How to Use QR Codes for Payment Links

Three payment surfaces, three different conversion stories

Where a payment QR appears drives most of its conversion outcome before any optimization on the destination page. An invoice email arrives in a known inbox at a moment when the recipient is already thinking about the bill, and scan-to-pay rates often land in the 35 to 55% range for B2B and 50 to 70% for consumer service invoices. The lift is largest when the same email also has a manual pay-now button as a fallback for desktop readers.

A printed receipt is a different beast. Most receipts get tossed; the few that survive are usually for big-ticket items or business expense reimbursements. Conversion from a receipt-printed payment QR (used for tips, post-service add-ons, or split-bill payment) sits in the 5 to 15% range. The lift comes from making the QR larger than the rest of the receipt body and labeling it clearly with copy like “Tip or split the bill: scan here.”

A counter sign or table tent at point-of-sale runs hottest during the transaction itself but cools rapidly the moment the customer steps outside. We have seen 80%+ conversion when a staff member points at the QR while saying “scan to pay,” and under 10% when the same code is just sitting passively on a corner of the counter. Placement is necessary, but a verbal cue is what closes the gap.

Trust signals that matter on first paint

The most overlooked failure mode in payment QR campaigns is the moment between scan and decision. The customer scans, the browser opens, and for two or three seconds they are looking at a destination page they have never seen before, wondering whether someone slapped a sticker over the legitimate code. If your payment page shows the merchant name, the exact amount, and the invoice or order reference number above the fold on first paint, that moment of hesitation collapses. If it shows a generic “Pay” header with no merchant identity, a chunk of customers bail.

Three on-page elements close the trust gap fastest. Show the merchant name in the same form the customer recognizes. Legal entities often differ from trading names, and using the trading name reduces confusion. Show the precise amount, not “Total to be calculated.” Show the invoice or order reference, ideally as a URL parameter the customer can verify against their paper invoice. Stripe Checkout supports this through prefilled client_reference_id and customer_email parameters, and a typical URL looks like https://buy.stripe.com/abc123?prefilled_email=invoice%40customer.com&client_reference_id=INV-2026-0418. PayPal’s invoicing flow exposes invoice numbers similarly.

Deep linking to wallet apps

For peer-to-peer or low-friction merchant payments, app deep links bypass the web page entirely. Venmo accepts venmo://paycharge?txn=pay&recipients=username&amount=25.00&note=Invoice%20payment on iOS and Android. Cash App uses https://cash.app/$username/25 as a universal link that the iOS system routes into the app if installed. Zelle has no public deep-link API in the consumer sense, since bank apps own that flow, so most Zelle QR codesA 2D matrix barcode that encodes data in a square grid of black and white modulesA single black or white square in the QR grid. The number of modules per side scales with the QR versionThe size of a QR code, numbered 1 (21×21 modules) through 40 (177×177). Higher versions store more data but require more printed space. Read more →, from 21×21 modules for version 1 up to 177×177 for version 40. Read more →. Read more → carry an email or phone number and let the customer paste into their bank’s Zelle interface.

PayPal’s consumer flow accepts https://www.paypal.com/qrcodes/managed/[id] for personal codes and the Hyperwallet-style invoice URLs for business payments. For markets running EMVCo standards, the QR encodes a structured payload that bank apps natively interpret. India’s UPI, Singapore’s SGQR, Thailand’s PromptPay, and Brazil’s Pix all rely on this. The right approach is to use the bank or PSP’s official QR generator rather than wrapping the payload in a third-party redirect.

A useful hedge: print a QR that lands on a tiny page offering three payment options (“Pay with card” via Stripe Checkout, “Pay with Venmo,” “Pay with PayPal”) with the most common method first. The added click costs 1 to 3 percentage points of conversion versus a direct deep link, but it covers customers who do not have your preferred wallet installed.

Recurring billing versus one-off

For one-off payments like a contractor’s invoice, a hotel folio, or a doctor’s bill, the QR should land on a fully prefilled payment page with the amount locked. Editable amount fields invite typos and reduce trust; locked amounts close cleanly. Use the URL to PNG generator to produce a high-resolution code suitable for invoice headers and a URL to SVG version for letterhead templates that need to scale cleanly to A3.

For recurring billing, the QR should not initiate a payment directly. It should land on a customer portal where the user sees their subscription status, can update the card on file, and can pay any outstanding balance. Stripe’s customer portal at https://billing.stripe.com/p/login/[id] is a clean primitive for this. Pre-authenticated portal links delivered by email work well, and the QR variant is mostly useful in mailed dunning notices for failed cards.

The counterfeit-sticker attack

Public-facing payment QRs on parking meters, restaurant table tents, and storefront windows are a known attack surface. Scammers print a QR sticker linking to a phishing wallet or a lookalike payment page and physically overlay it on top of the legitimate one. Several US cities reported parking-meter overlay attacks in 2022 and 2023, and the SEC issued advisories about similar attacks on cryptocurrency-linked codes. The are QR codes safe overview covers the broader threat model.

Two defenses help. Make the legitimate code physically resistant to overlay through laminate, embossing, or printing directly into a fixed surface. Engraved metal counter signs are common in higher-end restaurants for this reason. Train customers to verify the destination domain on first paint as well. A storefront sign that says “Always check that the URL starts with https://pay.yourbusiness.com” gives customers a check they can apply themselves. The retail packaging playbook covers a related but distinct sticker integrity question.

Prefilled invoice references kill typos

Manual entry of invoice numbers is the most common drop-off point in mid-market B2B payment flows. A controller staring at a long alphanumeric reference will often paste it wrong, get a “not found” error, and either give up or call accounting. Encoding the invoice number directly into the QR-linked URL eliminates the typo path entirely.

For Stripe-hosted invoices, the URL pattern https://invoice.stripe.com/i/acct_xxx/test_yyy is uniquely tied to the invoice and the amount; no further parameters are needed. For QuickBooks Online and Xero, both expose a direct invoice payment URL through their respective customer portals. For custom-built billing, append ?invoice=INV-2026-0418 to the payment page and read the parameter server-side to lock the form to that invoice. This approach also makes per-invoice attribution clean. Every successful payment ties back to a specific QR scan, which simplifies reconciliation when invoices were sent through multiple channels.

After payment: confirmation that travels

The post-payment screen is doing more work than most teams give it credit for. It tells the customer the payment landed, which is the single most anxiety-reducing message you can send a non-technical user paying through a QR. Show the amount, the merchant, the date, and a confirmation reference. Offer “Email me a receipt” as an explicit action. If the payment was for a service that has a next step like delivery, reservation, or follow-up call, state it plainly. For event and registration use cases, the event check-in playbook covers the handoff from payment to credentials, and the QR code use cases overview ties payment flows back into the broader landscape of offline-to-digital touchpoints. Restaurant operators should pair this with the tableside payment playbook, which covers split-the-check workflows and server-handoff design that don’t fit a generic invoice-payment pattern.