The organisation responsible for the oversight of the Autogiro scheme, Bankgirot, defines three types of online mandates for Autogiro (for more details see our guide to Autogiro mandates here).
GoCardless uses mandates via an electronic mandate form (known as Medgivande via elektroniskt medgivandeformulär in Swedish). This practical guide will help you with the compliance requirements to create this electronic document and to offer online Autogiro on your website.
To create fully compliant payment pages for your customers, you will need to:
- Serve your payment pages over HTTPS
- Collect the payer's name, civic/company number and bank details
- Make sure your customers are aware that payments are powered by GoCardless in the footer of the page
- Provide your own company's name, address, company number and logo
- Display the Autogiro mandate text
The GoCardless payment pages are used as an example throughout this guide. You can view them in their entirety here.
1. Serve your payment pages over HTTPS
Why? Ensures customer details are transmitted securely.
How? Configure your website to only accept secure (SSL) connections.
2. Collect the payer's name, civic or company number and bank details, and display 'Payments by GoCardless'
Why? This is the minimum information required to set up an Autogiro Direct Debit.
How? Collect this information on a payment page.
Name should include both first name and last name. The name of the account holder can be different from the payer’s name (for example in a B2B transaction) but you may suggest the concatenated first name and last name.
The Swedish civic/identity number must be collected from individuals (the personnummer, or samordningsnummer for persons not registered in Sweden). The Swedish company number (organisationsnummer) must be collected for companies.
Bank account details must include the sort code (clearingnummer) and account number (konotonummer). Local bank account details are required for Autogiro in Sweden. It is not possible to submit an Autogiro mandate against an IBAN.
Optionally, you may also want to collect the customer's email address as there are notification requirements before payment is taken under Autogiro. See our guide to taking Autogiro payments for more information.
3. Make sure your customers are aware that payments are powered by GoCardless in the footer of the page.
Why? To comply with data protection law, it’s essential to let your customers know about third party data controllers that power your website.
How? Display the text below in your page footer:
Payments by GoCardless. Read the GoCardless privacy notice.
Without that upfront notice, we could both be violating the law. (Read more here)
If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
If you are a GoCardless partner, you must include the ‘Payments by’ notice set out above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.
4. Provide your own company's name, address, company number and logo
Why? Ensures the customer is aware of who is collecting the payment.
How? Add a snippet of text on the page along with the company logo. Scheme rules also allow merchants to display Bankgirot's logo instead if desired.
4. Display the customer's details back to them for confirmation and display the Autogiro mandate
Why? Confirm the customer's approval and provide the Autogiro terms, conditions and rules that the payer accepts by signing a mandate.
How? Display a final confirmation before the form submits, and provide a copy of the mandate.
The formatting of the mandate is at your discretion, but you must include the following details:
- The customer's information: name, civic/company number and account details, as described above
- The customer's Payment Service Provider (their bank)
- Your company's details, as described above
- The date the mandate was created
Bankgirot provides mandatory text that must be included on the mandate verbatim. The mandatory wording is available in English and Swedish.
You can see a compliant electronic mandate confirmation page below:
Clicking 'View your Direct Debit instruction' opens the electronic copy of the mandate. You can see an example of this here.
Once a customer has confirmed the electronic mandate, you should create a timestamp of the transaction. You should also store their IP address or a log of the transaction.
Autogiro and GoCardless
GoCardless is an end-to-end Autogiro provider. We can either completely handle Autogiro compliance on your behalf, or guide you through your own custom implementation.
GoCardless has off-the-shelf payment pages which:
- are fully compliant with the scheme rules
- have been translated into English and Swedish (we automatically detect your customer's language and show them the payment page in their preferred language)
- can be customised with your business name and logo
Alternatively, if you want to design and host your own payment pages you can use the GoCardless Pro API to do so. Your Account Executive will support you during your implementation of the Autogiro compliance guidelines.