In order for customers to start making payments via ACH, they will need to complete a Consumer authorisation. This authorises the merchant to collect future payments from this customer.
Through ACH, you may offer customers the option to complete the authorisation online. For online Consumer authorisation setup, you must ensure that the pages for submitting this information are compliant as per the scheme rules. We call these payment pages.
GoCardless offers fully compliant payment pages for customers should you wish to use our own. If you are looking for a seamless branding experience, GoCardless Pro enables you to build customisable payment pages and we’ll work with you each step of the way to ensure that all compliance requirements are met.
The following 4 steps will guide you to build perfect payment pages with GoCardless Pro:
- Host your payment pages with HTTPS
- Collect the customer’s details - information entry page including:
- Name of the account holder
- Email address
- Payer's address
- Bank account number
- Routing number
- Account type
- Make sure the details are correct - summary and confirmation page
- Confirm that the Direct Debit Request has been set up - setup success page
Each section is split into ACH required features and GoCardless recommended features for the best customer experience.
Host your payment pages with HTTPS
Required feature
Configure your website to only accept secure (SSL - minimum of SHA-256 SSL support TLS1.1 or TLS1.2) connections to ensure customer details are transmitted securely.
Collect the customer’s details - information entry page
This is the page where you can capture customer information in order to correctly setup the Consumer authorisation.
Required features
- Heading: Make the page identifiable to customers
- ‘Consumer authorisation’
- Consumer’s details: Include entry points for the account holder’s name, email address, billing address, bank account number and routing number.
- Remember to explicitly ask for ‘Account type’ when you collect the account number and routing number.
- The payer's IP address must be captured automatically.
- To comply with data protection law, you must let your customers know about third party data controllers that power your website. You can do this by displaying the text below in your page footer:
Payments by GoCardless. Read the GoCardless privacy notice.
Without that upfront notice, we could both be violating the law. (Read more here)
If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be as follows:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
If you are a GoCardless partner, you must include the ‘Payments by’ notice above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.
Recommended features
- Creditor details: Show creditor contact details, such as address, email and phone number so your customers know exactly how they can get in touch.
- If you are a partner integrating with GoCardless, you can find further information on how to retrieve creditor details here.
Make sure the details are correct - summary and confirmation page
Allow your customers to view and verify the details that they have entered before submission.
Required features
- Heading: Make the page identifiable to customers
- ‘Consumer authorisation’
- Consumer information: Account holder name and number, routing number and bank name (retrieved by GoCardless’ bank details lookup endpoint)
- Wording around notifications
- One-off payment; ‘Details of specific payments will be provided via email, 2 days prior to any payment being taken’
- Subscription; ‘Details of any changes to this subscription will be provided via email, 2 days prior to any further payments being taken’
- PDF links: PDF versions of the Consumer authorisation
- ‘View ACH Debit Authorisation’
- This is a summary of the key information submitted by the payer
- Details of the endpoint for this can be found here
- Creditor information: Direct Debit User ID number and the name that will appear on your customer’s bank statements.
- Standard users will use the GoCardless Company ID and see ‘GOCARDLESS’ on bank statements along with a payment reference.
- Plus and Pro users should show their Company ID and chosen name on bank statement.
- Details of how the consumer can revoke authorisation
- Wording can vary, but e.g. ‘This authorisation can be revoked directly with your bank or by contacting our support team at help@merchant.com. Please allow up to X days for this authorisation to be cancelled.’
Confirm that the Direct Debit Request has been set up - Setup success page
Recommended features
- Bank statements: Advise your customers of what name they will see on their bank statement
- Standard users will see ‘GOCARDLESS’
- Plus and Pro users should show their chosen name
This table summarises the information that is either required or recommended to include in your payment pages as a GoCardless merchant or partner.
| Information entry page | Summary & confirmation page | |
|---|---|---|
| Name of account holder | Captured | Displayed |
| Email address | Captured | - |
| Payer's address | Captured | - |
| Bank account number | Captured | Displayed |
| Routing number | Captured | Displayed |
| Account type (Checking or savings) | Captured | Displayed |
| Payer IP address | Captured | - |
| Wording around notifications | - |
Displayed |
| Link to Mandate PDF | - |
Displayed |
| Details of how the payer can revoke authorisation | - |
Displayed |