Guide to creating online payment pages
Last editedJul 20233 min read
We walk you through the compliance requirements for offering Direct Debit payments on your website.
The Direct Debit scheme rules allow customers to enter into a Direct Debit agreement with you online. But before going ahead with taking payments, it’s important to be aware of the scheme's strict requirements for the content and formatting of online payment pages.
In this guide, we’ll show you how to create perfect (and fully compliant) payment pages for use with your customers. This guide uses the GoCardless payment pages as an example. You can view them in full here.
To create fully compliant payment pages for your customers, there are a number of things you’ll need to put into place, to ensure security is kept tight. Here’s the short version for quick reference. Keep reading and we’ll explain each step in more detail:
Host your payment pages with HTTPS
Collect the account holder’s full name, address, account number and sort-code
Make sure your customers are aware that payments are powered by GoCardless in the footer of the page
Confirm that the user is authorised to set up Direct Debit payments
Display the customer’s bank details back to them before submission
Include a copy of the Direct Debit Guarantee
Show a payment confirmation screen
Host your payment pages with HTTPS
Why is this important?
It ensures customer details are transmitted securely.
How do I do it?
By configuring your website to only accept secure (SSL) connections, just as shown in the below image:
Collect the account holder’s full name, address, account number and sort-code
Why is this important?
The bank needs this data to set up a mandate.
How do I do it?
By collecting this information on a payment page.
Important:
You explicitly need to ask for 'Account Name' when you collect the Account Number and Sort Code; simply collecting ‘Name’ at a different part of the flow isn't enough.
How to collect Direct Debit payments with GoCardless
1.
Create your free GoCardless account, access your user-friendly payments dashboard & connect your accounting software (if you use one).
2.
Easily set up & schedule Direct Debit payments via payment pages on your website checkout or secure payment links.
3.
From now on you'll get paid on time, every time, as GoCardless automatically collects payment on the scheduled date. Simple.
Make sure your customers are aware that payments are powered by GoCardless in the footer of the page
Why is this important?
To comply with data protection law, you must let your customers know about third party data controllers that power your website.
How do I do it?
By displaying the text below in your page footer:
Payments by GoCardless. Read the GoCardless privacy notice
Without that upfront notice, we could both be violating the law.
If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be:
We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/en-us/legal/privacy/
If you are a GoCardless partner, you must include the ‘Payments by’ notice set out above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.
Confirm that the user is authorised to set up Direct Debit payments
Why is this important?
You need to make sure the person signing up is doing so with their own bank account Online Direct Debits can only be used for single signatory accounts. For dual signatory accounts you need to provide the option of requesting a paper mandate.
How do I do it?
By adding a checkbox confirming that the person is authorised to set up a Direct Debit mandate. Here’s some official wording to help you out. You can add this text to your confirmation checkbox:
"I confirm that I am the account holder and am authorised to set up Direct Debit payments on this account."
Want all the benefits of Direct Debit but without all the hassle & expense of dealing with banks?
GoCardless does all the heavy lifting for you so you can collect payments on time every time with just a few clicks!
Display the customer’s bank details back to them before submission
Why is this important?
It allows the customer to check their details were typed correctly.
How do I do it?
By displaying a final confirmation before the form actually submits.
Provide your own address, phone number and email
Why is this important?
It makes it easy for customers to contact you with any queries
How do I do it?
Add a snippet of text on the page
Include a copy of the Direct Debit Guarantee
Why is this important?
It helps to reassure the customer that they are fully protected.
How do I do it?
By including or linking to the full text of the Direct Debit Guarantee on the payment page. You also need to include a Direct Debit logo where the Guarantee is displayed.
It's important to note that the Direct Debit guarantee you include or link to must reference the full Service User Number (SUN), as opposed to simply the merchant name.
Show a mandate confirmation screen
Why is this important?
It lets the customer know that a Direct Debit was set up correctly.
How do I do it?
By showing details of the newly created mandate.
The confirmation page must include the following:
Confirmation that the Direct Debit mandate has been set up.
The name that will appear on the customer's bank statement, e.g. "The name on your bank statement will be [your name]".
A note that the customer will receive an email within three business days confirming that the Direct Debit mandate has been set up.
Using payment pages with GoCardless
GoCardless offers off-the-shelf payment pages that are fully compliant. What’s more, they can be customised with your own business name and logo.
Alternatively, if you want to design and host your own payment pages, you can do so using GoCardless with our API. We’ll work with you to build compliant payment pages and give final sign off once they’re ready.
