Instant bank pay (IBP) one-off payment page requirements (UK)
Please note: Please note: The Instant Bank Pay feature is currently available for all merchants based in UK, US, Canada, EEA, Australia, and New Zealand who are collecting GBP payments from customers in the UK.
Please register your interest here if you'd like to be notified when Instant Bank Pay is available in your region.
The following is a guide to building Custom Payment Pages for merchants using GoCardless Advanced or GoCardless Pro, and for partners, using the add-on feature Custom Checkout Experience. See our Pricing page for more details.
In order to take IBP one-off payments from your customers, they need to provide their explicit consent to do so, this includes consenting to the amount and payee (you as the merchant) and agreeing to the GoCardless payer terms. They can use your payment pages to set up their payment agreement and provide consent to this online.
Getting Started with Custom Payment Pages
Before designing and hosting IBP one-off Custom Payment Pages, it’s important to be aware that there are strict compliance requirements for the content and formatting of these pages.
We’ll work with you to build compliant Custom Payment Pages, which have to receive a final sign off once they’re ready (see below for the approval process).
After your Custom Payment Pages have been signed off, they must not be changed without GoCardless’ approval, and we would like to remind you of your contractual obligations to:
- comply with GoCardless’ directions, instructions and guidance;
- ensure that no elements of the Custom Payment Pages could put GoCardless in breach of relevant law and regulation; and
- remove or amend any part of the Custom Payment Pages immediately if notified to do so.
Approval process for Custom Payment Pages
- Submit Templates: After completing the design and build of your custom payment pages, submit the templates to GoCardless for approval before your go-live date.
- Receive Feedback: GoCardless will provide feedback on any required changes (if necessary).
- Obtain Approval: Once you have written approval from GoCardless, we will enable a feature on your account for creating IBP one-off payments via the API.
- Implement Client Sign-Up Flow: Integrate the client sign-up and creation flow with the GoCardless API.
- Create Sandbox Account: Set up a sandbox account here and email GoCardless at help@gocardless.com to inform them you have set up your sandbox account and want to test IBP one-off Custom Payment Pages, including the email address used for setup.
- Create Access Token: Generate a read-write access token.
- Link Your Account: Use the access token to connect your sandbox account with your internal system or application.
- Test Integration: Test the customer creation process as per the developer documentation.
- Launch integration: After fully testing your integration and obtaining approval for your Custom Payment Pages, launch your new process for customer sign-ups.
- Move to Production: Rotate your access token from the sandbox to your production GoCardless account to transition from testing to the live environment.
Quick guide
To create fully compliant Custom Payment Pages, there are a number of requirements you must meet. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
| Step | Quick reference |
|---|---|
| 1 |
You must capture the payer’s first name, last name, and email address. If you have already collected these prior to the checkout flow, you do not need to request them again with the payer, but should pass them to GoCardless. |
|
2 |
You must provide a list of available banks for payers to select (and be redirected to). |
|
3 |
You must provide your payers with the following consent parameters (i.e. payment rules):
|
|
4 |
You must seek the payer’s consent by:
|
|
5 |
You should provide messaging to inform payers how to complete the payment authentication and let them know that they will be taken to their bank. |
|
6 |
You must provide confirmation and certain information to the payer when they have successfully authenticated a payment with their bank. |
|
7 |
You must remind the payer that the payment is being powered by GoCardless and provide information about our regulatory status (including FCA registration number and privacy notice) |
1. Information entry
This is the sign-up page for your product / services, and is used to capture the necessary payer information. You must include the following:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payer’s personal details |
You must be able to provide the payer’s first (given) name, last (family) name, and email address to GoCardless (if you have already captured this information prior to the checkout flow, you don’t need to re-capture it from the payer here, but should pass to GoCardless). |
HEADING: “Your personal details”
|
2. Account selection
In order for your payer to authenticate the one-off payment later in the journey, they must be presented with the option to select their bank:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Display available banks |
Payers must be allowed to select the bank they wish to make the one-off payment from. You must provide a list of available / supported banks. You can use this endpoint to retrieve the list. |
HEADING: “Choose your bank” TEXT: |
3. Parameters
In order for your payer to provide their explicit consent to set up a one-off payment , they must be presented with these consent parameters:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payee (i.e. your) name |
The payee to be credited with the payment must always be clearly stated. Whilst GoCardless is the “initial payee”, you (the merchant) are the “ultimate payee”, and therefore you should include your legal name (and trading name if different to your legal name). |
HEADING: “Make a one-off payment to [your legal / trading name]” TEXT: “Description: ___ |
|
Payment description |
You must include a description, which makes clear what the payer is making a one-off payment for. |
|
|
Amount and currency |
The amount of the one-off payment, along with the currency of the one-off payment (this will be GBP for UK implementation), must be clearly stated. |
4. Consent & terms
In order for the payer to consent to the one-off payment, you must present the following information:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
GoCardless’ name |
As a payment initiation service provider (PISP), the GoCardless trading/brand name must be displayed to the payer during the setup of their consent, explaining that GoCardless is your payment provider. |
HEADING: “Permission to make a payment” TEXT: “Our payment provider, GoCardless, needs your consent to trigger a one-off payment from your [name of bank] account. Description: ___
|
|
Clearly explain what the payer is consenting to |
You must use clear language which requests the payer’s consent to the payment. |
|
|
Repeat consent parameters and payer account information |
If you have used multiple screens, you must re-display: (1) the bank selected by the payer, and (2) the consent parameters previously shown to the payer |
|
|
GoCardless’ Terms of Use |
In order for the payer to enter into a legally binding agreement with GoCardless, you must enable the payer to view the applicable GoCardless payer terms on the consent screen. To do this, you must include our mandatory component on the consent screen. This component must be free of any obstructions, and as prominent as the rest of the text on the screen. These terms must appear prior to the confirmation / consent button below. |
“By continuing, you agree to GoCardless, triggering this one-off payment, as per their Payer Terms.”
|
|
Confirmation / consent button |
You must provide payers with an opportunity to show that they actively consent to all of the above. |
“Confirm and continue” or “I consent” or “I allow” or “I agree” |
5. Authentication & redirection
Whilst there are no mandatory requirements governing this part, in order for payers to complete the flow, you should provide messaging to inform payers about the next steps (i.e. that they will be redirected to their bank for authentication of the payment):
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Authentication |
You should provide messaging to inform payers how to complete the payment authentication, which takes place at their bank. If you choose to provide a QR code, make it clear the payer will need to scan with their mobile phone to open their banking app. This priming is key for setting payers up for success, especially those who may not have made payments via open banking prior and are not expecting to authorise in their bank app. In addition to telling payers they’ll be taken to their bank, you can let them know what this means (e.g. there’s no need to enter card details, which will save them time and effort). |
HEADING: “Please authenticate the payment” TEXT: “Scan the QR code with your phone camera to quickly complete the payment using your banking app. Don’t have an app installed? Continue on desktop.” or “We use bank authentication through your bank app to make this Instant Bank Payment. You’ll automatically be taken to your bank app to authenticate your payment.” |
| Redirection |
You should provide messaging to inform payers that they will be taken to their bank to complete the payment. |
“We are securely transferring you to [name of bank] to authenticate.” |
6. Confirmation
After the payer has authorised the payment with their bank, you must provide messaging to inform the payer of the following:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Payment information (amount, currency, reference) |
After a payment has been successfully initiated, you must provide the payer with these details about the payment:
You must also let payers know that GoCardless will save their payment details in order to process future refunds. |
“Your payment has successfully been submitted to your bank. Payment information Payments to UK banks are normally instant, but may take up to 24 hours or longer in some cases. Our payment provider, GoCardless will save your payment details and can use these to process future refunds. You can safely close this window.” |
|
Privacy notice |
You must display GoCardless’ Privacy Notice. |
“GoCardless uses personal data as described in their Privacy Notice.” |
7. Footer
On all IBP one-off Custom Payment Pages , you must include a footer with the following information:
| Requirement | Detailed explanation | Our recommendation |
|---|---|---|
|
Regulatory status disclosure |
In addition to including our mandatory component on the consent screen, you must remind the payer that the payment is being securely powered by GoCardless and provide information about our regulatory status (company number, the fact we’re authorised by the FCA, our FCA registration number). |
“Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.” |
|
Privacy notice |
You must display GoCardless’ Privacy Notice. |
“GoCardless uses personal data as described in their Privacy Notice.” |
Summary of required information
|
INFORMATION ENTRY |
ACCOUNT SELECTION |
PARAMETERS |
CONSENT & TERMS |
AUTHENTICATION & REDIRECTION |
CONFIRMATION | |
|
Payer’s first name |
Captured | |||||
|
Payer’s last name |
Captured | |||||
|
Payer’s email address |
Captured | |||||
|
Payer’s bank |
Captured | Displayed | ||||
|
Your legal name (and trading name if different to your legal name) |
Displayed | Displayed |
Displayed (optional) |
|||
|
Payment description |
Displayed (optional) |
Displayed | Displayed | |||
|
Payment amount and currency |
Displayed | Displayed | Displayed | |||
|
GoCardless' name |
Displayed | |||||
|
Clear consent language |
Displayed | |||||
|
GoCardless’ Terms of Use |
Displayed | |||||
|
Consent button |
Displayed | |||||
|
Authorisation instructions |
Displayed | |||||
|
Redirection messaging |
Displayed | |||||
|
Confirmation of success |
Displayed | |||||
|
Information about saving payment details |
Displayed | |||||
| Regulatory status disclosure | Displayed | Displayed | Displayed | Displayed | Displayed | |
|
Privacy notice |
Displayed | Displayed | Displayed | Displayed | Displayed |