For your recipient to be able to claim the money, he/she would need to input the OTP (one time password) sent through his/her mobile number as part of the verification process. This ensures that it is the same recipient as intended by you, the sender.
​
In addition, the email link has an expiry of 2 weeks, after which, the recipient would no longer be able to access limiting potential exposure to unintended third parties.
​
Lastly, the OTP only limits recipients to 5 attempts, after which, it would automatically lock-out the recipient and fail the transfer. This prevents unintended recipient to brute force the OTP and therefore get unauthorized access to the funds.