Deutsch English (CA) English (GB) English (NZ) English (US) Español Français

Did this answer your question?

Thank you, your ticket has been marked as resolved!

If you have any further questions, please reply via your recent email from us or alternatively submit a new request to our Support team here.

Dismiss

Sorry we couldn't solve your issue here! Your original request has been received and we'll get back to you as soon as possible.

Dismiss

Articles in this section

Chat with us

Can't find what
you're looking for?

GoBot can help you answer your
questions, but first we need to
know how you use GoCardless.

Bacs custom payment pages

The following is a guide to building custom payment pages for merchants using GoCardless Pro or GoCardless Custom, and for partners

 

What are payment pages?

Payers in the UK need to complete a Direct Debit Instruction (DDI), also known as a mandate, to authorise merchants to take payments from them via Bacs, the local Direct Debit payment scheme. 

With GoCardless Pro and GoCardless Custom, you may offer payers the option to complete the mandate online, on paper, or over the phone. Payers use payment pages to complete mandates online.

Merchants using GoCardless Pro or GoCardless Custom have the option to use GoCardless’ own payment pages, or to build their own custom payment pages. 

Our partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their payers a consistent branding experience. 

You may also build your own payment notifications to further customise your payers’ experience.

Custom payment pages will need to be approved by GoCardless before being implemented.

 

How to build custom payment pages

There are 5 steps to ensure compliance with the Bacs scheme rules and GoCardless processes: 

  1. HTTPS hosted payment pages
  2. Information entry page
  3. Summary and confirmation page
  4. Setup success page
  5. Submit payment pages to GoCardless for approval

The details for each are below, and there’s a summary table here.

 

1. HTTPS hosted payment pages

To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.

 

2. Information entry page

This is the sign-up page for your product / services, and is used to capture the payer information necessary to set up a mandate.

There are 5 compulsory elements to this page, and 1 recommended element.

Compulsory:

  1. Page heading that is identifiable to payers. We recommend ‘Set up a Direct Debit with [merchant name]’. 
    • Partners - make a GET request to the creditors endpoint, and pull the ‘name’ field to populate the merchant name
  2. Entry points to collect payer details
    • Account holder name
    • Account number
    • Sort code
    • Email address. You are not required to collect email address if (1) you have previously collected it, or (2) you are using custom payment notifications and are notifying payers via post rather than email.
    • Billing address. You are not required to collect billing address if you have previously collected it.
  3. Confirm that the person entering into the transaction is the only person required to authorise debits from the account i.e., whether or not the account is dual signature. Include a checkbox with text to read ‘More than one person is required to authorise Direct Debits’.
    • If a payer ticks the checkbox, you will need to advise them whether or not you support dual signature accounts - see recommended section below.
  4. Page footer to let payers know about 3rd party data controllers that power your website. Text to read ‘Payments by GoCardless. Read the GoCardless privacy notice.'
  5. The Direct Debit Guarantee. You must include or link to the full text of the Direct Debit Guarantee, and Direct Debit logo, as shown below. You can read more about the Direct Debit Guarantee here.
    • Merchants - in place of the boxes currently reading 'GoCardless', this text should read your SUN name i.e., 'GC Re + [text you have chosen to appear on payers' bank statements]'
    • Partners - in place of the boxes currently reading 'GoCardless', make a GET request to the creditors' endpoint, and pull [scheme_identifiers: name]
    • Merchants and partners - ensure you use the correct number of days advance notice - i.e., 3 days

Direct_Debit_Guarantee.png

Recommended:

While it is a requirement to confirm whether or not a bank account is dual signature, it is not a requirement to subsequently allow sign ups from dual signature accounts.

You may choose to accept sign ups from individual signature accounts only, but we recommend enabling signups from dual signature accounts as well, to enable all of your payers to pay via GoCardless. 

If you choose to support dual signature accounts, you’ll need to follow the process here under the heading ‘Completing and returning dual signature mandates via Custom Payment Pages’.

 

Why is the page footer a requirement?

This upfront notice ensures compliance with data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here

What if I can’t include the footer?

If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/

What if I’m a partner?

You must include the above ‘Payments by’ notice on your payment pages, or at a minimum, enable the merchant to provide a link to their privacy notice at the information entry page.

 

3. Summary and confirmation page

This page is to allow payers to view and verify their details before submitting them.

There are 4 compulsory elements and 1 recommended element:

Compulsory:

  1. Page heading that is identifiable to payers. We recommend ‘Check your details are correct’. 
  2. Payer account details as collected in the information entry page - account name, account number, and sort code
  3. Creditor / merchant information
    • Merchant name
    • Merchant’s phone number and/or email address
    • Name that will appear on payers’ bank statements
  4. Advice of right to cancel. Text to read ‘You may cancel this Direct Debit at any time by contacting [Merchant Name] or your bank.’

Recommended:

Include an ‘edit’ button, allowing payers to amend any incorrect information.

What if I'm a partner?

Partners can make a GET request to the creditors endpoint to pull the creditor/merchant information cited in points 3 and 4.

Query the API to retrieve the following:

  • Merchant name - [name]
  • Merchant phone number - [scheme_identifiers: phone_number]
  • Merchant email address - [scheme_identifiers: email]
  • Name that will appear on payers’ bank statements - [scheme_identifiers: name]

 

4. Setup success page

This page is to confirm that the mandate has been set up.

You must include both of the following: 

  1. Page heading that is identifiable to payers, i.e., message to confirm Direct Debit setup, such as “Direct Debit set up successfully”
  2. Confirmation that the payer will receive notification (via email or post) within 3 business days confirming that the mandate has been set up

 

5. GoCardless approval of payment pages

Mock ups of your payment pages must be sent to GoCardless for approval prior to your go-live date. Once you have written approval from GoCardless, you may implement the payment pages. 

To test your payment pages, you can sign up here for a sandbox account.

What if I’m a partner?

When creating a new partner app and going through our technical certification process, you’ll be able to submit custom payment pages for approval through our partner portal.



Summary table

The below shows a summary of the relevant information at each stage of the payment pages.

All information is required unless specified otherwise.

 

Information entry page

Summary & confirmation page

Setup success page

Page heading that is identifiable to payers

Displayed

Displayed

Displayed 

Account holder name

Captured

Displayed

  

Email address

Captured

    

Billing address

Captured

    

Bank account number

Captured

Displayed

  

Sort code

Captured

Displayed

  

Confirm whether or not the payer's bank account is dual signature

Captured

    

Dual signature account sign up functionality

Recommended

    

Page footer to let payers know about 3rd party data controllers that power your website

Displayed

    

Edit button allowing payers to amend their details

  

Recommended

  

Merchant name

  

Displayed

  

Merchant phone number and/or email address

  

Displayed

  

Name that will appear on payers’ bank statements

  

Displayed

  

Advice of right to cancel Direct Debit

  

Displayed

  

Direct Debit Guarantee

 Displayed

 

  

Direct Debit logo

 Displayed

 

  

Advice that payer will receive notification (via email or post) within 3 business days confirming mandate set up

    

Displayed