Security

GOV.UK Pay is a secure online payments system.

GOV.UK Pay provides a safe and Payment Card Industry (PCI) compliant platform to process card payments.

PCI compliance

GOV.UK Pay is certified as a level 1 service provider with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2. The PCI DSS provides guidance to help maintain payment security.

More information about PCI compliance is available in our technical documentation

Government security guidelines

GOV.UK Pay supports the government HTTPS security guidelines.

HTTPS protects information from being intercepted by malicious third parties as it travels over the internet. Using HTTPS ensures our connections on GOV.UK Pay are secure.

GOV.UK Pay also supports all the mandatory requirements for Government ICT systems and services.

Testing GOV.UK Pay

The GOV.UK Pay environment is regularly tested by independent suppliers.

This includes:

  • at least one annual IT Health Check
  • Internal and external vulnerability scanning

GOV.UK Pay is independently assessed for its PCI DSS compliance.

Cloud Security Principles

GOV.UK Pay has implemented the Cloud Security Principles.

GOV.UK Service Manual

GDS services follow the standards described in the GOV.UK Service Manual.

The standards describe the best way to build and run a service and include advice about:

  • accessibility and assisted digital
  • agile delivery
  • design
  • technology