Capita’s managed service has achieved formal PCI DSS Level 1 sign-off and in doing so, achieves another first in card security among the major suppliers to the Local Authority marketplace.

Published: 18/12/2007


Capita is one of the few European organisations to be an active participant within the PCI Security Standards Council, where they are listed as ‘Capita Group plc’ under the ‘Europe’ region.

Over 150 public sector organisations take payments using Capita’s AXIS managed services products (Internet Payments, Touch Tone, Payment Portal, Speech Recognition and SMS Plus). With the heightened focus on card security and security of citizen data in general, these organisations and the 400,000 citizens who regularly use these products to make payments around the clock are assured that their payments are being processed in line with the stringent controls around security that the standard dictates.

With data security breaches in local and central government recently highlighted in the press the PCI DSS standard is currently being welcomed and receiving extensive coverage through various industry forums. The standard covers the major card schemes’ (e.g. Visa and MasterCard) requirements for security management, policies, procedures, network architecture, software design and other critical protective measures, with the aim of assuring customers and service users that data security is maintained to the highest standard.

The card schemes recognise the benefits of a compliant managed service over a site-based solution.  Capita is confident that the AXIS product portfolio remains at the forefront of card security and is committed to ensuring that this position is sustained.

Although the PCI DSS standard purely covers card details, Capita continue to implement the highest data security controls to help protect any citizen data when using the managed service products and processes.


David Lockie, associate director at Capita Public Sector Software commented:
“We are delighted to have attained PCI DSS compliance. This will give our customers added assurance that card payments are fully protected. Capita is committed to ensuring that AXIS products and services have the highest data security controls. With the heightened focus on card fraud and citizen data in general, Capita is constantly looking at ways to improve security. We are in the process of including dynamic passcode for added authentication and also certifying AXIS products in line with the Payment Application Data Security Standard (PA-DSS) which is based on Visa's Payment Application Best Practices (PABP).”

The official compliance Audit was carried out by Trustwave:
“Capita has demonstrated understanding of and adherence to the PCI DSS, satisfying rigorous criteria to achieve compliance, putting their software services portfolio at the forefront of card security,” says Robert J. McCullen, Chairman and CEO of Trustwave. “They have adopted the same level of controls to help protect any other potentially sensitive consumer data when using any of Capita’s managed service products and processes.”