GOV.UK Pay ticks payment card industry’s security box

Written by Rebecca Hill on 3 August 2016 in News
News

The government has announced that its payment system GOV.UK Pay is compliant with the Payment Card Industry Data Security Standard.

Ticking the right boxes: GOV.UK has been approved by the PCI - Photo credit: Flickr, Oliver Tacke

The approval means that the system can be used to process credit and debit card payments on behalf of other government departments and other public sector bodies, with no limit on the number of payments that can be processed.

Detailing the approval, GOV.UK Pay product managers Till Wirth and Rory Smith said that many of the processes required in the standard are already part of the work done in the Government Digital Service.

“In some cases we’ve gone further than PCI requirements,” they wrote in a blogpost. “For example, we’ve encrypted all data within our networks and environments, not just data we send or receive from other parties.”


Related content

GDS seeks £100k a year Government-as-a-Platform chief
The Commercial Imperative


The post also said that the team had worked with the information security arm of GCHQ, CESG, to ensure that its security was right – this goes beyond the standard security requirement, it said.

The team release a new code to GOV.UK Pay – one of the GDS’ flagship Government as a Platform programmes – a couple of times a day, which is small enough to allow those working on it to understand the impact and security implications of the new release.

“Making frequent changes also means we have the experience and tools available to fix any newly identified security vulnerabilities quickly,” the post said.

The GOV.UK Pay systems also logs everything that happens on the platform, which alerts the team of any unexpected events to detect attacks and help develop new features.

However, Wirth and Smith add that having more processes doesn’t necessarily lead to a more secure system, saying that the team is working to ensure there is “just enough process” involved.

The post said that it would like to hear from people in government that want to use GOV.UK Pay.

Share this page

Tags

Add new comment

Related Articles

2017 in review - part one
28 December 2017

The first of a two-part recap of 2017 looks at the biggest stories and most significant developments in the first six months of the year

Regulator urges government to mandate NHS compliance with surveillance camera code
17 January 2018

Commissioner Tony Porter tells PublicTechnology about continued efforts to get the Home Office to recognise the need for a surveillance camera code of practice that applies to NHS and...

Reform digital head on the potential AI backlash and why service design is ‘not just about the citizen’
10 January 2018

PublicTechnology talks to the think tank’s digital and data specialist Eleonora Harwich about how AI could help eradicate disparity in the quality of healthcare and why GDS needs to focus...

Related Sponsored Articles

Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

WATCH: Digital transformation - the key to success or a security risk too far?
13 February 2018

BT brought together some their top security experts and CIOs from well known UK organisations to discuss digital transformation and the impact that it’s having on organisations