United Kingdom (Bacs) custom payment pages
The following is a guide to building custom payment pages for customers on GoCardless Advanced or GoCardless Pro and for partners, using the add-on feature Custom checkout experience and payer notifications.
Payers in the UK need to complete a Direct Debit Instruction (DDI), also known as a mandate, to authorise merchants to take payments from them via Bacs, the local Direct Debit payment scheme.
Customers on GoCardless Advanced or GoCardless Pro have the option to use GoCardless’ own payment pages, or to build their own custom payment pages by using our Custom checkout experience and payer notifications add-on feature. Please note there is an additional “add-on” monthly fee called Custom checkout experience and payer notifications.
Partners can opt to build and use custom payment pages as well. This will enable merchants who are using GoCardless through their app to offer their payers a consistent branding experience.
Please note: Custom payment pages will need to be approved by GoCardless before being implemented.
How to build custom payment pages
There are 5 steps to ensure compliance with the Bacs scheme rules and GoCardless processes:
-
Compulsory Requirements
-
Recommended features
-
Additional steps for Partners
-
Summary table
The steps outlined below are a requirement of the Bacs scheme in order for your custom payment pages to be compliant. The recommended features are in addition to the compulsory requirements and we strongly recommend using these.
1. HTTPS hosted payment pages
To ensure payers’ details are safely transmitted, your website must be configured to only accept secure (SSL - minimum of SHA-256 SSL support TLS.1 or TLS1.2) connections.
2. Information entry page
This is the sign-up page for your product / services, and is used to capture the payer information necessary to set up a mandate.
There are 5* compulsory elements to this page:
|
Page heading that is identifiable to payers |
We recommend ‘Set up a Direct Debit with [merchant name]’ |
|
Entry points to collect payer details |
|
|
Confirm that the person entering into the transaction is the only person required to authorise debits from the account i.e., whether or not the account is dual signature. |
Include a checkbox with text to read ‘More than one person is required to authorise Direct Debits’.
*Please note: You can choose to place this element on the Summary and Confirmation page instead. The requirement can be on either page. |
|
Page footer: Regulatory status disclosure |
You must remind the payer that the payment is being securely powered by GoCardless and provide information about GoCardless’ regulatory status. The page footer is a requirement, as this upfront notice ensures compliance with regulatory requirements - GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. Text to read: “Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.” |
|
Page footer: Privacy notice |
You must display GoCardless’ Privacy Notice in order to let payers know about 3rd party data controllers. The page footer is a requirement, as this upfront notice ensures compliance with data protection laws - GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. Text to read: “GoCardless uses personal data as described in their Privacy Notice.” |
|
Page footer: The Direct Debit Guarantee |
You must include or link to the full text of the Direct Debit Guarantee, and Direct Debit logo as shown here. In place of the references to 'GoCardless', this text should refer to your SUN name i.e., 'GC Re + [text you have chosen to appear on payers' bank statements]'. In addition to this, please ensure you use the correct number of days advance notice - i.e., 3 days. |
3. Summary and confirmation page
This page enables payers to view and verify their details before submitting them.
There are 7* compulsory elements:
|
Page heading that is identifiable to payers. |
We recommend ‘Check your details are correct’ |
|
Payer account details as collected in the information entry page |
Account name, account number, and sort code. Account number and sort code should be redacted and should only display the last two digits. |
|
Creditor / merchant information |
This includes the merchant name, merchant's phone number and/or email address and the name that will appear on payers' bank statements |
|
Advice of right to cancel |
Text to read ‘You may cancel this Direct Debit at any time by contacting [Merchant Name] or your bank.’ |
|
Confirm that the person entering into the transaction is the only person required to authorise debits from the account i.e., whether or not the account is dual signature. |
Include a checkbox with text to read ‘More than one person is required to authorise Direct Debits’.
*Please note: You can choose to place this element on the Information entry page instead. The requirement can be on either page. |
|
Page footer: Regulatory status disclosure |
You must remind the payer that the payment is being securely powered by GoCardless and provide information about GoCardless’ regulatory status. The page footer is a requirement, as this upfront notice ensures compliance with regulatory requirements - GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. Text to read: “Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.” |
|
Page footer: Privacy notice |
You must display GoCardless’ Privacy Notice in order to let payers know about 3rd party data controllers. The page footer is a requirement, as this upfront notice ensures compliance with data protection laws - GoCardless, our merchants, and our partners could be in violation of this law if the notice is not included. Text to read: “GoCardless uses personal data as described in their Privacy Notice.” |
4. Setup success page
This page confirms to the payer that the mandate has been set up.
You must include both of the following:
-
Page heading that is identifiable to payers, i.e., message to confirm Direct Debit setup, such as “Direct Debit set up successfully”
-
Confirmation that the payer will receive notification (via email or post) within 3 business days confirming that the mandate has been set up
- A page footer to: (i) remind the payer that the payment is being securely powered by GoCardless and provide information about GoCardless’ regulatory status - text to read: “Payments securely processed by GoCardless. GoCardless Ltd (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.”; and (ii) let payers know about 3rd party data controllers - text to read: “GoCardless uses personal data as described in their Privacy Notice.”
5. GoCardless approval of payment pages
Example templates of your payment pages must be sent to GoCardless for approval prior to your go-live date. Once you have written approval from GoCardless, you may implement the payment pages.
To test your payment pages, you can sign up here for a sandbox account.
Recommended features
Listed below are recommended features for your custom payment pages. These are recommended additions to the steps outlined in the Compulsory Requirements section.
Information entry page
While it is a requirement to confirm whether or not a bank account is dual signature, it is not a requirement to subsequently allow sign ups from dual signature accounts.
You may choose to accept sign ups from individual signature accounts only, but we recommend enabling signups from dual signature accounts as well, to enable all of your payers to pay via GoCardless.
If you choose to support dual signature accounts, you’ll need to follow the process here under the heading ‘Completing and returning dual signature mandates via Custom Payment Pages’.
Summary and confirmation page
Include an ‘edit’ button, allowing payers to amend any incorrect information.
Additional steps for Partners
Information entry page
You must include the above ‘Payments by’ notice on your payment pages, or at minimum, enable the merchant to provide a link to their privacy notice at the information entry page.
Partners can make a GET request to the creditors endpoint to pull the creditor/merchant information cited in points 1 and 5.
Summary and confirmation page
Partners can make a GET request to the creditors endpoint to pull the creditor/merchant information cited in points 3 and 4.
Query the API to retrieve the following:
-
Merchant name - [name]
-
Merchant phone number - [scheme_identifiers: phone_number]
-
Merchant email address - [scheme_identifiers: email]
-
Name that will appear on payers’ bank statements - [scheme_identifiers: name]
GoCardless approval of payment pages
When creating a new partner app and going through our technical certification process, you’ll be able to submit custom payment pages for approval through our partner portal.
Summary table
The below shows a summary of the relevant information at each stage of the payment pages.
All information is required unless specified otherwise.
| INFORMATION ENTRY PAGE | SUMMARY & CONFIRMATION PAGE | SETUP SUCCESS PAGE | |
|---|---|---|---|
|
Page heading that is identifiable to payers |
Displayed |
Displayed |
Displayed |
|
Account holder name |
Captured |
Displayed |
|
|
Email address |
Captured |
|
|
|
Billing address |
Captured |
|
|
|
Bank account number |
Captured |
Displayed |
|
|
Sort code |
Captured |
Displayed |
|
|
Confirm whether or not the payer's bank account is dual signature |
Captured |
|
|
|
Dual signature account sign up functionality |
Recommended |
|
|
|
Page footer to let payers know how GoCardless’ service is provided, and about 3rd party data controllers that power your website |
Displayed |
Displayed |
Displayed |
|
Edit button allowing payers to amend their details |
|
Recommended |
|
|
Merchant name |
|
Displayed |
|
|
Merchant phone number and/or email address |
|
Displayed |
|
|
Name that will appear on payers’ bank statements |
|
Displayed |
|
|
Advice of right to cancel Direct Debit |
|
Displayed |
|
|
Direct Debit Guarantee |
Displayed |
|
|
|
Direct Debit logo |
Displayed |
|
|
|
Advice that payer will receive notification (via email or post) within 3 business days confirming mandate set up |
|
|
Displayed |