This article gives answers to common queries relating to setting up your GoCardless account and getting verified.
Please note: All merchants using GoCardless must complete all verification checks before payouts can be processed.
- Why do you need to conduct a verification process?
- How do you verify businesses?
- What will the information I provide be used for?
- What if I’m unable to provide the information required?
- Why does the information you request include personal information rather than only business information?
- Can I speak to someone from the Account Verification team?
- How long will you keep the information I provide for verification purposes?
- Are there any restrictions on the documents I can provide?
- Can I use the same document for multiple verification checks?
- How long will it take to verify my account?
- How do you ensure the information I provide is stored and handled securely?
- I’m not sure where/how to obtain some of the information you’ve requested. What should I do?
- Can I move my existing Direct Debit customers over to GoCardless?
We are required under the Financial Conduct Authority (FCA) and the Autorité de contrôle prudentiel et de résolution (ACPR) regulations to verify the individuals/businesses we are collecting on behalf of and subsequently paying out these funds to, in accordance with strict fraud and anti money laundering regulations.
As a regulated payment processing company, we are required to verify the individuals/businesses who use our services. This will always involve verifying at least one individual's identity.
We aim to verify businesses electronically using the information you provide in the online setup form. However, in some instances we may need additional documentation to do this. We will let you know via email if this is the case.
Unfortunately, we are not currently able to offer automated verification checks across all countries. We are working towards offering this for all GoCardless users in the future.
Information that you provide during the verification process will be used solely for the purposes of verifying your identity, business and bank account.
We will only share this information with third party services, as outlined in our Merchant Agreement, in order to complete the checks outlined above.
We are required to collect information necessary to verify all individuals and businesses using GoCardless, in accordance with our regulatory requirements and agreements with our sponsor banks.
Unfortunately, if you are unable to complete the required checks, you will not be able to use GoCardless for the purpose of collecting payments from your customers.
As part of the strict regulatory requirements we must adhere to as a regulated payments service, we must conduct checks on the individual (or individuals) using GoCardless to collect payments, alongside the necessary business checks.
We are required to collect this information as part of our Know Your Customer (KYC) checks and as such, may be required to request evidence of your identity, as well as business information, as part of the verification process.
Our Account Verification team are not available via phone - all correspondence is conducted via email to ensure we have an auditable paper trail of the checks we’ve conducted, as well as a record of the communication between both parties.
We apologise for any inconvenience this may cause. However, we endeavour to respond to all queries as soon as possible.
If you do have an issue you’d like to raise, please contact our Account Verification team.
GoCardless operates a formal, GDPR-compliant data retention and deletion programme. It includes a documented data retention and deletion standard, with a defined retention period set for each data category we hold based upon:
- The relationship under which we obtained the data and the type of data subject
- The category of data
- The documented purpose of the processing
We apply our retention protocols across the business and monitor for compliance.
Actual retention periods will vary depending on various circumstances. For example, we are required to retain personal data relating to individuals we conduct anti-money laundering checks on (such as directors of businesses that sign up to use our service) for a number of years under the relevant anti-money laundering rules in the countries where we operate.
We need to keep data related to payment transactions so that we can process chargeback/indemnity claims under the payment systems that govern our services (for example, UK Direct Debit).
We request that all information is provided in the form of a clear colour photo of each document. We have previously experienced high failure rates with scanned documents, whereas colour photos come through much clearer.
Photos of your documents must be:
Unfortunately, you are not able to use the same document for multiple verification checks (e.g. to verify your identity and address).
We are required under the Financial Conduct Authority (FCA) and The Autorité de contrôle prudentiel et de résolution (ACPR) regulations to verify an individual’s details via two independent sources.
We kindly request that you upload clear colour photos of separate documents to help us verify this information.
Where we can, we endeavour to verify your details automatically, however we may require additional documents to help us complete this check. If we require this information, our Account Verification team will contact you directly via email requesting this.
Please note: We do not currently offer the option to make a verification payment in all countries. We are working towards streamlining this process, however whilst we do so, our process requires a number of manual steps. We apologise for any inconvenience caused.
At GoCardless, security and privacy is vital to our business. We have dedicated security and privacy teams who manage and coordinate the following programmes across the business, achieving privacy and security in practice and by design:
- Policies, communications and training help ensure employees know how to meet their privacy and security obligations.
- Privacy and security by design protocols help us make sure our applications, services and systems are designed with strong controls built in.
- Reviews and contracts hold our suppliers to the same standards.
- Our programmes are monitored, measured and reported to senior leadership for accountability.
GoCardless has been ISO 27001-certified since 2016, and maintains high security standards with routine independent audits. Our security framework includes strong encryption to protect customer data in transit and at rest, security operations and incident response protocols to monitor and manage events, and physical security to help maintain integrity and resilience.
Our privacy programme is overseen by a formally appointed data protection officer and built to the European GDPR data protection standard to ensure a high level of privacy for customer data around the world.
Documents that we require in order to verify your information should be easily obtained. These documents typically include:
- Government issues ID (e.g. passport or driving licence)
- Official proof of address (e.g. utility bill)
- Banking document (e.g. statement)
- Documents outlining shareholder information
If you require further assistance with acquiring supporting documents to verify your business information, please raise a ticket and our Account Verification team will be happy to help.
If you’re already charging your customers via another Direct Debit provider, we may be able to move your existing customers’ mandates over to GoCardless for you.
If you would like to migrate your customer’s mandates over to GoCardless, please raise a ticket and include the following information:
- Your current Direct Debit provider
- Number of active mandates
- Average transaction size
- Payment frequency (e.g. monthly/annual)
- If you have valid email addresses for all customers
Please note: This request is taken on a case-by-case basis and it is not guaranteed that GoCardless can move your existing mandates over from a previous provider.