Is a tide of Pay by Link adoption adding to payer vulnerability?

4 November 2021


4 min read

Ian Tomlin

mobile fraud victim

One of the simplest and oldest digital payment methods, pay by link, is surprisingly still widely used in the financial services industry. Pay by Link describes the process of a payment request that happens by clicking on a link. Seems straightforward enough. Some in the tech industry argue that—with appropriate safeguarding (such as two-factor authentication)—there’s nothing wrong with this method.

However, it’s not always the case. Payment fraud is growing faster in the mobile ecosystem than anywhere else. The introduction of WhatsApp and SMS fraud has added to the ones of regulators, scratching heads to prevent fraud from occurring at scale.


OFCOM published data which revealed that in 2020, more than 65% of the country received a suspicious or scam call or text over a three-month period. Text was the most used method for fraud, with 71% receiving a suspicious text, and 61% of people aged 75 and over receiving a potential scam call

The challenge with tackling mobile payment fraud is that many individuals have been thrust into using apps to handle communications with suppliers, and pay bills—not through choice, but because providers are keen to cut their back-office costs. Older generations of consumers find themselves grappling with mobile app interfaces and remembering passwords they rarely use.

Against this backdrop, Pay by Link appears a simple solution to a complex problem for the app development teams of financial services companies. The problem is, that the broad consumer community lacks the digital awareness to know when a link is legitimate, and when it isn’t.

What we know is that financial services providers aren’t going to relent in their app development plans. Eight out of ten banks expect real-time payments to drive revenue growth and displace payment cards over time. With that level of market opportunity, financial services providers are ramping up their in-house digital teams, seeing tech innovation as a key instrument in their competitive armoury.

Finbarr Joy is a serial CTO in the Financial Services industry. He thinks that Pay by Link is seen by many digital champions as a simpler route to achieving faster time-to-value on mobile bill payments apps, but that’s not necessarily a good thing for the industry.

“It would be a struggle to argue that, with appropriate safeguards, Pay by Link ‘CAN’ be a safe route to making payment instructions from a mobile device. The challenge is, that the information security industry has been at pains to preach the message to users that clicking links is a bad idea; and now what we’re telling that audience that it’s sometimes okay to click on a link. That is a terribly confusing message.”

The information security industry is ramping up its narrative of not returning to the use of links in applications, recognising the long term behavioural impacts could create a huge hike in payments fraud, already on the up.

It remains to be seen where the industry goes from here. With so much attention being given to financial vulnerability and fraud risk, it seems likely that regulators will have to step in if the industry continues on this path.

Request to Pay is a secure, reliable alternative to pay by link

 Interested in the debate? Download our White Paper