging station you could just ask the user to confirm if they are using "charger 3" (like gas station pump numbers), since that's the only port with a car not yet enabled to charge. For larger places, surely it's easier to use "pump numbers".
(Which is effectively what you are suggesting with a short code, but I think the QR part is a potentially bad paradigm we should try to kill off before it sticks around!)