Paid with GoCardless? Read our FAQ for customers
We are authorised by the Financial Conduct Authority in the United Kingdom to provide payment services as an Authorised Payment Institution and currently serve more 30,000 businesses.
All money collected is held in a secure client monies account with one of our partner banks.
At GoCardless we know security is important, especially when it comes to payments. Our merchants rely on us to invest in security and maintain robust data protection for them and their customers.
GoCardless has been awarded ISO 27001 certification. ISO 27001 is a widely recognised, internationally accepted standard for information security and we have attained it across all GoCardless services and products.
An accredited independent auditor has assessed our processes and controls, and confirmed they align with the certification standard. Certification Europe, an ISO accredited certification body, has certified our compliance with the ISO standard.
Having ISO 27001 certification helps assure our merchants and their customers that we take information security management seriously. GoCardless will ensure that an independent auditor will reassess our Information Security Management System on an annual basis.
All money collected is held in a secure client monies account held with one of our partner banks. Funds are held fully in accordance with safeguarding provisions.
Yes. Your customers are protected by SEPA Direct Debit Customer Protection in the Eurozone and the Direct Debit Guarantee in the UK. There are also customer protections offered in other Direct Debit schemes, you can see an overview of these protections in our Direct Debit guides.
We care deeply about keeping our users safe. If you believe you have discovered a vulnerability, we ask that you disclose it in a responsible manner. Sharing vulnerabilities publicly puts our entire user base at risk, so we urge you to keep issues private until we’ve had a chance to release a fix.
If you are interested in testing our service for vulnerabilities then we would appreciate any reports regarding our new dashboard and API, as the current dashboards will be replaced soon. You can sign up for a sandbox account to get started.
In recognition of your efforts, and as thanks for working with us to keep GoCardless safe, we offer financial rewards for responsible vulnerability disclosures. Rewards are issued at our discretion, determined by the severity of the issue.
We appreciate the effort security researchers go to in order to keep the web safe, and we’re keen to reward them for their work. However, we will not reward malicious behavior, or actions that deliberately cause a disruption to our service. Reward eligibility is decided on a case-by-case basis, but we will never provide rewards for:
GoCardless SAS, an affiliate of GoCardless Ltd (company registration number 834 422 180, R.C.S. PARIS), is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services.
GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.