Guide to creating online payment pages

We walk you through the compliance requirements for offering UK Direct Debit payments on your website.


The Direct Debit scheme rules allow customers to enter into a Direct Debit agreement with you online. But before going ahead with taking payments, it’s important to be aware of the scheme's strict requirements for the content and formatting of online payment pages.

In this guide, we’ll show you how to create perfect (and fully compliant) payment pages for use with your customers. This guide uses the GoCardless payment pages as an example. You can view them in full here.

To create fully compliant payment pages for your customers, there are a number of things you’ll need to put into place, to ensure security is kept tight. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:

  • Host your payment pages with HTTPS
  • Collect the account holder’s name, account number and sort
  • Make sure your customers are aware that payments are powered by GoCardless in the footer of the page
  • Confirm that the user is authorised to set up Direct Debit payments
  • Display the customer’s bank details back to them before submission
  • Include a copy of the Direct Debit Guarantee
  • Show a payment confirmation screen

Host your payment pages with HTTPS

Why is this important?

It ensures customer details are transmitted securely.

How do I do it?

By configuring your website to only accept secure (SSL) connections, just as shown in the below image:

SSL

Collect the account holder’s name, account number and sort code

Why is this important?

The bank needs this data to set up a mandate.

How do I do it?

By collecting this information on a payment page.

Important:

  • You explicitly need to ask for 'Account Name' when you collect the Account Number and Sort Code; simply collecting ‘Name’ at a different part of the flow isn't enough.

Make sure your customers are aware that payments are powered by GoCardless in the footer of the page

Why is this important?

To comply with data protection law, you must let your customers know about third party data controllers that power your website.

How do I do it?

By displaying the text below in your page footer:

Payments by GoCardless. Read the GoCardless privacy notice

Without that upfront notice, we could both be violating the law. (Read more here)

If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/

If you are a GoCardless partner, you must include the ‘Payments by’ notice set out above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.

Confirm that the user is authorised to set up Direct Debit payments

Why is this important?

You need to make sure the person signing up is doing so with their own bank account Online Direct Debits can only be used for single signatory accounts. For dual signatory accounts you need to provide the option of requesting a paper mandate.

How do I do it?

By adding a checkbox confirming that the person is authorised to set up a Direct Debit payment. Here’s some official wording to help you out. You can add this text to your confirmation checkbox:

"I confirm that I am the account holder and am authorised to set up Direct Debit payments on this account."

Display the customer’s bank details back to them before submission

Why is this important?

It allows the customer to check their details were typed correctly.

How do I do it?

By displaying a final confirmation before the form actually submits.

Provide your own address, phone number and email

Why is this important?

It makes it easy for customers to contact you with any queries

How do I do it?

Add a snippet of text on the page

Include a copy of the Direct Debit Guarantee

Why is this important?

It helps to reassure the customer that they are fully protected.

How do I do it?

By including or linking to the full text of the Direct Debit Guarantee on the payment page. You also need to include a Direct Debit logo where the Guarantee is displayed.

Show a payment confirmation screen

Why is this important?

It lets the customer know that a Direct Debit was set up correctly.

How do I do it?

By showing details of the newly created mandate.

The confirmation page must include the following:

  • Confirmation that the Direct Debit payment has been set up.
  • The name that will appear on the customer's bank statement, e.g. "The name on your bank statement will be [your name]".
  • A note that the customer will receive an email within three business days confirming that the Direct Debit payment has been set up.

Using payment pages with GoCardless

GoCardless offers off-the-shelf payment pages that are fully compliant. What’s more, they can be customised with your own business name and logo.

Alternatively, if you want to design and host your own payment pages, you can do so using GoCardless Pro with our API. We’ll work with you to build compliant payment pages and give final sign off once they’re ready.

Find out more about collecting Direct Debit payments with GoCardless.

‹ View table of contents Next page ›

Latest features

Member Retention Bootcamp: e-Guide for fitness business leaders

6 business workouts to stretch your average membership duration and build member loyalty.

5 ways Finance & Ops teams can improve gym member retention

What can Finance and Ops leaders do to keep members coming back? More than you might think. 5 tactics to boost member retention at your gym.

Switching Direct Debit provider - A guide for gym owners

Transferring your Direct Debit mandates from one provider to another is easy using the bulk change process. This involves changing from your current Service User Number (SUN), or existing provider to a new one, either your own or one held by a new provider.

View all


Reference guides

View all