Checkout

Pay by Link

Cardflo's Pay by Link solution enables merchants to generate and send secure payment links to customers via email, SMS, or chat. This flexible payment method is ideal for invoicing, customer service payments, or situations where a traditional e-commerce checkout is not practical.

It offers a simple, direct way to collect payments efficiently and securely.

Category
Checkout
Capabilities
10
Available on
All plans
Apply now

The overview

Pay by link serves as an asynchronous payment method that bridges the gap between traditional invoicing and real-time e-commerce checkouts. The mechanic involves an acquirer or PSP generating a unique, secure URL associated with a specific transaction amount and merchant account.

When the payer accesses this link, they are directed to a hosted payment page where card details or alternative payment methods are entered.

This infrastructure removes the need for merchants to handle sensitive cardholder data directly, shifting the scope of PCI data security standard compliance to the facilitator.

The process supports both card-present and card-not-present environments, often used when manual orders must be finalised without telephonic disclosure of CVV codes.

By centralising the authorisation and capture steps through a managed gateway, businesses can standardise their reconciliation processes regardless of whether the initial lead was generated via social media, chat platforms, or email.

How it works

  1. Unique URL Generation

    The merchant initiates a request via a gateway portal or API, specifying the transaction amount, currency, and reference ID. The system generates a single-use or multi-use link tied to the merchant identification number.

    This link directs the customer to a secure environment hosted by the payment service provider.

  2. Distribution to Payer

    The merchant delivers the link through any digital communication channel, such as email, SMS, or messaging applications.

    Because the link points to a secure web address, the merchant does not need to maintain an active e-commerce site or complex shopping cart integration to facilitate the digital transaction.

  3. Customer Payment Entry

    The payer clicks the link and enters their credentials on a page protected by TLS encryption. The environment supports Strong Customer Authentication protocols, including 3D Secure, to verify the identity of the cardholder.

    This step ensures that the transaction meets the regulatory requirements set out by PSD2.

  4. Authorisation and Settlement

    The payment gateway routes the authorisation request to the relevant acquirer and card scheme. Once the issuer approves the transaction, a real-time notification is sent to the merchant.

    The funds follow standard settlement cycles, typically resulting in a payout to the merchant account after the agreed clearing period.

Why it matters

Security and Compliance Scope

Accepting payments over the telephone or via unsecured email threads often increases a merchant's PCI DSS burden and risk of data breach. Pay by link moves the point of entry for card data to a secure environment managed by the PSP.

This reduces the risk of unauthorised access to primary account numbers and simplifies the annual compliance validation process for the business, as sensitive data never touches their internal infrastructure.

Reduced Friction in Collections

Traditional B2B billing often relies on bank transfers which require the customer to manually log into their banking portal and enter account details. Pay by link allows for immediate execution using stored credentials or digital wallets.

This immediacy can lead to faster settlement of outstanding invoices and a reduction in the time spent by accounts receivable teams pursuing overdue payments through manual administrative work.

Use cases

B2B Professional Services

Consultancies and legal firms send links alongside digital invoices, allowing clients to settle fees via corporate cards rather than bank transfers, which simplifies international multi-currency reconciliation.

Direct Messaging Commerce

Small retailers using social media for sales can convert chat-based enquiries into completed transactions by sending a secure link once the buyer confirms their selection.

Hospitality and Bookings

Hotels can secure deposits for room reservations or private dining events by emailing a payment link, avoiding the need to process card details over the telephone.

Debt Collection and Recovery

Agencies send personalised links via SMS to debtors, providing a low-friction method to settle balances immediately on a mobile device without requiring a phone conversation.

By the numbers

75-85%
Average Conversion Rate

Industry observations suggest that once a customer reaches a secure hosted link, completion rates typically fall within this range depending on the merchant sector.

90%
PCI Compliance Reduction

Businesses moving from manual phone payments to hosted links often see a significant reduction in the number of security controls they must personally manage.

<3s
Authorisation Speed

Typical processing time from the moment the 'Pay' button is clicked until a confirmation appears, assuming standard gateway and acquirer performance.

Ready to route with Pay by Link?

Talk to our team about a live rollout on your acquiring stack.

Apply now

What you get with Pay by Link

  • Generation of unique payment URLs through an administrative dashboard or automated API requests.
  • Support for multiple currency options to facilitate domestic and international cross-border transactions.
  • Integrated 3D Secure authentication to assist in meeting PSD2 and SCA regulatory requirements.
  • Redirects customers to a secure hosted environment, minimising the merchant's PCI DSS compliance scope.
  • Real-time status tracking for every link sent, identifying when a customer has viewed the page.
  • Automatic expiry settings for links to manage inventory availability and time-sensitive promotional offers.
  • Capability to attach specific invoice numbers or customer references for automated ledger reconciliation.
  • Compatibility with various digital channels including email, SMS, WhatsApp, and social media platforms.
  • Option for set transaction amounts or open fields for customer-defined donation and deposit values.
  • Responsive design ensures the payment interface functions correctly on mobile, tablet, and desktop devices.
See Pay by Link on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Apply now

Questions about Pay by Link

How does pay by link affect PCI DSS compliance for my business?

Pay by link typically reduces the scope of PCI DSS compliance because the merchant does not handle, process, or store sensitive cardholder data. The customer enters their primary account number and CVV directly into a secure hosted payment page provided by the PSP.

Since the transaction data is captured in an external, audited environment, many merchants are able to qualify for a simplified Self-Assessment Questionnaire, such as the SAQ A, which significantly reduces the administrative burden of annual security audits.

Is it possible to use 3D Secure with payment links for SCA?

Yes, hosted payment links are designed to support the 3D Secure protocol. When a customer initiates a payment through a link, the gateway can trigger the SCA process, requiring the issuer to verify the user via biometrics, a one-time passcode, or other multi-factor methods.

This is particularly important for transactions within the European Economic Area and the UK, where PSD2 regulations mandate strong authentication for most electronic payments to reduce the risk of fraud.

Can I set an expiration time for a payment link?

Most payment link systems allow merchants to define a specific lifetime for the URL. This is useful for managing time-limited offers, securing stock that cannot be held indefinitely, or ensuring that a quote remain valid only for a specific window.

Once the link expires, the customer can no longer access the payment page, and a new link must be generated if the transaction is to proceed. This helps maintain control over the sales pipeline and inventory.

What happens if a customer claims they never received the link?

Sophisticated gateways provide notification logs that track the status of the link. Merchants can verify if the link was successfully dispatched and, in some cases, whether the payer has clicked or viewed the hosted page.

If a link fails to arrive due to an incorrect email address or SMS filtering, the merchant can invalidate the original URL and generate a new one, or resend the existing link through a different communication channel.

Do these links support alternative payment methods like Apple Pay or Google Pay?

Yes, pay by link pages can be configured to display a variety of payment options beyond standard credit and debit cards.

Depending on the PSP's capabilities, the hosted page can detect the user's device and offer digital wallets like Apple Pay or Google Pay, as well as local alternative payment methods such as iDEAL or Bancontact.

This flexibility helps improve conversion rates by allowing customers to pay with their preferred method.

How are refunds handled for transactions initiated via a link?

Refunds for link-based payments are typically processed through the same merchant portal or API used to generate the link. The merchant identifies the original authorisation via a transaction ID or ARN and initiates either a full or partial refund.

The funds are then returned to the original payment instrument used by the customer. The settlement and clearing timelines for these refunds follow the standard rules set by the relevant card scheme or payment provider.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now