GOV.UK Pay is a secure online payments system.
GOV.UK Pay provides a safe and Payment Card Industry (PCI) compliant platform to process card payments.
GOV.UK Pay is certified as a level 1 service provider with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2. The PCI DSS provides guidance to help maintain payment security.
Government security guidelines
GOV.UK Pay supports the government HTTPS security guidelines.
HTTPS protects information from being intercepted by malicious third parties as it travels over the internet. Using HTTPS ensures our connections on GOV.UK Pay are secure.
GOV.UK Pay also supports all the mandatory requirements for Government ICT systems and services.
Testing GOV.UK Pay
The GOV.UK Pay environment is regularly tested by independent suppliers.
- at least one annual IT Health Check
- Internal and external vulnerability scanning
GOV.UK Pay is independently assessed for its PCI DSS compliance.
Cloud Security Principles
GOV.UK Pay has implemented the Cloud Security Principles.
GOV.UK Service Manual
GDS services follow the standards described in the GOV.UK Service Manual.
The standards describe the best way to build and run a service and include advice about:
- accessibility and assisted digital
- agile delivery