Skip to content
Breadcrumb
Resources
SEPA

Online payment pages

Rob Keating
Written by

Last editedApr 20234 min read

This practical guide will help you with the compliance requirements for offering SEPA Direct Debit on your website.

The organisation responsible for the oversight of SEPA Direct Debit, the European Payments Council (EPC), states in a clarification letter that a "mandate may be an electronic document". This practical guide will help you with compliance requirements to create this electronic document and offer online SEPA Direct Debit on your website.

To create fully compliant payment pages for your customers, you will need to:

  1. Serve your payment pages over HTTPS

  2. Collect the First Name, Last Name, Account Holder Name, Address and IBAN or local bank details

  3. Make sure your customers are aware that payments are powered by GoCardless in the footer of the page.

  4. Display the SEPA Direct Debit electronic mandate before submission

  5. Agree to a timeline for pre-notification

  6. Give the Unique Mandate Reference to the payer

The GoCardless payment pages are used as an example throughout this guide. You can view them in their entirety here.

1. Serve your payment pages over HTTPS

Why? Ensures customer details are transmitted securely

How? Configure your website to only accept secure (SSL) connections

guides > images > ssl

2. Collect the First Name, Last Name, Account Holder Name, Address, and IBAN or local details

Why? This is the minimum information required to set up a SEPA Direct Debit

How? Collect this information on a payment page

The Account Holder Name can be different from the payer’s name (for example in a B2B transaction) but you may suggest the concatenated First Name and Last Name.

If local details are collected they must be used to derive the customer's IBAN, and for cross-border Direct Debit collections the customer's BIC must also be collected or derived (until November 2016).

It is recommended you collect the full address, but you may collect just their city or post-code.

Optionally, you may also want to collect the customer's email and address as there are notification requirements before payment is taken under a SEPA Direct Debit.

Collecting SEPA payments outside of EEA SEPA Countries?

There are 6 non-EEA SEPA countries: Andorra, Monaco, San Marino, Switzerland, the United Kingdom, and Vatican City. If your business is collecting from of these countries it is a requirement to collect the following:

  • Full street address of the payer including street name, city, and postcode

  • BIC code of payer’s bank

How to collect SEPA Direct Debit payments with GoCardless

1.

Create your free GoCardless account, access your user-friendly payments dashboard & connect your accounting software (if you use one).

2.

Easily set up & schedule SEPA Direct Debit payments via payment pages on your website checkout or secure payment links.

3.

From now on you'll get paid on time, every time, as GoCardless automatically collects payment on the scheduled date. Simple.

Get started in minutesLearn more

Why? To comply with data protection law, you must let your customers know about third-party data controllers that power your website.

How? You can do this by displaying the text below in your page footer:

Payments by GoCardless. Read the GoCardless privacy notice

Without that upfront notice, we could both be violating the law. (Read more here)

If that’s not technically possible, at a minimum you should include a reference to GoCardless in your website privacy notice. That text should be:

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/

If you are a GoCardless partner, you must include the ‘Payments by’ notice set out above on your payment pages, or, at a minimum, enable the merchant to provide a link to their privacy notice at the detail intake stage.

4. Display the SEPA Direct Debit electronic mandate before submission

Why? Confirm the payer’s approval of the mandate

How? Display a compliant electronic mandate before the form is submitted

You must show the customer an electronic mandate for approval. The formatting of the mandate is at your discretion, but you must include the following fields:

  • The heading: “SEPA Direct Debit Mandate

  • Your creditor information: Creditor Identifier, Name, Address

  • The customer information: Account Holder Name, Address, IBAN

  • SEPA information: Unique Mandate Reference placeholder (to be generated after SEPA-confirmation-reference), Date of signing

The following legal text must also be included in the mandate and must not be changed (except for the input of the creditor name):

“By signing this mandate form, you authorise (A) (NAME OF CREDITOR) to send instructions to your bank to debit your account and (B) your bank to debit your account in accordance with the instruction from (NAME OF CREDITOR).

As part of your rights, you are entitled to a refund from your bank under the terms and conditions of your agreement with your bank. A refund must be claimed within 8 weeks starting from the date on which your account was debited. Your rights are explained in a statement that you can obtain from your bank.”

You can see a compliant electronic mandate confirmation page below:

guides > images > sepa-econfirmation-page-new

Once a customer has confirmed the electronic mandate, you should create a timestamp of the transaction, as well as store their IP address or a log of the transaction.

If your website is in English, you may keep it as your default language. If you need to translate to another language, you must use the official translation to European languages available on the European Payments Council website.

5. Agree to a timeline for pre-notification

Why? Define the timeline required to send a pre-notification to your customer before upcoming charges

How? Include the statement below on the mandate page

Pre-notifications are meant to ensure the client is aware of the payment and has funds in his/her bank account. You can agree a pre-notification period with your customer, but it must be no longer than 14 days before the payment. Best practice is to send pre-notifications three days before.

For example, you could include the following statement on your confirmation screen: “By confirming, you are agreeing to be pre-notified X calendar days before a charge.”

6. Give the Unique Mandate Reference to the payer

Why? This reference will always appear on a customer’s bank statement and will help them identify a mandate.

How? Option 1: On a payment confirmation screen:

guides > images > sepa-confirmation-reference

Best practice is to also add a link to a PDF copy of the mandate in the appropriate language.

How? Option 2: Include the reference in the confirmation email:

guides > images > sepa-reference-new

Best practice is to include the following information in your confirmation email:

  • Your contact details

  • A PDF copy of the mandate or a link to retrieve the PDF mandate

guides > images > sepa-mandate-new

SEPA Direct Debit and GoCardless

GoCardless is an end-to-end SEPA Direct Debit provider and can completely handle SEPA compliance on your behalf, or guide you through your own custom integration.

GoCardless offers off-the-shelf payment pages that:

  • are fully scheme rules compliant

  • allow payers to enter local details, rather than their IBAN

  • have been translated into six different languages (and automatically detect your customer's language)

  • can be customised with your business name and logo

Alternatively, if you want to design and host your own payment pages you can use the GoCardless Pro API to do so, and your Account Executive will support you during your implementation of the SEPA compliance guidelines.

Easily collect payments from your European customers without the need for complicated legal and financial paperwork. Save time and stress as GoCardless makes getting paid from Europe super-simple and hassle-free.

Sign UpLearn More

PreviousSEPA Direct Debit failures, chargebacks and notifications

All Categories

PaymentsCash flowOpen BankingFinanceEnterpriseAccountingGoCardlessTechnology
Interested in automating the way you get paid? GoCardless can help
Interested in automating the way you get paid? GoCardless can help

Interested in automating the way you get paid? GoCardless can help

Contact sales