If the payer is also setting up a recurring payment (using Bacs Direct Debit in the UK) the payment pages must also incorporate the Bacs requirements.
Please note: For Instant Bank Pay not all pages are customisable.
What are payment pages?
To create consent and initiate an instant bank payment from your customer’s account, GoCardless defines payment pages to ensure the correct data is captured and played back to the payer in an efficient, compliant manner.
Merchants using GoCardless Pro or GoCardless Custom have the option to use GoCardless’ own payment pages, or to build their own custom payment pages.
Our partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their payers a consistent branding experience.
Custom payment pages must be approved by GoCardless before being implemented.
How to build custom payment pages
There are 5 steps to ensure compliance with legal and regulatory requirements, the Open Banking technical requirements and GoCardless processes:
- HTTPS hosted payment pages
- Information entry
- Payment information summary
- Confirmation page
- Confirmation email
- Submit payment pages to GoCardless for approval
1. HTTPS hosted payment pages
To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.
2. Information entry page (customisable)
This is the sign-up page for your product / services, and is used to capture the payer’s details required to initiate an Instant Bank Payment. Payer details: (examples from GC hosted pages)
There are 2 compulsory elements to this page.
1. Display the following fields (pre-populated)
- Payment Amount and Currency (GBP for UK implementations)
- Merchant Payee Account Name
- Merchant Payee Account Identification details (e.g. account number and sort code)
- Payment Reference - This is optional but it is good practice to be populated for a payment
2. Payer enters their account details by either:
a) Selecting their bank from a list; and
b) Populating their account name, and account number and sort code
c) Confirming their bank/account details if they have already been provided
3. Payment information summary (not customisable)
This page is to allow payers to view and verify their details before submitting them.
Display the following information in the summary screen:
a) Payment Amount and Currency (GBP for UK implementations)
b) Merchant Payee Account Name
c) Payment Reference (pre populated if provided on previous screen)
d) If previously captured the payer’s bank name and account details should be displayed (these can be masked).
e) If payer’s bank details will be captured in the flow between payer and their bank, then only their bank name needs to be displayed.
4. Payer Confirmation page (not customisable)
This page provides the means by which the payer consents to the initiation of the transaction. It is a regulatory requirement to communicate information clearly to the payer when obtaining consent in order to initiate the payment.
The following will be displayed:
1. Request consent from the payer in a clear, specific and straightforward manner.
2. Footer text naming GoCardless, sharing the terms that apply, and disclosing the GoCardless privacy notice.
- Page footer to be a minimum of 14px font size
- Page footer to be either directly above or directly below the continue, or next button, or QR code
- Page footer must also be present in mobile versions
Why is the page footer a requirement?
This upfront notice ensures compliance with data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here.
What if I can’t include the footer?
If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
5. Confirmation email - Sent by GoCardless and included for completeness
The following confirmation email will be sent to the customer by GoCardless and there is no requirement for Merchants or Partners to build anything.
The email from GoCardless is a scheme requirement, and will:
1. Display the information received from the payer’s bank (this may include:)
- The unique identifier assigned to the payment instruction by the payer’s bank
- The payment status (and status update date & time)
- Confirmation of successful payment initiation
- The date of receipt of the payment order
6. GoCardless approval of payment pages
Mock ups of your payment pages must be sent to GoCardless for approval prior to your go-live date, we recommend that you arrange this with 2 weeks notice to ensure sufficient time for our review and implementing any subsequent changes. Once you have written approval from GoCardless, you may implement the payment pages.
To test your payment pages, you can sign up here for a sandbox account.
What if I’m a partner?