Bank of America Sees Mobile-First Security Surge as Firms Embrace QR Sign-In

Highlights

Bank of America developed a QR code login for its CashPro platform by identifying password-related pain points through service data and co-designing the solution with clients, leading to over 2 million uses and 60% adoption growth.

The QR sign-in streamlines secure access without physical tokens, particularly benefiting regions with stricter authentication regulations like the U.K. and EU.

New features like push authentication eliminate the need to manually enter codes, reflecting a broader trend toward mobile-first, seamless experiences in B2B finance, where usability and security go hand in hand.

Business-to-business (B2B) transactions typically involve higher volumes and more complex authorization than consumer payments. Companies must balance usability with security, often managing multiple layers of authentication for different roles, departments and systems.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Still, look closely at the latest generation of B2B payment systems and you’ll find an unexpected hero emerging from consumer tech: the humble QR code.

    “When we built QR sign-in, it was in response to a pain point our clients were experiencing,” Jennifer Sanctis, managing director, CashPro at Bank of America, told PYMNTS.

    Less than two years after its 2022 launch, the B2B authentication tool has been used more than 2 million times, and its adoption is up 60% in the past year alone.

    But when Bank of America launched QR code login for its CashPro platform in 2022, it wasn’t aiming for a viral hit. The goal was straightforward: eliminate a major point of friction for corporate clients.

    “Our data drives a lot of our innovation strategy,” Sanctis said. “And as a result, we engaged with the clients who we saw were having those challenges with password resets and built a solution side-by-side with them.”

    What has emerged isn’t just a better way to log in. It could be a full-blown rethinking of how trust, identity and authorization are able to function in high-value business transactions.

    Solving Authentication and B2B Security

    Bank of America’s strategy reflects a larger trend accelerating the digitization of B2B: the convergence of enterprise-grade security with consumer-grade simplicity. Because for treasury and finance professionals, security is paramount. But so is ease of use.

    A key benefit of the QR sign-in on the CashPro platform is the removal of the physical token — once a standard part of multifactor authentication. Instead, users can rely on the integrated mobile token built into the CashPro app. This is particularly impactful in regions like the U.K., where regulatory requirements can often demand strong authentication.

    And Bank of America’s European corporate clients, it turns out, use QR sign-in more than twice as often as their counterparts in other regions.

    “Many of our European clients are required to have strong authentication at the point of sign-in,” Sanctis said. “So, they don’t need to enter in an OTP [one-time password] with their physical token. They can just go through that flow as part of that QR sign-in experience.”

    While new login systems can often trigger anxiety about vulnerabilities, Sanctis noted that CashPro’s approach has won over even the most cautious users.

    “As soon as our clients become aware and realize that this is available to them, they start using it and it becomes a preferred method of signing in,” she said. “They recognize it as a security best practice.”

    Designing for Delight

    Every day, billions of dollars move through ERP platforms, treasury systems and supplier portals; all of them demanding secure, authenticated access. But the dominant authentication architectures are becoming cumbersome relative to the emerging needs of finance teams.

    QR logins meet the moment: secure, scalable and simple to deploy. And the success of QR sign-in stems not only from security and convenience but also from thoughtful design.

    User experience is central to Bank of America’s own digital transformation vision. CashPro’s mantra? “Personalized, proactive, predictive.”

    That philosophy underpins their newest rollout: push authentication. The feature eliminates the need for users to fetch or enter codes by delivering token requests directly to their devices.

    “We’re really taking the guesswork out of authentication,” Sanctis said. “The token will just come to them directly.”

    Launched this month, push authentication has already been used thousands of times, further validating the mobile-first shift. Notably, mobile token authentications surpassed physical authentications for the first time in Q1 2025.

    “That was heavily driven by QR sign-in,” said Sanctis, who expects mobile usage to continue accelerating as push authentication gains traction. “It’s a win-win for everybody.”

    QR code logins may not carry the flash of blockchain or the buzz of AI, but they represent something arguably more powerful: immediate, practical transformation. They’re reducing friction, closing security gaps, and enabling real-time financial agility for the over 2 million businesses that trust them.