GoCardless Recurring Payments Platform
Over 85,000 organisations use GoCardless to automate collecting money from bank accounts via Open Banking and Direct Debit.
In government, our clients include the DVLA, the Cabinet Office and local Councils.
Other customers include Plum, Comic Relief, and Ovo Energy.
Features
- Flexible payments; collect on any day of the month.
- Take subscription payments, variable invoices or one off payments.
- Collect instant payments via open banking.
- Pre-built integrations via partners for simple implementation and operation.
- ISO27001 and ISO22301 certified, FCA regulated.
- Industry leading API, including webhooks and client libraries.
- Real-time notification of failed or cancelled payments.
- Automatically and intelligently retry failed payments, and combat fraud.
- Go-live in as little as two days, with SUN provided.
- Deploy the product to meet your unique use case(s).
Benefits
- Automate processes with pre-built integrations.
- Build your own custom integration with our industry-leading API.
- Fully branded payment flow or customise payment pages/email notifications.
- Less admin: automated payment collection and real-time payment status notifications.
- Save time with automatic renewals: no more chasing repeat payments.
- Improve customer support: instant notifications on payment failures and cancellations.
- Reduce payment failure rates with automatic bank account verification checks.
- Benefit from GoCardless' continued development of anti-fraud solutions
Pricing
£0.85 a transaction
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 4 1 3 2 4 6 7 5 3 4 3 0 9 6
Contact
GoCardless
Public Sector team
Telephone: 020 8338 9537
Email: government@gocardless.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
GoCardless has over 350 integrations with Accounting, Billing and CRM systems, such as Sage, Xero, Salesforce and Zuora.
You can search our partners here: https://gocardless.com/partners - Cloud deployment model
- Private cloud
- Service constraints
- Very occasionally we have planned downtime for important database maintenance. Customers are notified via email well in advance of this. You can also view the status of GoCardless here: https://www.gocardless-status.com/. Uptime for the last year at the time of writing is 99.99% (30th April 2023-30th April 2024).
- System requirements
- Access to the internet via browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our Customer Support team has set SLAs for response times, depending on the customer success package chosen. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document.
We offer support by phone and email; customers on our Premium package have access to priority phone lines and 24/7 support.
GoCardless also offers an award-winning online support centre, which can be accessed below:
https://support.gocardless.com/hc/en-gb. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Our Support Team is based in London and provides phone and email support. Standard support is provided from Monday to Friday 9 am to 6 pm. You can find an overview here https://gocardless.com/solutions/customer-first-support-and-services/ and in our service definition document. Customers on our Premium package have access to priority phone lines and 24/7 support.
GoCardless also offers an award-winning online support centre, which can be accessed below: https://support.gocardless.com/hc/en-gb
GoCardless has won Customer Support awards for its online support services. **“Most Effective Self–Service Initiative” at European Contact Centre & Customer Service Awards * * - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
GoCardless offers the following help to government services get started collected payments:
- Onboarding training following a train-the-trainer model
- Getting started section including tutorials and videos by topic in the GoCardless Support Centre and Knowledge Hub: https://support.gocardless.com and https://hub.gocardless.com/
- Guide to getting started with building an API integration: https://developer.gocardless.com/getting-started - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
-
- Extract customer/mandate data via the 'bulk change' process of migrating your customers' mandates from GoCardless to another Direct Debit provider (free of charge).
- Run and export payment and mandate reports (including dates, amounts and other historic information regarding payments taken, payments attempted, mandates setup and any additional customer information, such as unique reference numbers) in .csv format. - End-of-contract process
-
We offer rolling and fixed-term contracts.
To cancel the contract, simply email your Account Manager, or our Support Team on help@gocardless.com, requesting for your account to be terminated.
The contract will then be cancelled in accordance with its terms, and fees will discontinued as appropriate.
There are no cancellation fees, and no other associated fees with cancelling the service.
We will 'bulk change' / migrate your customers from GoCardless to another Direct Debit provider at the point of service termination for free, if required.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The GoCardless website is responsive to ensure it can be used across all devices.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Dashboard & API
- Accessibility standards
- None or don’t know
- Description of accessibility
- Accessibility considerations are a fundamental part of the design of the GoCardless dashboard. All updates and releases consider accessibility, and we work towards meeting WCAG AA standards in all of our components.
- Accessibility testing
- None at the time of writing. As above, we work towards meeting WCAG AA standards in all of our components.
- API
- Yes
- What users can and can't do using the API
-
The GoCardless API allows you to create a custom integration connected to your existing software, in a way that best meets your unique needs.
To use our API, customers sign up for a GoCardless account and create an access token which provides access to our API.
Requests can then be submitted to our API by providing this access token when sending an HTTP request.
GoCardless provides clear API documentation, pre-built code samples for popular programming languages and a free sandbox testing environment. We also provide onboarding and solutions engineering expertise, as well as free technical support for any questions. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
GoCardless allows you to create a fully customised payment solution. Our modern API enables you to build a custom integration into your existing business systems. This customised solution includes:
1. Customised payment pages
2. Customised notification emails for citizens.
3. Your service or entity name on the end customer's bank statement.
If your needs are for something simpler to operate or faster to deploy, you can instead use the GoCardless hosted payments pages and our notification emails.
Scaling
- Independence of resources
- We apply a rate limit to all API requests, to prevent excessive numbers of simultaneous requests from an individual integrator degrading the API experience for others. Currently, this limit stands at 1000 requests per minute, per merchant. If you are making requests from a partner integration (on behalf of a merchant), the rate limit is 1000 requests per minute per merchant. See rate limiting https://developer.gocardless.com/api-reference/#making-requests-rate-limiting
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
- We use data centres that comply with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Merchant end users can export their payment and mandate creation reports to an Excel file.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We have an SLA for platform availability, with the top level of availability being 99.9%. We provide provide service credits in the result of it not being met, on a sliding scale.
Uptime for the last year at the time of writing is 99.99% (30th April 2023-30th April 2024). - Approach to resilience
- Available on request.
- Outage reporting
-
Updates in live time are available at:
https://www.gocardless-status.com/
Merchants are notified via email in advance for scheduled outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
GoCardless admin users need to be on company VPN and use two-factor authentification;
Infrastructure access is also under VPN and on a per-user basis. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 23/09/2016
- What the ISO/IEC 27001 doesn’t cover
- We can provide the Statement of Applicability that accompanies our ISO 27001 certification, on request.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- ISO22301
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Security work is coordinated by a designated group of managers and specialists which meets quarterly to assess the effectiveness of ongoing internal audits and security risk management. It is formed of individuals from different business functions, the majority being engineering staff. Progress is periodically reported to the Chief Product and Technology Officer. A security performance report is submitted annually to the CEO and the senior management team for review.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Technical changes and their impact on security are evaluated as part of the project scoping and delivery workflow. Mandatory peer reviews of code and technical stability is evaluated through unit and integration testing.
Code and configuration files are managed using Github for version control, shared ownership and code review.
Software changes are integrated continuously including automated evaluation of code quality and running of unit and integration tests.
All urgent security patches are applied immediately and other updates as soon as reasonably practical.
Business and compliance changes are evaluated as part of routine weekly senior management meetings and quarterly Board meetings. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
We use a third party.
GoCardless applies all urgent security patches immediately and applies other updates as soon as reasonably practical. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- In the event of a serious incident, GoCardless will inform affected merchants and partners without undue delay, providing a summary of the extent, expected impact and status of the incident. Details for contacting GoCardless about that incident will be communicated with that information. Status updates will follow at regular, frequent intervals that will be determined during triage of the incident.
- Incident management type
- Undisclosed
- Incident management approach
- A team of experienced site reliability engineers is responsible for responding to technical and security incidents, and they follow a pre-defined process. The duty engineer role rotates weekly and the designated engineer is available to respond 24/7. Additional members of the team, including engineering managers can be contacted in the event of a particularly complex incident. Users can report issues via our normal support channels.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
We are committed to reducing our impact on the environment and to leaving a more sustainable world for future generations. In 2021, we became co-founders of the Tech Zero coalition, a group of businesses committed to taking climate action as part of the UNFCC Race To Zero. Since then, we became signatories of Business Ambition for 1.5°C, committing to set both short-term and long-term emissions reductions in line with the Science Based Target initiative Net Zero standard.
We have launched Sustainability Strategy and Net-Zero action plans. These set out our long-term strategy of not only reducing our impact, but seeking opportunities to create positive change. This also sets out our Science Based Targets for 2027 (short-term target) and 2035 (Net-zero). Our Net-Zero action plan outlines how we plan to reduce our emissions and reach these targets by working with our customers, suppliers, and our employees. We are continuously measuring and reviewing our progress. We are also creating tools to help our business partners to also create sustainability plans.
Pricing
- Price
- £0.85 a transaction
- Discount for educational organisations
- No
- Free trial available
- No