The following is a guide to building custom payment pages for customers on GoCardless Advanced and Pro pricing plans and for partners, using the add-on feature Custom checkout experience and payer notifications.
Payers in Denmark need to complete a Direct Debit mandate to authorise merchants to take payments from them via Betalingsservice, the local Direct Debit scheme.
Customers on GoCardless Advanced and Pro pricing plans have the option to use GoCardless’ own payment pages, or to build their own custom payment pages by using our Custom checkout experience and payer notifications add-on feature. Please note there is an additional “add-on” monthly fee called Custom checkout experience and payer notifications.
Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their customers (payers) a consistent branding experience.
Please note: Custom payment pages will need to be approved by GoCardless before being implemented.
Requirements
There are certain requirements set out by Betalingsservice & GoCardless that must be captured from your customer in order to set up a mandate. These should appear on the ‘information entry’ page and include:
-
First & last name
-
Email address
-
CPR number
-
Account number ‘kontonummer’
-
Registration number ‘Registreringsnummer’
-
Data protection law notice
How to build custom payment pages
There are 4 steps to ensure compliance with the Betalingsservice scheme rules and GoCardless processes:
-
HTTPS hosted payment pages
-
Information entry page
-
Summary and confirmation page
-
Submit payment pages to GoCardless for approval
1. Host your payment pages with HTTPS
To ensure your customer’s details are secure, you should host your payment pages with HTTPS. You can do this by configuring your website to only accept secure (SSL - minimum of SHA-256 SSL support TLS1.1 or TLS1.2).
2. Information entry page
You should include fields to capture the following information:
-
First & last name
-
Email address
-
CPR number
-
Account number ‘kontonummer’
-
Registration number ‘Registreringsnummer’
-
Display a note about GoCardless’ regulatory information and data protection (see below)
To comply with regulatory requirements and data protection law, you must also let your customers know how the GoCardless service is provided, and about third party data controllers that power your website on the information entry page. You can do this by displaying the text below in your page footer:
“Payments securely processed by GoCardless. GoCardless SAS (company registration number 834 422 180, R.C.S. PARIS) is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services. GoCardless uses personal data as described in their Privacy Notice”
Without that upfront notice, we could both be violating the law. (Read more here)
If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be as follows:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your payments, personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
If you are a GoCardless partner, you must include the ‘Payments by’ notice above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.
Summary page
Simply display all the details from the ‘information entry’ page back to your customer.
Confirmation page
-
Display an acknowledgement to your customer that their mandate has been setup.
-
Show what your customers will see on their bank statement.