Maybe ensure the URL is 1 time use and changes after each new financial record is added. Add a random code that is added to the ID or if the Encrypt allows a seed.|
Or
Replace this feature all together with true 1 time link management and or user access. AKA Low level user that can login with 1 time link emailed when requesting an update. They could also login in if they remember username and password but, not required as they dont care and it is annoying.
