New Zealand - e-Commerce PCI (Payment Card Industry) Scope Reduction vendors

Description

Many customers use Waka Kotahi provided online services, which make it easy for them to do what they need to do: customers access better services faster, for lower cost, and can complete their transactions easily in a digital environment.
Some of the online services include card payments, for which, the customer is redirected to a payment provider’s hosted payment page, in order to reduce the NZTA interaction with cardholder data and the number of applicable PCI DSS compliance requirements. NZTA is a PCI DSS compliant merchant, currently assessed under SAQ A-EP.
Our vision is to secure customer payment card data in compliance with PCI DSS, without reducing the current services and by concurrently reducing the PCI DSS compliance for our online channel systems to SAQ A. To enable this, we need a solution that protects the URL redirect to the payment provider’s hosted payment page (HPP) and validates - in real time - the integrity of our web pages leading up to, and including the redirection to the payment provider’s HPP
As a result, both the risk of data compromise and the PCI DSS compliance related activities are reduced, and overall NZTA will provide an improved customer service.

Opportunity closing date

29 October 2020

Value of contract

to be confirmed