🇸🇦 Pay by Link – KSA Requirements

Merchants operating in the Kingdom of Saudi Arabia (KSA) are subject to additional regulatory and fraud-prevention requirements. This page consolidates all Pay by Link (PBL) rules that apply exclusively to the KSA region.

These requirements comply with Network International, SAMA, and regional payment regulations.

---

Email Rules (KSA Only)

Sender & Domain Restrictions

• All PBL emails must be sent from the official N-Genius domain.
• The ‘From’, ‘Sender Name’, ‘CC’, and ‘BCC’ address fields are locked for merchants.
• Only Tenant or Platform Admins can configure these fields.

Required Email Subject Format

Every email subject must include:

• Merchant Brand Name
• (If applicable) Merchant Legal Name & Registration Number

Merchants cannot edit or override forced subject components.

Email Body Restrictions

The email body:

• Must be plain text only
• Max 300 characters
• Must NOT contain:
  • Clickable links
  • Phone numbers
  • Images, HTML tags, smart tags, or scripts
  • Attachments of any kind

---

Branding & UI Restrictions

To comply with anti-impersonation requirements:

• Merchants cannot change logos, themes, or colours for Pay by Link.
• Branding is controlled by Network International.
• Payment pages must use the official gateway domain only.

---

Currency & Transaction Type (KSA Only)

• Only Saudi Riyal (SAR) is supported for Pay by Link.
• Transaction type is controlled by Network International.
• Supported transaction types include:
  • Purchase
  • Recurring
  • Installments

SALE transactions are not supported in KSA.

---

Link Expiry Rules

Link expiry is defined by the Tenant Admin and cannot be modified by merchants.

Supported expiry units:

• Minutes: 1–60
• Hours: 1–24
• Days: 1–3

Merchants cannot override the expiry duration when creating a PBL.

---

Link Security Requirements

To ensure customer protection:

• Each link is single-use.

• A link expires after:

  • 1 successful payment, or
  • 3 failed payment attempts.

• Link amount, currency, and recipient email cannot be changed.

• Links cannot be reused, reissued, or modified after creation.

---

3-D Secure Requirements

• All card-based transactions must be authenticated using 3-D Secure (3DS2).
• Wallet transactions may not use 3DS (based on scheme and issuer behaviour).

Tenant Admins must ensure 3DS is enabled for all KSA merchants.

---

Risk & Fraud Controls

• Risk engine evaluates:

  • Customer IP
  • BIN / card type
  • Geo-location
  • Email reputation

• Tenant Admins can manage allowlists and deny lists for:

  • IP ranges
  • BINs

Merchants may add their own rules but cannot modify Tenant-level configurations.

---

Access & Governance Rules

• Only Merchant Admin users can create Pay by Link requests.

• Other roles (e.g., Sales, Support) cannot generate links unless explicitly permitted by NI.

• PBL is disabled by default for all merchants.
  To enable it:

  1. Merchant submits a request to their NI Relationship Manager
  2. Merchant signs the required liability agreement
  3. Tenant Admin activates PBL and configures email/branding on behalf of merchant

---

Customer Protection

A fraud-warning message must be displayed on PBL payment pages.

The message text and placement are determined by NI and may vary by merchant setup.

---

Monitoring & Incident Response

Network International continuously monitors:

• Spikes in link creation
• High failure rates
• Repeat attempts or suspicious patterns
• Abnormal payment behaviour

If a merchant account is compromised:

• PBL can be disabled instantly by Tenant Admin
• Existing links may be automatically suspended based on system configuration

---

Summary of KSA-Specific Restrictions

---

For questions or support relating to KSA Pay by Link compliance, please contact your Network International Relationship Manager.