The following is a guide to building Custom Payment Pages for merchants using GoCardless Pro or GoCardless Custom. See our Pricing page for more details.
Before designing and hosting IBP one-off Custom Payment Pages, it’s important to be aware that there are strict compliance requirements for the content and formatting of these pages.
We’ll work with you to build compliant Custom Payment Pages, and these have to receive a final sign-off once they’re ready (see below for the approval process).
After your Custom Payment Pages have been signed off, they must not be changed without GoCardless’ approval, and we would like to remind you of your contractual obligations to:
-
comply with GoCardless’ directions, instructions and guidance;
-
ensure that no elements of the Custom Payment Pages could put GoCardless in breach of relevant law and regulation; and
-
remove or amend any part of the Custom Payment Pages immediately if notified to do so.
Approval process
Once you've completed the design and build of your custom payment pages, you need to submit templates to GoCardless for approval prior to your go-live date.
We will provide you with feedback on any required changes (if necessary).
Once you have written approval from GoCardless, we will enable a feature on your GoCardless account that allows you to create IBP one-off mandates directly via the API.
Alongside the design and subsequent approval of your payment pages, the client sign up and creation flow will also need to be implemented. This involves integrating with the GoCardless API.
You can follow the steps below to build and test your integration in our sandbox (testing) environment:
-
Create a sandbox account here.
-
Once you’ve set up your sandbox account, please reach out to our Support team to let us know that you have set up the account and would like to test IBP one-off Custom Payment Pages, along with the email address you set it up with (this allows us to locate your sandbox account and enable the IBP one-off CPP for you).
-
Create an access token with read-write access.
-
Use the access token to link your sandbox account with your internal system.
-
Test the customer creation process, as outlined in the developer documentation here.
Once you have fully tested your integration with our API and your Custom Payment Pages have been approved, the final step is to launch what you’ve built so that customers can begin signing up through your newly built process.
To move your integration from the testing to a live environment, simply rotate your access token from your sandbox to your production GoCardless account.
Quick guide
To create fully compliant Custom Payment Pages, there are a number of requirements you must meet. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
| Step | Quick reference |
|---|---|
| 1 |
You must provide your payers with the following consent parameters (i.e. payment rules):
|
|
2 |
You must provide one of the following options for payers to select their account:
|
|
3 |
You must seek the payer’s consent by:
|
|
4 |
You should provide messaging to inform payers how to complete the payment authorisation and let them know that they will be taken to their bank. |
|
5 |
You must provide confirmation and certain information to the payer when they have successfully authorised a payment |
|
6 |
You must remind the payer that the payment is being powered by GoCardless and provide information about our regulatory status (including FCA registration number) |
|
7 |
If you have custom notifications enabled, you must send your payers an email which confirms the one-off payment was successful, with information related to that payment (amount, currency, payee (i.e. your) name, payment reference, date) |
1. Consent parameters
In order for your payer to provide their explicit consent to set up a one-off payment (see step 3 for further detail), they must firstly be presented with these mandatory consent parameters:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payee (i.e. your) name |
The payee to be credited with the payment must always be clearly stated. Whilst GC is the “initial payee”, you (the merchant) are the “ultimate payee”, and therefore you should include your legal name (and trading name if different to your legal name). |
“Make a one-off instant payment to [your legal / trading name] |
|
Payment description |
This is optional but we recommend populating it to make clear what the payer is making a one-off payment for. |
|
|
Amount and currency |
The amount of the one-off payment, along with the currency of the one-off payment (this will be GBP for UK implementation), must be clearly stated. |
2. Account selection
In order for your payer to select the payment account they wish to make the one-off payment from, they must be presented with one of the following options:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
| Enter account identification details | If you opt for this option, payers must be allowed to enter either account number and sort code, or IBAN. | “Your bank details Account holder name: ___ Your sort code (must be 6 digits long): ___ Your account number (must be 8 digits long): ___ Or click here to enter an IBAN Continue” |
| Select account identification details | If you opt for this option, payers must be able to select their pre-populated account details which assumes they have been saved previously. | “Select your bank details ___ Continue” |
3. Consent & terms
In order for the payer to consent to the parameters set out above (step 1), you must present the following information:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
GoCardless trading name |
As a payment initiation service provider (PISP), the GoCardless trading/brand name must be displayed to the payer during the setup of their consent, explaining that GoCardless is your payment provider. |
“Connecting you to [bank] |
|
Clearly explain what the payer is consenting to |
You must use clear language that the payer will be consenting to the payment. |
|
|
Repeat consent parameters and payer account information |
You must re-display:
|
“[Payment description] |
|
GoCardless’ Terms of Use & Privacy Notice |
In order for the payer to enter into a legally binding agreement with GoCardless, you must enable the payer to view the applicable GoCardless terms on the consent screen. To do this, you must include our mandatory component on the consent screen. This component must be free of any obstructions, and as prominent as the rest of the text on the screen. |
Component: |
|
Confirmation / consent button |
You must provide payers with an opportunity to show that they actively consent to all of the above e.g. a confirmation / consent button. |
“Confirm and continue” |
4. Authorisation & redirection
Whilst there are no mandatory requirements governing this part, in order for payers to complete the flow, you should provide messaging to inform payers about the next steps (i.e. that they need to authorise the payment, and to do this will be redirected to their banks):
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Authorisation |
You should provide messaging to inform payers how to complete the payment authorisation. If you choose to provide a QR code, make it clear the payer will need to scan with their mobile phone to open their banking app. |
“Please authorise the payment |
|
Redirection |
You should provide messaging to inform payers that they will be taken to their bank to complete the payment. |
“We will securely transfer you to [name of bank] to authenticate.” |
5. Confirmation
After the payer has authorised the payment with their bank, you must provide messaging to inform the payer of the following:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Information related to successful payment (amount, currency, reference) |
After a payment has been successfully initiated, you must provide the payer with these details about the payment:
|
“Good news [name of payer]. You’ve successfully authorised the payment and your email confirmation is on its way. |
6. Footer
On all Custom Payment Pages, you must include a footer with the following information:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Regulatory status disclosure |
You must remind the payer that the payment is being securely powered by GoCardless and provide information about our regulatory status (company number, the fact we’re authorised by the FCA, our FCA registration number). |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.” |
|
Privacy notice |
You must display GoCardless’ Privacy Notice. |
“GoCardless uses personal data as described in their Privacy Notice.” |
7. Emails
After the payer exits the flow, if you have custom notifications enabled, you must follow up with the following emails:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Information related to successful payment |
You must inform the payer that a payment was successful and provide them with these details about the payment:
|
“Dear [payer] |
|
Regulatory footer & privacy notice |
You must include a footer to let consumers know how GoCardless’ service is provided and how data is controlled |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. |