Checkout

Payment links

Cardflo's payment links offer a versatile tool for merchants to collect payments without a traditional website checkout. Create unique, shareable URLs that direct customers to a secure payment page.

This solution is perfect for businesses requiring flexibility in payment collection, whether for remote sales, bespoke orders, or direct customer interactions.

Category
Checkout
Capabilities
10
Available on
All plans
Apply now

The overview

Payment links function as standalone hosted payment pages that act as a bridge between an invoice or customer interaction and the final settlement.

These unique URLs are generated through a gateway or PSP dashboard, bypassing the requirement for a merchant to maintain a complex e-commerce front end or integrated checkout API.

When a customer executes the link, they are directed to a secure, PCI-DSS compliant environment where they select a payment method and provide credentials. This mechanism supports various transaction types including one-off sales, subscription sign-ups, and recurring billing authorisations.

For B2B firms or service-based enterprises, the link acts as a digital request for payment that synchronises with the acquirer's backend.

The technology manages the front-end capture of card data or alternative payment method details, ensuring that Sensitive Authentication Data is never stored on the merchant’s local infrastructure, thereby narrowing the scope of compliance audits.

How it works

  1. Link Generation and Parameter Mapping

    The merchant initiates the request within the gateway portal by defining specific transaction parameters. This includes the currency, total amount, and any descriptor text such as an invoice number or service description.

    The system then generates a unique URL or QR code tied to the specific merchant identification number.

  2. Distribution via Communication Channels

    The generated link is delivered to the counterparty through digital channels like email, SMS, or messaging applications.

    Because the link is portable, it facilitates payment collection outside of traditional web stores, making it suitable for professional services, wholesale orders, or social media trade environments where direct links are required.

  3. Secure Customer Credential Capture

    Upon clicking, the customer is redirected to a hosted environment that manages the Strong Customer Authentication process. The page collects card details or interacts with digital wallets.

    The gateway then forwards the authorisation request to the acquirer, who communicates with the card scheme and the issuing bank.

  4. Transaction Validation and Webhook Notification

    Once the issuer approves or declines the transaction, the status is updated in real time. The gateway sends a webhook or notification to the merchant’s system to confirm settlement status.

    The funds then follow standard clearing cycles, eventually moving from the acquirer to the merchant's bank account.

Why it matters

Reduced Technical Infrastructure Requirements

By utilising hosted payment pages, merchants can avoid the high costs and technical complexities associated with building and maintaining a custom checkout flow. This approach shifts the burden of PCI-DSS compliance and security updates to the payment service provider.

It allows businesses to accept digital payments without a traditional website, reducing the operational overhead of software development and server maintenance while ensuring high availability during the transaction process.

Mitigation of Cardholder Data Risks

Payment links minimise the risk of sensitive data exposure by ensuring that cardholder information never enters the merchant's local environment. The entire data capture process happens on the gateway's hardened servers.

This isolation is crucial for protecting against data breaches and ensuring compliance with global financial regulations. It also simplifies the annual Self-Assessment Questionnaire process required by card schemes, as the merchant never handles unencrypted primary account numbers.

Use cases

Professional Services and Invoicing

Law firms, consultancies, and freelancers can embed payment links directly into PDF invoices. This allows clients to pay for services immediately via credit card or bank transfer rather than relying on manual bank wires.

Bespoke Manufacturing and Wholesale

For custom orders where the final price varies, sales representatives can generate a specific link once the quote is finalised, ensuring the customer pays the exact agreed amount rather than a generic catalogue price.

Telephone and Remote Sales

MOTO merchants can send a link to a customer during a phone call instead of taking card details verbally. This method improves security and ensures the transaction is protected by 3D Secure protocols.

Debt Collection and Late Payments

Credit control departments can send automated reminders containing a direct link to the outstanding balance, facilitating immediate resolution and improving the business's days sales outstanding metric through simplified friction-free payments.

By the numbers

<2s
Average Transaction Time

Authorisation speeds typically fall within this range depending on the issuer's response time and the network latency between the gateway and the acquirer.

15-25%
Checkout Completion Improvement

Merchants often observe an increase in successful settlements when moving from manual bank transfers to direct payment links due to reduced friction.

60-80%
Fraud Reduction Efficiency

Industry data suggests that utilising 3DS-enabled links significantly reduces successful unauthorised transactions compared to non-authenticated MOTO or manual entry methods.

Ready to route with Payment links?

Talk to our team about a live rollout on your acquiring stack.

Apply now

What you get with Payment links

  • Supports diverse payment methods including major credit cards, debit cards, and digital wallets.
  • Eliminates the requirement for complex API integrations or local website checkout development.
  • Enables Strong Customer Authentication to comply with PSD2 and regional security mandates.
  • Allows for configurable expiration dates on links to manage time-sensitive discount offers.
  • Provides real-time visibility into link status including delivered, viewed, and paid states.
  • Facilitates easy distribution across SMS, email, and various social media messaging platforms.
  • Supports multiple currencies to facilitate cross-border transactions and international commerce expansion.
  • Reduces the PCI-DSS compliance burden by using hosted, secure payment environments.
  • Includes customisable metadata fields to assist with automated accounting and reconciliation processes.
  • Automates the generation of digital receipts for customers immediately following a successful authorisation.
See Payment links on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Apply now

Questions about Payment links

How do payment links help with PCI-DSS compliance for my business?

Payment links leverage a hosted payment page model where the cardholder enters their sensitive credentials directly into the gateway's secure environment. Since the cardholder data never touches your servers or local network, your business stays out of the scope for many complex PCI-DSS requirements.

You typically only need to complete a simplified Self-Assessment Questionnaire, as the service provider handles the encryption and management of the primary account numbers and sensitive authentication data.

Can I use payment links to collect recurring payments or subscriptions?

Yes, payment links can be configured to initiate a Merchant Initiated Transaction or a recurring billing agreement. When the customer completes the initial transaction via the link, the gateway can tokenise the credentials.

This allows the merchant to store a secure token for future billing cycles, provided that the appropriate cardholder consent for recurring payments was obtained during the initial checkout process on the hosted page.

What happens if a customer clicks an expired payment link?

If a link has an expiry duration set by the merchant and that time has elapsed, the hosted page will display an error message rather than the payment form. This prevents unauthorised or late payments on quotes that are no longer valid.

The gateway's management interface allows merchants to monitor expired links and regenerate them if a customer requires a new window for payment.

Are payment links protected by 3D Secure and SCA?

Most modern payment link services are designed to be fully compatible with 3D Secure 2 protocols. When the customer interacts with the link, the gateway triggers the necessary authentication flow required by the issuing bank.

This ensures compliance with PSD2 regulations in Europe and the UK, helping to reduce the risk of fraud and potentially shifting the liability for chargebacks from the merchant to the issuer.

How do I reconcile payments received via links with my internal accounting software?

Payment links generally include unique identifiers and metadata fields that are passed through the authorisation and settlement stages. When a payment is successful, the gateway provides an ARN or a transaction ID that can be mapped back to your internal invoice or customer record.

Many platforms also offer webhooks that can automatically update your CRM or ERP system once the status changes to authorised.

Can payment links be used for Mail Order Telephone Order (MOTO) environments?

While MOTO usually involves the merchant entering data on behalf of the customer, many firms are favouring payment links as a more secure alternative.

Instead of the agent hearing and typing the card details, they send a link to the customer via SMS or email during the call. This reduces the risk of data theft within the call centre and ensures the transaction undergoes standard digital authentication.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now