Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PP-13009 - Updated PCI 3.2.1 reference to 4.0 #974

Merged
merged 4 commits into from
Aug 21, 2024
Merged

PP-13009 - Updated PCI 3.2.1 reference to 4.0 #974

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9ec1533
Updated PCI 3.2.1 reference to 4.0
NathanD-GDS Aug 15, 2024
90da5f2
Minor changes based on feedbak from QSA
NathanD-GDS Aug 20, 2024
2e1f2c5
Updated some MOTO wording
NathanD-GDS Aug 20, 2024
5b865fb
Fixed a bad link
NathanD-GDS Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion source/moto_payments/index.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ How you turn on MOTO payments on a live account differs depending on whether you

#### Stripe - turn on MOTO payments on a live account

1. Make sure you comply with the [Payment Card Industry Data Security Standards (PCI DSS)](https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss).
1. Make sure you comply with the most recent version of the [Payment Card Industry Data Security Standards (PCI DSS)](https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss).

1. Email [[email protected]](mailto:[email protected]) to confirm you are PCI DSS compliant and would like to take MOTO payments on your account. We’ll email you to let you know we’ve turned on MOTO payments.

Expand Down
9 changes: 5 additions & 4 deletions source/security/index.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,12 +95,13 @@ data must comply with the [Payment Card Industry Data Security
Standards](https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss) (PCI DSS).

GOV.UK Pay is certified as fully compliant as a Level 1 Service Provider with
PCI DSS version 3.2.1. All GOV.UK Pay partners must be compliant with PCI DSS,
and must validate their compliance annually.
PCI DSS version 4.0.

A Qualified Security Assessor will audit GOV.UK Pay against PCI DSS v4.0 in summer 2024. After this audit, we'll update all relevant PCI DSS documentation.
All GOV.UK Pay partners and any services that take MOTO payments through GOV.UK Pay must comply with PCI DSS v4.0 by 31 March 2025.

You may be asked to provide certain information from GOV.UK Pay as part of your own PCI DSS compliance process. Some of this information may not be available until we've completed our PCI DSS v4.0 transition work. This should not affect your ability to comply with PCI DSS v4.0 because there is a recognised transition period.
If your service takes MOTO payments, you should familiarise yourself with the [the changes from PCI DSS v3.2.1 to v4.0](https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v3-2-1-to-v4-0-Summary-of-Changes-r2.pdf).

You may be asked to provide certain information from GOV.UK Pay as part of your own PCI DSS compliance process. You can see our PCI DSS Attestation of Compliance by signing into [the GOV.UK Pay admin tool](https://selfservice.payments.service.gov.uk/my-services) and selecting Attestation of Compliance for PCI in the footer.

### Use your Merchant ID to report PCI DSS compliance

Expand Down
Loading