The following is a guide to building Custom Payment Pages for merchants using GoCardless Pro or GoCardless Custom. See our Pricing page for more details.
Before designing and hosting VRP Custom Payment Pages, it’s important to be aware that there are strict compliance requirements for the content and formatting of these pages.
Sometimes there will be different requirements depending on whether the Custom Payment Pages are for mandate set-up only (i.e. you are asking payers to authorise the VRP payment agreement today, but plan to take payment in the future), or whether the Custom Payment Pages are for mandate set-up and upfront payment (i.e. you are asking payers to authorise the VRP payment agreement and also need to take an upfront payment).
We have highlighted these differences throughout this guide, so please pay careful attention.
We’ll work with you to build compliant Custom Payment Pages, and these have to receive a final sign-off once they’re ready (see below for the approval process). After your Custom Payment Pages have been signed off, they must not be changed without GoCardless’ approval, and we would like to remind you of your contractual obligations to:
-
comply with GoCardless’ directions, instructions, and guidance;
-
ensure that no elements of the Custom Payment Pages could put GoCardless in breach of relevant law and regulation; and
-
remove or amend any part of the Custom Payment Pages immediately if notified to do so
Approval process
Once you've completed the design and build of your Custom Payment Pages, you need to submit templates to GoCardless for approval prior to your go-live date.
We will provide you with feedback on any required changes (if necessary).
Once you have written approval from GoCardless, we will enable a feature on your GoCardless account that allows you to create VRP mandates directly via the API.
Alongside the design and subsequent approval of your payment pages, the client sign-up and creation flow will also need to be implemented. This involves integrating with the GoCardless API.
You can follow the steps below to build and test your integration in our sandbox (testing) environment:
-
Create a sandbox account here.
-
Once you’ve set up your sandbox account, please reach out to our Support team to let us know that you have set up the account and would like to test VRP Custom Payment Pages, along with the email address you set it up with (this allows us to locate your sandbox account and enable the VRP CPP for you).
-
Create an access token with read-write access.
-
Use the access token to link your sandbox account with your internal system.
-
Test the customer creation process, as outlined in the developer documentation here.
Once you have fully tested your integration with our API and your Custom Payment Pages have been approved, the final step is to launch what you’ve built so that customers can begin signing up through your newly built process.
To move your integration from the testing to a live environment, simply rotate your access token from your sandbox to your production GoCardless account.
Quick guide
To create fully compliant Custom Payment Pages, there are a number of requirements you must meet. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
| Step | Quick reference |
|---|---|
|
1 |
You must provide your payers with the following consent parameters (i.e. payment rules):
|
|
2 |
You must provide one of the following options for payers to select their account:
|
|
3 |
You must seek the payer’s consent by:
|
|
4 |
You should provide messaging to inform payers how to complete the payment authorisation and let them know that they will be taken to their bank. |
|
5 |
You must provide confirmation and certain information to the payer when they have: (1) successfully set up a VRP agreement; and (2) authorised an upfront and subsequent payment(s) |
|
6 |
You must remind the payer that the payment is being powered by GoCardless and provide information about our regulatory status (including FCA registration number) |
|
7 |
If you have custom notifications enabled, you must send your payers the following emails:
|
1. Consent parameters
In order for your payer to provide their explicit consent to set up a VRP (see step 3 for further detail), they must firstly be presented with these mandatory consent parameters:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payee (i.e. your) name |
The payee to be credited with the payment must always be clearly stated. Whilst GC is the “initial payee”, you (the merchant) are the “ultimate payee”, and therefore you should include your legal name (and trading name if different to your legal name). |
Mandate set-up and upfront payment flow:
Recurring payment:
You'll be asked to authorise this payment agreement today so we can take an upfront payment, as well as payments in the future. The amount will be confirmed via email when you are charged.” |
|
Maximum amounts (per payment and time window) and currency |
The maximum amount to be taken per payment and per time window (day/week/fortnight/month/half year/year), along with the currency the payment will be taken in (this will be GBP for UK implementation), must be clearly stated. |
|
|
Expiry date |
If the payment consent will expire, a specific expiry date must be clearly stated. If the payment consent does not have an expiry date, this must still be highlighted (e.g. “Expiry date: None”). |
Mandate set-up and upfront payment flow: Recurring payment: |
2. Account selection
In order for your payer to select the payment account they wish to make the VRP from, they must be presented with one of the following options:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Enter account identification details |
If you opt for this option, payers must be allowed to enter either account number and sort code, or IBAN. |
"Your bank details Account holder name: Your sort code (must be 6 digits long): Your account number (must be 8 digits long): Or click here to enter an IBAN Continue" |
|
Select account identification details |
If you opt for this option, payers must be able to select their pre-populated account details which assumes they have been saved previously. |
"Select your bank details Continue" |
3. Consent & terms
In order for the payer to consent to the parameters set out above (step 1), you must present the following information:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
GoCardless trading name |
As a payment initiation service provider (PISP), the GoCardless trading/brand name must be displayed to the payer during the setup of their consent, explaining that GoCardless is your payment provider. |
“We need your consent to set up this payment |
|
Clearly explain what the payer is consenting to |
You must use clear language that the payer will be consenting to a payment on a recurring basis. |
|
|
Clearly explain how the payer can manage the VRP agreement |
You must inform payers that they can manage the payment agreement from their bank or by contacting you. |
|
|
Repeat consent parameters and payer account information, and any upfront amounts due |
You must re-display: |
Mandate set-up only flow:
|
|
Mandate set-up and upfront payment flow:
|
||
|
GoCardless’ Terms of Use & Privacy Notice component |
In order for the payer to enter into a legally binding agreement with GoCardless, you must enable the payer to view the applicable GoCardless terms on the consent screen. To do this, you must include our mandatory component on the consent screen. This component must be free of any obstructions, and as prominent as the rest of the text on the screen. |
Component: |
|
Confirmation / consent button |
You must provide payers with an opportunity to show that they actively consent to all of the above e.g. a confirmation / consent button. |
“Confirm and continue” |
4. Authorisation & redirection
Whilst there are no mandatory requirements governing this part, in order for payers to complete the flow, you should provide messaging to inform payers about the next steps (i.e. that they need to authorise the payment, and to do this will be redirected to their banks):
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Authorisation |
You should provide messaging to inform payers how to complete the payment authorisation. If you choose to provide a QR code, make it clear the payer will need to scan with their mobile phone to open their banking app. |
“Please authorise the payment |
|
Redirection |
You should provide messaging to inform payers that they will be taken to their bank to complete the payment. |
“We will securely transfer you to [name of bank] to authenticate.” |
5. Confirmation
After the payer has authorised the payment with their bank, you must provide messaging to inform the payer of the following:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Confirmation of successful VRP agreement |
After a VRP mandate has been set up with the payer’s bank, you must inform payers that they have successfully set up a VRP agreement. |
Mandate set-up only flow: |
|
Information related to payment (amount, currency, reference) |
After a VRP has been payment (upfront or subsequent) has been successfully initiated, you must provide the payer with these details about the payment:
|
Mandate set-up and upfront payment flow:
|
6. Footer
On all Custom Payment Pages, you must include a footer with the following information:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Regulatory status disclosure |
You must remind the payer that the payment is being securely powered by GoCardless and provide information about our regulatory status (company number, the fact we’re authorised by the FCA, our FCA registration number). |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. ” |
|
Privacy notice |
You must display GoCardless’ Privacy Notice. |
“GoCardless uses personal data as described in their Privacy Notice.” |
7. Emails
After the payer exits the flow, if you have custom notifications enabled, you must follow up with the following emails:
| Mandatory requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Confirmation of mandate set-up (every time a mandate is first set up) + mandate information, including PDF terms |
Immediately after a VRP mandate has been successfully set up with the payer’s bank (either via a mandate set-up only flow, or mandate-set up and upfront payment flow), you must inform the payer of this and provide them with all information related to the payment agreement - this means, the payment reference, and repeating the consent parameters agreed to by the payer. |
“Dear [payer],
Please review and save the attached Terms and Conditions which apply to your use of Instant Bank Pay and the payment agreement. |
|
Confirmation of payment (every time a payment is successfully initiated) + payment information |
Where you are doing a mandate set-up and upfront payment flow, and for every VRP successfully initiated after a mandate set up, you must inform the payer and provide them with these details about the payment:
|
“Dear [payer] |
|
Regulatory footer & privacy notice |
You must include a footer to let consumers know how GoCardless’ service is provided and how data is controlled |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. |