Deutsch English (AU) English (GB) English (NZ) English (US) Español Français

Did this answer your question?

Thank you, your ticket has been marked as resolved!

If you have any further questions, please reply via your recent email from us or alternatively submit a new request to our Support team here.

Dismiss

Sorry we couldn't solve your issue here! Your original request has been received and we'll get back to you as soon as possible.

Dismiss

Articles in this section

Chat with us

Can't find what
you're looking for?

GoBot can help you answer your
questions, but first we need to
know how you use GoCardless.

SEPA custom payment pages

The following is a guide to building custom payment pages for merchants using GoCardless Pro or GoCardless Custom, and for partners

 

What are payment pages?

The Single Euro Payments Area (SEPA) allows merchants to collect Euro-denominated payments from payers in the 34 SEPA countries and associated territories. Payers need to complete a mandate to authorise merchants to take payments from them via the SEPA Direct Debit scheme. 

With GoCardless Pro and GoCardless Custom, you may offer payers the option to complete the mandate online, on paper, or over the phone. Payers use payment pages to complete mandates online.

Merchants using GoCardless Pro or GoCardless Custom have the option to use GoCardless’ own payment pages, or to build their own custom payment pages. 

Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their customers (payers) a consistent branding experience. 

You may also build your own payment notifications to further customise your payers’ experience.

Custom payment pages will need to be approved by GoCardless before being implemented.

 

How to build custom payment pages

There are 5 steps to ensure compliance with the SEPA scheme rules and GoCardless processes: 

  1. HTTPS hosted payment pages
  2. Information entry page
  3. Summary and confirmation page
  4. Setup success page
  5. Submit payment pages to GoCardless for approval

The details for each are below, and there’s a summary table here.

If your payment pages will not be set up in English, you must use the official translation to European languages available on the European Payments Council website.

 

1. HTTPS hosted payment pages

To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.

 

2. Information entry page

This is the sign-up page for your product / services, and is used to capture the payer information necessary to set up a mandate.

There are 3 compulsory elements, and a fourth if you are collecting outside of EEA SEPA countries.

  1. Page heading that specifies the creditor name. For example ‘Set up a mandate with [merchant name]’. 
    • For partners - make a GET request to the creditors endpoint, and pull the [name] field to populate the merchant name
  2. Entry points to collect payer details
    • First and last name
    • Email address
    • IBAN, or relevant country specific bank account details
    • Address
  3. Page footer to let payers know about 3rd party data controllers that power your website. Text to read ‘Payments by GoCardless. Read the GoCardless privacy notice.’
  4. If you are collecting outside of EEA SEPA countries, you must also capture the BIC code of the payer’s bank. The 5 non-EEA SEPA countries are Switzerland, Monaco, Mayotte, St Pierre, and Miquelon.

Why is the page footer a requirement?

This upfront notice ensures compliance with data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here

What if I can’t include the footer?

If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/.

What if I’m a partner?

If you’re a partner, you must include the above ‘Payments by’ notice on your payment pages, or at a minimum, enable the merchant to provide a link to their privacy notice at the information entry page.

 

3. Summary and confirmation page

This page is to allow payers to view and verify their details before submitting them. 

There are 7 compulsory elements and 2 recommended elements.

Compulsory:

  1. Page heading that is identifiable to payers. Title it ‘SEPA Direct Debit Mandate’. 
  2. Date of mandate set up i.e., today’s date
  3. Transaction type i.e., recurring, or one-off payment
  4. Creditor information
    • Creditor name
    • Creditor ID. Pro or Custom merchants - your GoCardless contact will provide you with this.
    • Creditor address, including country
  5. Payer details as collected in the information entry page - payer name and bank account details
  6. Advance notice wording: “We will notify you at least 3 working days in advance of any changes to your payment date, frequency, or amount”
  7. Mandate consent wording:
    • “By signing this mandate form, you authorise (A) [Name] to send instructions to your bank to debit your account and (B) your bank to debit your account in accordance with the instruction from [Name]. As part of your rights, you are entitled to a refund from your bank under the terms and conditions of your agreement with your bank. A refund must be claimed within 8 weeks starting from the date on which your account was debited. Your rights are explained in a statement that you can obtain from your bank.”
    • For Pro and Custom merchants, populate the [Name] field with your creditor name
    • For partners, make a GET request to the creditors endpoint, and pull [scheme_identifiers: name] to populate the [Name] field

Recommended:

  1. Include an ‘edit’ button, allowing payers to amend any incorrect information.
  2. Once a payer has confirmed their details and hence authorised the mandate, it’s recommended to create a timestamp of the transaction, as well as store the payer’s IP address, or a log of the transaction.
    • In the event of any payer refunds, this can serve as evidence of the payer’s  authorisation of the mandate setup. It can therefore be used to dispute any payer refunds, ultimately preventing these funds from being deducted from you as the merchant.

What if I'm a partner?

Partners can make a GET request to the creditors endpoint to pull the creditor/merchant information cited in point 4.

Query the API to retrieve the following:

  • Creditor name - [name]
  • Creditor ID - [scheme_identifiers: reference]
  • Creditor address - [address_line1], [address_line2], [region], [postal_code], [country_code]

 

4. Setup success page

This page is to confirm that the mandate has been set up.

There are 2 recommended elements:

  1. Page heading that is identifiable to payers, i.e., message to confirm DD setup, such as “SEPA Direct Debit set up successfully”
  2. Reminder of what payers will see on their bank statements. Partners can make a GET request to the creditors endpoint and pull [scheme_identifiers: name] to populate this field. 

 

5. GoCardless approval of payment pages

Mock ups of your payment pages must be sent to GoCardless for approval prior to your go-live date. Once you have written approval from GoCardless, you may implement the payment pages. 

To test your payment pages, you can sign up here for a sandbox account.

What if I’m a partner?

When creating a new partner app and going through our technical certification process, you’ll be able to submit custom payment pages for approval through our partner portal.

 

Summary table

The below shows a summary of the relevant information at each stage of the payment pages.

All information is required unless specified otherwise.

 

Information entry page

Summary & confirmation page

Setup success page

Page heading that specifies the creditor name

Displayed

    

Page heading that is identifiable to payers

  

Displayed

Displayed

Recommended

First and last name

Captured

Displayed

  

Email address

Captured

    

IBAN, or relevant country specific bank details

Captured

Displayed

  

BIC code (only if collecting outside of EEA SEPA countries)

Captured

Displayed

  

Address

Captured

    

Page footer to let payers know about 3rd party data controllers that power your website

Displayed

    

Date of mandate set up

  

Displayed

  

Transaction type

  

Displayed

  

Advance notice wording

  

Displayed

  

Mandate consent wording

  

Displayed

  

Creditor name

  

Displayed

  

Creditor ID

  

Displayed

  

Creditor address, including country

  

Displayed

  

Edit button allowing payers to amend their details

  

Recommended

  

Name that will appear on payers’ bank statements

    

Displayed 

Recommended

Create a timestamp of the transaction and store the payer’s IP address, or a log of the transaction

  

Recommended