Variable Recurring Payments (VRP) payment page requirements (UK)
Please note: Please note: The Instant Bank Pay feature (including Variable Recurring Payments) is currently available for all merchants based in UK, US, Canada, EEA, Australia, and New Zealand who are collecting GBP payments from customers in the UK.
Please register your interest here if you'd like to be notified when Instant Bank Pay is available in your region.
The following is a guide to building Custom Payment Pages for merchants using GoCardless Advanced or GoCardless Pro and for partners, using the add-on feature Custom Checkout Experience. See our Pricing page for more details.
In order to take VRP payments from your customers, they need to provide their explicit consent to do so, this includes consenting to the amount and payee (you as the merchant) and agreeing to the GoCardless payer terms. They can use your payment pages to set up their payment agreement and provide consent to this online.
Getting Started with Custom Payment Pages
Before designing and hosting VRP Custom Payment Pages, it’s important to be aware that there are strict compliance requirements for the content and formatting of these pages.
Sometimes there will be different requirements depending on whether the Custom Payment Pages are for mandate set-up only (i.e. you are asking payers to authorise the VRP agreement today, but plan to take payment in the future), or whether the Custom Payment Pages are for mandate set-up and upfront payment (i.e. you are asking payers to authorise the VRP agreement and also need to take an upfront payment within that VRP agreement). We have highlighted these differences throughout this guide, so please pay careful attention.
We’ll work with you to build compliant Custom Payment Pages, and these have to receive a final sign off once they’re ready (see below for the approval process).
After your Custom Payment Pages have been signed off, they must not be changed without GoCardless’ approval, and we would like to remind you of your contractual obligations to:
- comply with GoCardless’ directions, instructions and guidance;
- ensure that no elements of the Custom Payment Pages could put GoCardless in breach of relevant law and regulation; and
- remove or amend any part of the Custom Payment Pages immediately if notified to do so.
Approval process for Custom Payment Pages
- Submit Templates: After completing the design and build of your Custom Payment Pages, submit the templates to GoCardless for approval before your go-live date.
-
Receive Feedback: GoCardless will provide feedback on any required changes (if necessary).
-
Obtain Approval: Once you receive written approval from GoCardless, a feature will be enabled on your account to create VRP mandates directly via the API.
- Implement Client Sign-Up Flow: Alongside the approval of your payment pages, integrate the client sign-up and creation flow with the GoCardless API.
-
Create a Sandbox Account: Set up a sandbox account here and email GoCardless at help@gocardless.com to inform them you have set up your sandbox account and want to test VRP Custom Payment Pages, including the email address you used for setup.
-
Create Access Token: Generate a read-write access token.
-
Link Your Account: Use the access token to connect your sandbox account with your internal system or application.
-
Test Integration: Test the customer creation process as outlined in the developer documentation.
-
Launch Integration: Once fully tested and your Custom Payment Pages are approved, launch your integration so customers can start signing up.
-
Move to Production: To transition from testing to a live environment, rotate your access token from the sandbox to your production GoCardless account.
Quick guide
To create fully compliant Custom Payment Pages, there are a number of requirements you must meet. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
| Step | Quick reference |
|---|---|
|
1 |
You must capture the payer’s first name, last name, and email address. If you have already collected these prior to the checkout flow, you do not need to request them again with the payer, but should pass them to GoCardless. |
|
2 |
You must provide a list of available banks for payers to select (and be redirected to) |
|
3 |
You must provide your payers with the following consent parameters (i.e. payment rules):
|
|
4 |
You must seek the payer’s consent by:
|
|
5 |
You should provide messaging to inform payers how to complete the payment authentication and let them know that they will be taken to their bank. |
|
6 |
You must provide confirmation and certain information to the payer when they have: (1) successfully set up a VRP agreement; and (2) where relevant, successfully authenticated an upfront payment with their bank. |
|
7 |
You must remind the payer that the payment is being powered by GoCardless and provide information about our regulatory status (including FCA registration number and privacy notice) |
1. Information entry
This is the sign-up page for your product / services, and is used to capture the necessary payer information. You must include the following:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payer’s personal details |
You must be able to provide the payer’s first (given) name, last (family) name, and email address to GoCardless (if you have already captured this information prior to the checkout flow, you don’t need to re-capture it from the payer here, but should pass to GoCardless). |
HEADING: “Your personal details” |
2. Account selection
In order for your payer to authenticate the one-off payment later in the journey, they must be presented with the option to select their bank:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Display available banks |
Payers must be allowed to select the bank they wish to make the one-off payment from. You must provide a list of available / supported banks. You can use this endpoint to retrieve the list. |
HEADING: “Choose your bank” |
3. Parameters
In order for your payer to provide their explicit consent to set up a VRP, they must be presented with these consent parameters:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payee (i.e. your) name |
The payee to be credited with the payment must always be clearly stated. Whilst GoCardless is the “initial payee”, you (the merchant) are the “ultimate payee”, and therefore you should include your legal name (and trading name if different to your legal name). |
Mandate set-up only flow: HEADING: “Set up your payment to [your legal / trading name]” TEXT: “Payment Agreement Description: ___ You'll be asked to authorise this payment agreement today so we can take payment in the future.”
Mandate set-up and upfront payment flow: HEADING: “Set up your payment to [your legal / trading name]” TEXT: “Payment Agreement Due today: Recurring payment: You'll be asked to authorise this payment agreement today so we can take an upfront payment, as well as payments in the future.”
|
|
Payment description |
You must include a description, which makes clear what the payer is making the variable recurring payments for. |
|
|
Maximum amounts (per payment and time window) and currency |
The maximum amount to be taken per payment and per time window (day/week/fortnight/month/half year/year), along with the currency the payment will be taken in (this will be GBP for UK implementation), must be clearly stated. |
|
|
Expiry date |
If the payment consent will expire, a specific expiry date must be clearly stated. If the payment consent does not have an expiry date, this must still be highlighted (e.g. “Expiry date: ongoing”). |
4. Consent & terms
In order for the payer to consent to the parameters (and in some cases upfront payment) set out above, you must present the following information:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
GoCardless name |
As a payment initiation service provider (PISP), the GoCardless trading/brand name must be displayed to the payer during the setup of their consent, explaining that GoCardless is your payment provider. |
Mandate set-up only flow: HEADING: “Permission to set up a payment” TEXT: “Our payment provider, GoCardless, needs your consent to set up a recurring payment from your [name of bank] account. You can manage this payment agreement from your online banking, or by contacting [merchant name] at any time.” |
|
Clearly explain what the payer is consenting to |
You must use clear language which requests the payer’s consent to a payment on a recurring basis. |
|
|
Clearly explain how the payer can manage the VRP agreement |
You must inform payers that they can manage the payment agreement from their bank or by contacting you. |
Mandate set-up and upfront payment flow: HEADING: “Permission to set up a payment” TEXT: “Our payment provider, GoCardless, needs your consent to trigger an upfront payment, and set up a recurring payment from your [name of bank] account. You can manage this payment agreement from your online banking, or by contacting [merchant name] at any time.”
|
|
Repeat consent parameters and payer account information, and any upfront amounts due
|
If you have used multiple screens, you must re-display:
Remember that if you’re setting up a mandate and taking an upfront payment, you’ll need to show the payer what is due today.
|
Mandate set-up only flow: TEXT: “Description: ___ |
|
Mandate set-up and upfront payment flow: TEXT: “Due today: Recurring payment: |
||
|
GoCardless’ Terms of Use |
In order for the payer to enter into a legally binding agreement with GoCardless, you must enable the payer to view the applicable GoCardless payer terms on the consent screen. To do this, you must include our mandatory component on the consent screen. This component must be free of any obstructions, and as prominent as the rest of the text on the screen. These terms must appear prior to the confirmation / consent button below. |
Mandate set-up only flow: Mandate set-up and upfront payment flow:
|
|
Confirmation / consent button |
You must provide payers with an opportunity to show that they actively consent to all of the above |
“Confirm and continue” or “I consent” or “I allow” or “I agree” |
5. Authentication & redirection
Whilst there are no mandatory requirements governing this part, in order for payers to complete the flow, you should provide messaging to inform payers about the next steps (i.e. that they will be redirected to their bank for authentication of the payment):
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Authentication |
You should provide messaging to inform payers how to complete the payment authentication, which takes place at their bank . If you choose to provide a QR code, make it clear the payer will need to scan with their mobile phone to open their banking app. This priming is key for setting payers up for success, especially those who may not have made payments via open banking prior and are not expecting to authorise in their bank app. In addition to telling payers they’ll be taken to their bank, you can let them know what this means (e.g. there’s no need to enter card details, which will save them time and effort). |
HEADING: “Please authenticate the payment” TEXT: “Scan the QR code with your phone camera to quickly complete the payment using your banking app. Don’t have an app installed? Continue on desktop.” or “We use bank authentication through your bank app to make this Instant Bank Payment. You’ll automatically be taken to your bank app to authenticate your payment.” |
|
Redirection |
You should provide messaging to inform payers that they will be taken to their bank to complete the payment. |
TEXT: “We are securely transferring you to [name of bank] to authenticate.” |
6. Confirmation
After the payer has authorised the payment with their bank, you must provide messaging to inform the payer of the following:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Confirmation of successful VRP agreement set up |
After a VRP mandate has been set up with the payer’s bank, you must inform payers that they have successfully set up a VRP agreement. You must also let payers know that GoCardless will save their payment details in order to process future refunds. |
Mandate set-up only flow: HEADING: “You’ve successfully set up your payment agreement.” TEXT: To: [Payee i.e. your legal / trading name] Maximum amount per [time window]: ___ Our payment provider, GoCardless will save your payment details and can use these to process future refunds. You can safely close this window.” |
|
Information related to any upfront payment (amount, currency, reference) |
After an upfront payment has been successfully initiated, you must provide the payer with details about the payment:
|
Mandate set-up and upfront payment flow: HEADING: “You’ve successfully set up your payment agreement and your payment has successfully been submitted to your bank” TEXT: “Upfront payment information To: [Payee i.e. your legal / trading name] Agreement information To: [Payee i.e. your legal / trading name] Payments to UK banks are normally instant, but may take up to 24 hours or longer in some cases. Our payment provider, GoCardless will save your payment details and can use these to process future refunds. You can safely close this window.” |
7. Footer
On all VRP Custom Payment Pages, you must include a footer with the following information:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Regulatory status disclosure |
In addition to including our mandatory component on the consent screen, you must remind the payer that the payment is being securely powered by GoCardless and provide information about our regulatory status (company number, the fact we’re authorised by the FCA, our FCA registration number). |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.” |
|
Privacy notice |
You must display GoCardless’ Privacy Notice. |
"GoCardless uses personal data as described in their Privacy Notice." |
Summary of required information
|
INFORMATION ENTRY |
ACCOUNT SELECTION |
PARAMETERS |
CONSENT & TERMS |
AUTHENTICATION & REDIRECTION |
CONFIRMATION | |
|
Payer’s first name |
Captured | |||||
|
Payer’s last name |
Captured | |||||
|
Payer’s email address |
Captured | |||||
|
Payer’s bank |
Captured | Captured | ||||
|
Your legal name (and trading name if different to your legal name) |
Displayed | Displayed | Displayed (Optional) | |||
|
Payment description |
Displayed (Optional) | Displayed | Displayed | |||
|
Maximum amount per time window and currency |
Displayed | Displayed | Displayed | |||
|
Maximum amount per payment and currency |
Displayed | Displayed | Displayed | |||
|
Expiry date |
Displayed | Displayed | Displayed | |||
|
GoCardless' name |
Displayed | |||||
|
Clear consent language |
Displayed | |||||
|
Instructions on how to manage payment agreement |
Displayed | |||||
|
GoCardless’ Terms of Use |
Displayed | |||||
|
Consent button |
Displayed | |||||
|
Authorisation instructions |
Displayed | |||||
|
Redirection messaging |
Displayed | |||||
|
Confirmation of success |
Displayed | |||||
|
Information about saving payment details |
Displayed | |||||
|
Regulatory status disclosure |
Displayed | Displayed | Displayed | Displayed | Displayed | |
|
Privacy notice |
Displayed | Displayed | Displayed | Displayed | Displayed |