The organisation responsible for the oversight of the Autogiro scheme, Bankgirot, defines three types of online mandates for Autogiro (for more details see our guide to Autogiro mandates here).
GoCardless uses mandates via an electronic mandate form (known as Medgivande via elektroniskt medgivandeformulär in Swedish). This practical guide will help you with the compliance requirements to create this electronic document and to offer online Autogiro on your website.
Please note: Custom payment pages will need to be approved by GoCardless before being implemented.
How to build custom payment pages
There are 5 steps to ensure compliance with the Autogiro scheme rules and GoCardless processes:
-
Compulsory Requirements
-
Recommended features
-
Additional steps for Partners
Listed below are the compulsory steps to follow for building your custom payment pages.
1. Host your payment pages with HTTPS
To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL) connections.
2. Information entry page
This is the sign-up page for your product / services, which is used to capture the payer information necessary to set up the Autogiro Direct Debit.
You will need to collect the payer's name, civic or company number and bank details, and display 'GoCardless regulatory footer and privacy notice'.
|
Name |
The name should include both first name and last name. The name of the account holder can be different from the payer's name (for example in a B2B transaction) but you may suggest the concatenated first name and last name. |
|
Civc/Identify number or company number |
The Swedish civic/identity number must be collected from individuals (the personnummer, or samordningsnummer for persons not registered in Sweden). The Swedish company number (organisationsnummer) must be collected for companies. |
|
Bank account details |
Sort code (clearingnummer) and account number (kontonummer). Local bank account details are required for Autogiro in Sweden. It is not possible to submit and Autogiro mandate against an IBAN. |
|
Email address (Optional) |
You may also want to collect the customer's email address as there are notification requirements before payment is taken under Autogiro. See our guide to taking Autogiro payments for more information. |
|
Page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website |
Text to read ‘Payments securely processed by GoCardless. GoCardless SAS (company registration number 834 422 180, R.C.S. PARIS) is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services. |
The page footer is a requirement, as this upfront notice ensures compliance with regulatory requirements and data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here.
If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your payments, personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/.
3. Summary and confirmation page
This page allows payers to view and verify their details before submitting them.
Provide your own company's name, address, company number and logo along with a snippet of text. Scheme rules also allow merchants to display Bankgirot's logo instead if desired.
To confirm the customer's approval and provide the Autogiro terms, conditions and rules you will need to display a final confirmation before the form submits, and provide a copy of the mandate.
The formatting of the mandate is at your discretion, but you must include the following details:
-
The customer's information: name, civic/company number and account details, as described above
-
The customer's Payment Service Provider (their bank)
-
Your company's details, as described above
-
The date the mandate was created
Bankgirot provides mandatory text that must be included on the mandate verbatim. The mandatory wording is available in English and Swedish.
Once a customer has confirmed the electronic mandate, you should create a timestamp of the transaction. You should also store their IP address or a log of the transaction.
4. GoCardless approval of payment pages
Your Account Executive will support you during your implementation of the Autogiro compliance guidelines.
Additional steps for Partners
Summary and confirmation page
You must include the ‘Payments by’ notice set out above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.