PAD custom payment pages

The following is a guide to building custom payment pages for merchants using GoCardless Pro or GoCardless Custom, and for partners. 

 

What are payment pages?

Payers in Canada need to complete a Pre-Authorized Debit Agreement to authorise merchants to take payments from them via PAD, the local Direct Debit payment scheme.

With GoCardless Pro and GoCardless Custom, you may offer payers the option to complete the Pre-Authorized Debit Agreement online, or on paper. Payers use payment pages to complete Pre-Authorized Debit Agreements online.

Merchants using GoCardless Pro or GoCardless Custom have the option to use GoCardless’ own payment pages, or to build their own custom payment pages. 

Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their customers (payers) a consistent branding experience. 

You may also build your own payment notifications to further customise your payers’ experience.

Custom payment pages will need to be approved by GoCardless before being implemented.

 

How to build custom payment pages

There are 5 steps to ensure compliance with the PAD scheme rules and GoCardless processes: 

1. HTTPS hosted payment pages
2. Information entry page
3. Summary and confirmation page
4. Setup success page
5. Submit payment pages to GoCardless for approval

The details for each are below, and there’s a summary table here.

 

1. HTTPS hosted payment pages

To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.

 

2. Information entry page

This is the sign-up page for your product / services, and is used to capture the payer information necessary to set up a Pre-Authorized Debit Agreement.

There are 3 compulsory elements and 1 recommended element:

Compulsory:

1. Page heading that is identifiable to payers. Title it ‘Set up a Pre-Authorized Debit Agreement with [merchant name]’. 
• Partners - make a GET request to the creditors endpoint, and pull [name] to populate the merchant name
2. Entry points to collect payer details
   • Account holder name
   • Email address
   • Bank account information: Branch/transit number (5 digits); Institution number (3 digits); Account number (7-12 digits)
3. Page footer to let payers know about 3rd party data controllers that power your website. Text to read ‘Payments by GoCardless. Read the GoCardless privacy notice.’

Recommended:

Include a visual showing payers where to find their account information.

 

Why is the page footer a requirement?

This upfront notice ensures compliance with data protection law. GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. You can read more here. 

What if I can’t include the footer?

If the suggested footer isn’t technically possible, at a minimum you must include the following reference to GoCardless in your website privacy notice:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/.

What if I’m a partner?

If you’re a partner, you must include the above ‘Payments by’ notice on your payment pages, or at a minimum, enable the merchant to provide a link to their privacy notice at the information entry page.

 

3. Summary and confirmation page

This page is to allow payers to view and verify their details before submitting them. 

There are 3 compulsory elements and 1 recommended element.

Compulsory:

1. Page heading that is identifiable to payers. Title it ‘Pre-Authorized Debit Agreement’. 
2. Date of Pre-Authorized Debit Agreement set up i.e., today’s date
3. Payer details as collected in the information entry page - account holder name and bank account information

Recommended:

Include an ‘edit’ button, allowing payers to amend any incorrect information.

 

4. Setup success page

This page is to confirm that the Pre-Authorized Debit Agreement has been set up.

It is best practice, although not a scheme requirement, to include the below:

1. Page heading that is identifiable to payers, i.e., message to confirm DD setup, such as “Direct Debit set up successfully”
2. Reminder of what will appear on payers’ bank statements

Partners can make a GET request to the creditors endpoint and pull [scheme_identifiers: name] to populate what will appear on payers’ bank statements.

 

5. GoCardless approval of payment pages

Mock ups of your payment pages must be sent to GoCardless for approval prior to your go-live date. Once you have written approval from GoCardless, you may implement the payment pages. 

To test your payment pages, you can sign up here for a sandbox account.

What if I’m a partner?

When creating a new partner app and going through our technical certification process, you’ll be able to submit custom payment pages for approval through our partner portal.

 

Summary table

The below shows a summary of the relevant information at each stage of the payment pages.

All information is required unless specified otherwise.

	Information entry page	Summary & confirmation page	Setup success page
Page heading that is identifiable to payers	Displayed	Displayed	Displayed  Recommended
Account holder name	Captured	Displayed
Email address	Captured
Bank account information	Captured	Displayed
Page footer to let payers know about 3rd party data controllers that power your website	Displayed
Include a visual showing payers where to find their account information	Recommended
Date of Pre-Authorized Debit Agreement set up		Displayed
Edit button allowing payers to amend their details		Recommended
Name that will appear on payers’ bank statements			Displayed  Recommended