United States (ACH) payment page requirements
The following is a guide to building custom payment pages for merchants using GoCardless Advanced or GoCardless Pro, and for partners, using the add-on feature Custom checkout experience and payer notifications. See our Pricing page for more details.
Payers in the US need to complete an ACH Debit Authorization to authorize merchants to take payments from them via ACH. Merchants can use payment pages for payers to set up their authorizations online.
Merchants using GoCardless Advanced or GoCardless Pro have the option to use GoCardless’ own payment pages, or to build their own custom payment pages. .
Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their payers a consistent branding experience.
Please note: Before building custom payment pages, you should be aware that there are compliance requirements for the content and formatting of these pages. Once ready, custom payment pages have to receive a sign off by GoCardless, and you could be asked to remove or amend any part of the signed off pages at any time if notified to do so.
Please note: For HTTPS hosted payment pages, to ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.
Authorization types
GoCardless allows you to build custom payment pages to suit your business model and needs. The type of ACH Debit Authorization you choose to set up will impact the requirements of your payment pages. We call the different types of ACH Debit Authorization “authorization types”.
-
Open ACH Debit Authorization
-
One-off ACH Debit Authorization
-
Recurring ACH Debit Authorization
-
Standing ACH Debit Authorization
We strongly recommend that, within the same Billing Request, you combine your:
-
One-off and Standing ACH Debit Authorizations with a payment request
-
Recurring ACH Debit Authorization with a subscription or instalment schedule request
However, if you want to set up an Open ACH Debit Authorization, or set up your payments at a later date, it is your responsibility to make sure your payer is aware of the amount, and number and/or frequency of any debits (i.e. those outlined in step 2 of this guide) in advance of the payment, as required by NACHA for ACH authorizations, so they know what payments to expect before their account is debited.
You can find more information about the different authorization (consent) types, payment types, and combinations of the two here.
Approval process
Once you've completed the design and build of your custom payment pages, you need to submit templates to GoCardless for approval prior to your go-live date. We will provide you with feedback on any required changes (if necessary). Only once you have written approval from GoCardless, may you implement the payment pages. More information can be found below and here.
Merchants:
You must submit your payment pages to GoCardless through our Support Center.
To test your payment pages, you can sign up here for a sandbox account. You should create an API access token with read-write access, and use the access token to interact with the GoCardless API. Test the mandate creation process, as outlined in the developer documentation here. If using a Recurring, One-off or Standing Authorization refer to this page also.
To move your integration from sandbox to a live environment, change your access token from your sandbox to your production GoCardless account.
Partners:
When creating a new partner app and going through our technical certification process, you must submit your payment pages to GoCardless for approval through our Partner Portal.
Quick guide
To create fully compliant Custom Payment Pages, there are a number of requirements you must meet. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
| Step | Quick reference |
|
1 |
Information entry: You must capture the payer’s full name, email address, billing address, account holder name, account number, routing number and account type. |
|
2 |
Authorization details: You should present to your payer a description of what they are going to be making payment(s) for and what authorization type you are asking for to make those payment(s). Depending on the authorization type, you must present the key payment details, including start date, amount, number and frequency of payments, and a description of any affirmative action they must take.
|
|
3 |
Summary & consent: You must explain what the payer is being asked to consent to and how they can revoke that consent, include a consent button, and capture the payer’s IP address. |
|
4 |
Success: You should let your payer know that they have successfully set up an ACH Debit Authorization, include the key payment details, and remind them what they will see on their bank statements. |
|
5 |
Footer: You must remind the payer how their payment is being processed and provide information about GoCardless’ regulatory status and privacy notice. |
1. Information entry
This page should be used to capture your payer’s personal and billing information, which is necessary to set up their ACH Debit Authorization.
| Requirement | Explanation | Recommendation |
| Page heading |
You should include a page heading that is identifiable to your payers, i.e. it tells them that they are being asked to set up an ACH Debit Authorization with you. If you are submitting an authorization type, you should include this in the heading. |
Open: “Set up an ACH Debit Authorization with [merchant name]” One-off: “Set up a one-time ACH Debit Authorization with [merchant name]” Recurring: “Set up a recurring ACH Debit Authorization with [merchant name]” Standing: “Set up a standing ACH Debit Authorization with [merchant name]” |
| Mandatory personal details |
You must collect the following personal details from your payer:
|
“Your personal details Name ____ |
| Mandatory billing details |
You must collect the following billing / bank account details from your payer:
|
“Your bank details Account holder name ___ |
2. Authorization details
Before your payer provides their explicit consent to the ACH Debit Authorization, present them with the relevant details about the payments you will take against it.
| Requirement | Explanation | Recommendation |
|
Payment description |
You should include a description, which makes clear what the payer is going to be making payments for |
E.g. “Cat food” |
|
Authorization type |
If you are setting up a One-off, Recurring, or Standing ACH Debit Authorization, you should include a description of that authorization type to help your payer understand what they are being asked to consent to. This can be done via direct display of the information, tooltips, or links to the details. |
One-off: “A one-time payment will be debited from your account.” Recurring: “A recurring payment will be debited from your account at regular intervals without any additional action needed from you.” Standing: “Future payments will only be debited from your account following your pre-approval. You will be informed about how you can approve these transactions, which may include a phone call, online confirmation, or a text message.”
|
|
Date of authorization |
You must present the date of the ACH Debit Authorization - this is when your payer’s authorization will become effective, on or after which their account will be debited. |
|
|
Amount of payments |
If you are combining your One-off, Recurring, or Standing ACH Debit Authorization with a payment, subscription or instalment schedule request, you must display the amount of the payment(s) to be debited from your payer’s account. If you are setting up an Open ACH Debit Authorization, or setting up a payment, subscription or instalment schedule at a later date, it is your responsibility to ensure your payer is made aware of, and that you keep a record of, the amount(s) of any debits, so they know what payments to expect. If you don’t provide this information via your custom payment pages, you must ensure it is provided elsewhere in your customer journey. |
Open (or payments being set up at a later date): “Your ACH Debit Authorization will be set up in accordance with the amount and timings agreed with [merchant].” One-off: “One time payment: $10.00” Recurring (subscription): “Recurring payment: $200.00, billed monthly on the 1st until revocation or termination of the ACH Debit Authorization” Recurring (instalment schedule): “12 payments billed as follows: $200.00 on 1 November 2024, $120.00 on 1 December 2024…” Standing: “One time payment of $50.00, after which your debit amounts will differ. When [merchant] wants to charge you in the future, you’ll be asked for your approval first by [method].”
|
| Number and frequency of payments |
If you are combining your One-off, Recurring, or Standing ACH Debit Authorization with a payment, subscription or instalment schedule request, you must display the number and frequency of payment(s) to be debited from your payer’s account. If you are setting up an Open ACH Debit Authorization, or setting up a payment, subscription or instalment schedule at a later date, it is your responsibility to ensure your payer is made aware of, and that you keep a record of, the timings of any debits, so they know when to expect these payments. If you don’t provide this information via your custom payment pages, you must ensure it is provided elsewhere in your customer journey. For a One-off ACH Debit Authorization, the number and frequency will always be one. For a Recurring ACH Debit Authorization the number of debits can either be a set amount (for example ‘twelve (12)’), or until the end of the ACH Debit Authorization (for example ‘Until revocation or termination of the ACH Debit Authorization’), and the frequency will be in accordance with your regular timings (for example ‘monthly’). For a Standing ACH Debit Authorization the number of debits can be until the end of the ACH Debit Authorization, and for frequency you can refer to the fact that payments will be taken as often as the payer initiates them (for example ‘Frequency to be determined by your future actions’ or ‘As initiated by you’). |
|
|
Affirmative action |
In the case of a Standing ACH Debit Authorization (not relevant for One-Off or Recurring ACH Debit Authorizations), payments can only be initiated by your payer through their “affirmative action”. This means you must let your payer know what action they should take in the future to initiate the payment. For example, the payer might need to initiate payments via their online account, or the payer might need to phone you. |
3. Summary and consent
In order for your payer to consent to the ACH Debit Authorization, this page ensures that they are clear on what they’re consenting to and how they can revoke that consent.
| Requirement | Explanation | Recommendation |
|
Clear explanation |
You must clearly explain to your payer exactly what they are being asked to consent to. This reduces the risk of your payer, at a later date, saying that they did not authorize the debit to their account. |
“[Merchant] needs your consent to set up this [insert authorization type, if applicable] ACH Debit Authorization. Please check the details below are correct. Details of your payments will be provided via email notification.”
|
|
Revocation instructions |
You must provide details of how the payer can revoke the ACH Debit Authorization, including the time and manner in which this revocation must be communicated to you (e.g. how many reasonable days’ notice you require) |
“You can revoke your [insert authorization type, if applicable] ACH Debit Authorization by emailing [merchant name] at [merchant email address]. Please allow up to [reasonable number, as per your practices] days for this authorization to be cancelled. Please note that any scheduled debits due during this time may still be honored.” |
|
Redisplay key details |
If your payment pages are split over multiple screens, you should redisplay certain payer personal and billing information and ACH Debit Authorization details just before you collect the payer’s consent:
|
Open (or payments being set up at a later date): “Confirm your details One-off: “Confirm your details Recurring: “Confirm your details Standing: “Confirm your details |
|
Clear consent |
You must provide the payer with an opportunity to show that they actively consent to all of the above. |
“By continuing, you consent to the terms of your ACH Debit Authorization and your name being used in print as an electronic representation of this consent.” + “Continue” or “Consent” button.
|
|
Capture IP address |
You must capture the payer’s IP address. This serves as evidence of the payer’s consent to the ACH Debit Authorization setup and is used by GoCardless for Financial Crime and Fraud controls |
|
4. Set up success
After the payer has provided their consent, you can provide messaging to let them know the set up was successful
| Requirement | Explanation | Recommendation |
|
Confirmation of success |
After your payer has provided their consent, you should use this page to confirm to them that the ACH Debit Authorization has been successfully set up. If you are combining your One-off, Recurring, or Standing ACH Debit Authorization with a payment, subscription or instalment schedule request, you should include any relevant payment details here. |
“Good news, [payer name]. You’ve successfully authorized a [insert authorization type, if applicable] ACH Debit Authorization. [Insert any relevant payment details]”
|
|
Reminder of what the payer will see on their bank statements |
You should take this opportunity to remind your payer what they will see on their bank statements to avoid any confusion when you take a payment. |
“Payment(s) will be debited from your bank account ***3256, and will appear on your bank statement as: [insert reference number].” |
5. Footer
On all Custom Payment Pages , you must include a page footer with certain information about GoCardless.
| Requirement | Explanation | Recommendation |
|
Regulatory status disclosure |
You must remind your payer about how their payment is being processed and provide information about GoCardless’ regulatory status.
|
“Payments securely processed by GoCardless. GoCardless Inc.’s payment service is provided by (i) a program sponsored by Community Federal Savings Bank (“CFSB”), or (ii) GoCardless Inc., a FinCEN registered money services business, registration number 31000261158426. Where your payment is processed by GoCardless Inc., it serves as agent to receive payment on our behalf and your payment to GoCardless Inc. constitutes payment to us.” |
|
Privacy notice |
You must display our Privacy Notices. |
“GoCardless and CFSB use personal data as described in these Privacy Notices.” |
Record keeping
When using Custom Payment Pages, you must keep certain records. We’ve set these records and retention periods out below.
| Record | Retention period |
|
If you are setting up an Open ACH Debit Authorization, or setting up a One-off, Recurring or Standing ACH Debit Authorization, but setting up payment, subscription or instalment schedule at a later date, you must keep a record of how you made your payer aware of and got their consent to those payment terms (i.e. step 2 of this guide). |
For 2 years following the termination or revocation of the ACH Debit Authorization. |
|
If you are setting up a Standing Authorization, you must keep a record of your payer’s affirmative action to each payment taken against that authorization type. |
2 years following the settlement date of the entry (i.e. successful debit under the standing ACH Debit Authorization). |
|
You must keep a system log tracking your payer’s activity as they pass through your custom payment pages for setting up their ACH Debit Authorization. |
For 2 years following the termination or revocation of the ACH Debit Authorization. |
|
You must collect and keep a record of your payer’s IP address used when setting up their ACH Debit Authorization. |
For 2 years following the termination or revocation of the ACH Debit Authorization. |
Summary table
The below shows a summary of the relevant information that you should capture or display at each stage of your payment pages.
| INFORMATION ENTRY | AUTHORIZATION DETAILS | SUMMARY & CONSENT | SET UP SUCCESS | |
|
Page heading |
Displayed (recommended) |
|
|
|
|
Payer full name |
Captured (mandatory) |
Displayed (recommended) |
|
|
|
Payer email address |
Captured (mandatory) |
|||
|
Payer billing address |
Captured (mandatory) |
|||
|
Account holder name |
Captured (mandatory) |
Displayed (recommended) |
|
|
|
Account number |
Captured (mandatory) |
Displayed (recommended) |
|
|
|
Routing number |
Captured (mandatory) |
|||
|
Account type |
Captured (mandatory) |
|||
|
Payment description |
|
Displayed (recommended) |
Displayed (recommended) |
|
|
Authorization type description |
|
Displayed (recommended) |
Displayed (recommended) |
|
|
Date of authorization |
Displayed (mandatory) |
|
||
|
Amount of payments |
Displayed (mandatory depending on authorization type - see above) |
Displayed (mandatory depending on authorization type - see above) |
Displayed (mandatory depending on authorization type - see above) |
|
|
Number and frequency of payments |
Displayed (mandatory depending on authorization type - see above) |
Displayed (mandatory depending on authorization type - see above) |
Displayed (mandatory depending on authorization type - see above) |
|
|
Description of affirmative action |
Displayed (mandatory depending on authorization type - see above) |
|
||
|
Explanation of what consent is required for |
Displayed (mandatory) |
|
||
|
Revocation instructions |
|
Displayed (mandatory) |
||
|
Clear consent + button |
Displayed (mandatory) |
|||
|
IP address |
Captured (mandatory) |
|||
|
Confirmation of successful set up |
|
Displayed (recommended) |
||
|
Bank statements reminder |
|
Displayed (recommended) |
||
|
Regulatory status disclosure |
Displayed (mandatory) |
Displayed (mandatory) |
Displayed (mandatory) |
Displayed (mandatory) |
|
Privacy notice |
Displayed (mandatory) |
Displayed (mandatory) |
Displayed (mandatory) |
Displayed (mandatory) |