Collect subscriptions and recurring fees
Collect variable and ad-hoc payments
Ideal for subscriptions and invoices
Ideal for one-off payments
Collect from 30+ countries
Reduce payment failures
Stop payment fraud
Build a custom integration
Connect to 200+ partner apps
Instant Bank Pay for recurring payments
Get help using GoCardless
Common questions answered
Guide for integrators
Paid with GoCardless? Read our FAQ for customers
On a regular basis, we see users attempt to commit fraud using GoCardless. When successful, these attempts can be devastating to GoCardless, our merchants, and their customers. Some attempts come from individuals, and others from teams of well-funded and sophisticated hackers. Some are local to our headquarters here in the UK, but many come from nefarious actors around the world.
We have internal teams of people dedicated to detecting and preventing fraud of all kinds. Our fraud prevention programmes involve both manual investigations and machine learning, tracking lots of different types of data to help predict losses and prevent them before they occur.
We continually improve our fraud prevention programme, and we’re always looking for ways to make it more accurate, more efficient, and more successful at protecting us, our merchants, and their customers. The tools we use to do that include:
Verified Mandates is our authentication tool. We use Verified Mandates as a part of our fraud prevention tools to prevent nefarious actors from paying for things with bank accounts that don’t belong to them. When a payer is using GoCardless with a merchant they may be asked to verify that the account belongs to them in these steps:
If our tools indicate a risk that an interaction might be fraudulent, we take steps to limit or validate that interaction. We may ask the individual additional questions, or we might take other steps that help us verify that they are who they say they are. For example, we may ask them to confirm or prove that they have access to the bank account, email address or phone number they used to sign up.
In other cases, we may decide to block an interaction or transaction automatically. If an individual feels these decisions were wrongly applied, they can reach out to us to ask for a re-evaluation by submitting a request. We will consider their concerns and make a decision on whether to reverse it.
We collect data for new and existing merchants that helps us understand their risk profile. We collect and analyse the data shared when they sign up, and we also receive data from third-party sources that help us identify patterns of suspicious activity. That might include:
In the future, we will also collect this information about payers on our services to offer the same protections against fraud.
We’re as transparent as we can be about our programmes, but we also have to avoid tipping fraudsters off about how exactly they might circumvent our controls.
We’ve done a lot of research on the privacy and security concerns about browser fingerprinting, and we’ve taken it on board to design a programme that meets our legitimate fraud prevention needs while also protecting the personal data of our users.
We aim to limit the data we collect about merchants and payers to what we need to protect the businesses we serve, their customers and GoCardless. We are often dealing with very sophisticated attempts to commit fraud, the impact of which can be devastating to both businesses and individuals, so we do need to ensure we collect the data required to effectively detect and prevent these cases.
This may appear intrusive to the legitimate users of our services, and it is a difficult trade off that we take seriously given the importance of privacy and data protection.
Our programme is designed to ensure that:
Help & resources
About GoCardless
Contact us
Sales Contact sales +44 20 4579 7398
Support Request support +44 20 8338 9540
Seen 'GoCardless LTD' on your bank statement? Learn more
GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.
GoCardless SAS, an affiliate of GoCardless Ltd (company registration number 834 422 180, R.C.S. PARIS), is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services.