The following is a guide to building custom payment pages for customers on GoCardless Advanced or GoCardless Pro and for partners, using the add-on feature Custom checkout experience and payer notifications.
The Single Euro Payments Area (SEPA) allows merchants to collect Euro-denominated payments from payers in the 34 SEPA countries and associated territories. Payers need to complete a mandate to authorise merchants to take payments from them via the SEPA Direct Debit scheme.
Customers using GoCardless Advanced or GoCardless Pro have the option to use GoCardless’ own payment pages, or to build their own custom payment pages by using our Custom checkout experience and payer notifications add-on feature. Please note there is an additional “add-on” monthly fee called Custom checkout experience and payer notifications.
Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their customers (payers) a consistent branding experience.
Please note: Custom payment pages will need to be approved by GoCardless before being implemented.
How to build custom payment pages
There are 5 steps to ensure compliance with the SEPA scheme rules and GoCardless processes.
-
Compulsory Requirements
-
Recommended features
-
Additional steps for Partners
-
Summary table
The steps outlined below are a requirement of the SEPA scheme in order for your custom payment pages to be compliant. The recommended features are in addition to the compulsory requirements and we strongly recommend using these.
Please note: If your payment pages will not be set up in English, you must use the official translation to European languages available on the European Payments Council website .
Compulsory requirements
Listed below are the compulsory steps to follow for building your custom payment pages.
1. HTTPS hosted payment pages
To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.
2. Information entry page
This is the sign-up page for your product / services, and is used to capture the payer information necessary to set up a mandate.
There are 3 compulsory elements, and a fourth if you are collecting outside of EEA SEPA countries.
|
Page heading that specifies the creditor name |
For example ‘Set up a mandate with [merchant name]’. |
|
Entry points to collect payer details |
|
|
Page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website. |
Text to read ‘Payments securely processed by GoCardless. GoCardless SAS (company registration number 834 422 180, R.C.S. PARIS) is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services. |
The footer is a requirement, as this upfront notice ensures compliance with regulatory requirements and data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here.
If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your payments, personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
3. Summary and confirmation page
This page enables payers to view and verify their details before submitting them.
There are 7 compulsory elements:
-
Page heading that is identifiable to payers. Title it ‘SEPA Direct Debit Mandate’.
-
Date of mandate set up i.e., today’s date
-
Transaction type i.e., recurring, or one-off payment
-
Creditor information - This includes the creditor name, creditor ID (Your GoCardless contact will provide you with this) and the creditor address, including country
-
Payer details as collected in the information entry page - payer name and bank account details
-
Advance notice wording: “We will notify you at least 3 working days in advance of any changes to your payment date, frequency, or amount”
-
Mandate consent wording:
“By signing this mandate form, you authorise (A) [Name] to send instructions to your bank to debit your account and (B) your bank to debit your account in accordance with the instruction from [Name]. As part of your rights, you are entitled to a refund from your bank under the terms and conditions of your agreement with your bank. A refund must be claimed within 8 weeks starting from the date on which your account was debited. Your rights are explained in a statement that you can obtain from your bank.”
For customers using the add-on “ Your business name on customers’ bank statement” populate the [Name] field with your creditor name.
4. Setup success page
This page is to confirm that the mandate has been set up.
There are 2 recommended elements:
-
Page heading that is identifiable to payers, i.e., message to confirm DD setup, such as “SEPA Direct Debit set up successfully”
-
Reminder of what payers will see on their bank statements.
5. GoCardless approval of payment pages
Example templates of your payment pages must be sent to GoCardless for approval prior to your go-live date. Once you have written approval from GoCardless, you may implement the payment pages.
To test your payment pages, you can sign up here for a sandbox account.
Recommended features
Listed below are recommended features for your custom payment pages. These are recommended additions to the steps outlined in the Compulsory Requirements section.
Summary and confirmation page
-
Include an ‘edit’ button, allowing payers to amend any incorrect information.
-
Once a payer has confirmed their details and hence authorised the mandate, it’s recommended to create a timestamp of the transaction, as well as store the payer’s IP address, or a log of the transaction.
-
In the event of any payer refunds, this can serve as evidence of the payer’s authorisation of the mandate setup. It can therefore be used to dispute any payer refunds, ultimately preventing these funds from being deducted from you as the merchant.
-
-
We recommend you include the page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website, on each of your payment pages (not just the information entry page). Text to read: ‘Payments securely processed by GoCardless. GoCardless SAS (company registration number 834 422 180, R.C.S. PARIS) is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services. GoCardless uses personal data as described in their Privacy Notice.’
Setup success page
We recommend you include the page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website, on each of your payment pages (not just the information entry page). Text to read: ‘Payments securely processed by GoCardless. GoCardless SAS (company registration number 834 422 180, R.C.S. PARIS) is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services. GoCardless uses personal data as described in their Privacy Notice.’
Additional steps for Partners
Information entry page
You must include the above ‘Payments by’ notice on your payment pages, or at minimum, enable the merchant to provide a link to their privacy notice at the information entry page.
Summary and confirmation page
Partners can make a GET request to the creditors endpoint to pull the creditor/merchant information cited in point 4 and the [scheme_identifiers: name] to populate the [Name] field in point 7.
Query the API to retrieve the following:
-
Creditor name - [name]
-
Creditor ID - [scheme_identifiers: reference]
-
Creditor address - [address_line1], [address_line2], [region], [postal_code], [country_code]
GoCardless approval of payment pages
When creating a new partner app and going through our technical certification process, you’ll be able to submit custom payment pages for approval through our partner portal.
Summary table
The below shows a summary of the relevant information at each stage of the payment pages.
All information is required unless specified otherwise.
| INFORMATION ENTRY PAGE | SUMMARY & CONFIRMATION PAGE | SETUP SUCCESS PAGE | |
|---|---|---|---|
|
Page heading that specifies the creditor name |
Displayed |
|
|
|
Page heading that is identifiable to payers |
|
Displayed |
Displayed |
|
First and last name |
Captured |
Displayed |
|
|
Email address |
Captured |
|
|
|
IBAN, or relevant country specific bank details |
Captured |
Displayed |
|
|
Address |
Captured |
|
|
|
Page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website |
Displayed |
Recommended |
Recommended |
|
Date of mandate set up |
|
Displayed |
|
|
Transaction type |
|
Displayed |
|
|
Advance notice wording |
|
Displayed |
|
|
Mandate consent wording |
|
Displayed |
|
|
Creditor name |
|
Displayed |
|
|
Creditor ID |
|
Displayed |
|
|
Creditor address, including country |
|
Displayed |
|
|
Edit button allowing payers to amend their details |
|
Recommended |
|
|
Name that will appear on payers’ bank statements |
|
|
Displayed Recommended |
|
Create a timestamp of the transaction and store the payer’s IP address, or a log of the transaction |
|
Recommended |
|