GOV.UK Pay live assessment report
The report from Government Digital Services' GOV.UK Pay live assessment on 09/02/21
Digital Service Standard assessment report
GOV.UK Pay
From: | Government Digital Service |
Assessment date: | 09/02/21 |
Stage: | Live |
Result: | Met |
Service provider: | Government Digital Service |
Previous assessment reports
- Alpha assessment report: April 2016 - Met
Service description
GOV.UK Pay is a simple way for service teams to take and manage online payments. As part of Government as a Platform (GaaP), this payments platform enables services across the UK public sector to provide reliable, accessible, user-focused online payment journeys quickly and easily.
Already used by over 160 organisations across central government, local government, police and the NHS, for a range of high volume services including Ministry of Justice’s send money to someone in prison service, HM Passport Office application service, NHS Business Services Authority pre-payment certificates for prescriptions and national services for the payment of Blue Badge and Firearms licenses. It currently manages over 19,000 card payments a day, around 600,000 a month and provides 24/7 support to service teams. In 2020, Pay supported 353 services to take over 7.1 million payments from users with a total value of £473 million.
It simplifies, often overly complex, processes for both end users and service teams and reduces the cost of taking payments whilst ensuring a trusted, consistent and inclusive experience.
Pay does the work of integrating with commercial payment providers and adhering to financial and security regulations so that the rest of government can benefit and save money avoiding procurement and integration costs and duplicative work.
Pay can be used by integrating frontend or back office systems with a single API, or by using the admin tool where you can create standalone payment links, manage refunds and access payment reports.
Service users
There are two categories of user:
-
paying users (typically an individual, member of the public who needs to pay for something as part of a wider service journey) referred to as ‘End user’
-
public sector users, typically an individual employed by a public sector organisation who is involved in taking and managing payments across one or many services
Here are some examples of users and their needs:
- project leads in charge of leading the search for a new way to take payments. They need to find and set up a way to take online payments for their service quickly and easily
- developers who need to build and maintain payment integrations with their systems
- case workers and contact centre staff who are involved in processing applications across a service and need to help end users get what they need to meet Service Level Agreements. This might involve reporting on payments and processing refunds
- finance people who need to check and record how much money has been taken or paid in the finance system so that stakeholders can plan future budgets
- people involved in business reporting who need to answer stakeholder questions about income so that stakeholders can plan future budgets
1. Understand user needs
Decision
The service met point 1 of the Standard.
What the team has done well
The panel was impressed that:
- user groups and needs were clearly presented. The team demonstrated how user needs were reviewed and updated to reflect new knowledge about people
- user needs were well categorised into appropriate levels to support the ongoing iteration of the service
- the team demonstrated throughout how user needs drive the team’s work, including the roadmap and strategy
- it was clear how the team made use of user needs to guide their day to day work. For example, mapping needs to features. This is a great technique to evaluate how well the service is meeting user needs
- the team appreciate they still have things to learn about users. For example, the recent work with finance teams
- there was a good understanding of paying users accessibility needs through teaming up with other services for research
What the team needs to explore
Before their next review, the team needs to:
- prioritise research with accessibility users in the public sector. The panel acknowledges recent audits and fixes have improved accessibility, but there is no substitute for working with real users
2. Do ongoing user research
Decision
The service met point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the team presented a thorough and succinct history of the research undertaken thus far. This included what had been focussed on and why
- research findings over the years had clearly helped the team prioritise functionality for users. For example, real time reporting
- the team continued to use historical research to inform and drive their current work
- personas were clear and evidence based, reflecting how people can differ and how their knowledge and understanding of users is evolving
- it was clearly demonstrated how research artefacts were used by the team
- the team were all involved in all aspects of user research from prioritisation and planning to analysis and insights
- a good range of research methods have been utilised to give the team a reliable evidence base
- examples were presented of how the service has recently been improved for users. For example, the support model for paying users
- there is a well thought out research plan going forward and enough people to deliver it
What the team needs to explore
Before their live review, the team needs to:
- demonstrate how user research and performance analytics are working together to understand how the service is working for users. The working relationship between the two professions was unclear
3. Have a multidisciplinary team
Decision
The service met point 3 of the Standard.
What the team has done well
The panel was impressed that:
- there is a good sized multidisciplinary team in place
- the team has been structured thoughtfully and effective changes have been made to support developments of the service
- there is a strong understanding of how the team might need to change to support the future of the service and a willingness to make these changes
- recruitment has been done to fill key vacancies in the team and new team members onboarded effectively
What the team needs to explore
Before the next review, the team needs to:
- continue to build strong links between user research and performance analytics and ensure the role of content designer is more deeply embedded in the team
4. Use agile methods
Decision
The service met point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team are using agile methods and spoke about using ways of working that have been thoughtfully combined to best meet the needs of the team
- the team are clearly able to communicate and collaborate effectively and have experimented with their ways of working to ensure they are still working for the team
5. Iterate and improve frequently
Decision
The service met point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the service team demonstrated clear examples of where they have made changes and what the outcome was
- when changes are made to the service, they consider how they will track that change with the performance analyst. The analyst provides feedback and insights on any upcoming changes
- the panel were pleased to hear that the team plan to continue to iterate and improve their service regularly as they progress into Live
6. Evaluate tools and systems
Decision
The service met point 6 of the Standard.
What the team has done well
The panel was impressed that:
- the team has invested time in, and continues to use well established tools to deliver the system
7. Understand security and privacy issues
Decision
The service met point 7 of the Standard.
What the team has done well
The panel was impressed that:
- the team understands the requirements imposed by PCI-DSS and the importance to merchants using the system
- the team understands the obligation on them in terms of being a Level 1 Service Provider under PCI-DSS
- the team understands the importance of GDPR legislation and their obligations under it.
- the team maintains engagement with a Qualified Security Assessor, QSA, certified by the PCI Standards Council
What the team needs to explore
Before their next review, the team needs to:
- seek to engage more visibly with a security advisor, who can advise on a more ongoing basis, applicable developing threats
- engage to a greater degree with the QSA to ensure ongoing compliance as PCI-DSS changes to V4
8. Make all new source code open
Decision
The service met point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the team continues to store code as appropriate on GitHub
9. Use open standards and common platforms
Decision
The service met point 9 of the Standard.
What the team has done well
The panel was impressed that:
- the team continues to use open platforms to develop and maintain the platform
10. Test the end-to-end service
Decision
The service met point 10 of the Standard.
What the team has done well
The panel was impressed that:
- the team understands the importance of the service to merchants and citizens and how it can be impactful on each
What the team needs to explore
Before their next review, the team needs to:
- explore how the service can display its operational status to users making a payment so a user does not attempt a payment that would knowingly fail
11. Make a plan for being offline
Decision
The service met point 11 of the Standard.
What the team has done well
The panel was impressed that:
- the team has plans for being offline and move the service to an alternate location if required
What the team needs to explore
Before their next review, the team needs to:
- explore how the service status can be better communicated to users
- explore the possibility of shortening the down time that may materialise in the event of moving the service
12. Make sure users succeed first time
Decision
The service met point 12 of the Standard.
What the team has done well
The panel was impressed that:
- there is good documentation recorded on design iterations, why decisions were made and other aspects to the changes they are making
- there is a good focus on accessibility with an up to date accessibility statement, a fairly recent audit and that all user needs are considered in the design process. The service team has used their accessibility lab and other tools effectively
What the team needs to explore
Before their live review, the team needs to:
- consider making the design history more visible to users outside of the service team and potentially outside of the Cabinet Office so other departments can learn from your findings and experiences
- the service team did verbally explain the learn cycles they take when making service improvements but it would have been better to see a visual diagram of that cycle
13. Make the user experience consistent with GOV.UK
Decision
The service met point 13 of the Standard.
What the team has done well
The panel was impressed that:
- the service team is actively keeping the service up to date using new components such as the notification banner. They are making sure when they implement changes they still undertake user research and consider accessibility
- the interaction and service design is consistent with GOV.UK styling, no issues identified
What the team needs to explore
Before their next review, the team needs to:
- look at embedding the content designer more into the service delivery team. According to the service team there is a backlog of content amends that need to be made so it would be recommended that the service team focus on this area and in their next review show how that backlog has changed
14. Encourage everyone to use the digital service
Decision
The service met point 14 of the Standard.
What the team has done well
The panel was impressed that:
- the team have done a lot of work to enable teams across central and local government taking payment to use this service and to help those services allow citizens to make payments
- the team have shared their roadmap and other possible ways of payment they could introduce in future and have a clear idea of what they will tackle next
- they have conducted research and understand blockers to using their service and have explored how they will prioritise introducing these new features to enable more teams to use Pay
15. Collect performance data
Decision
The service met point 15 of the Standard.
What the team has done well
The panel was impressed that:
- the team have a range of different data sources available and demonstrated which metrics are collected against each data source
- the performance analyst discussed future data collection and insight plans. This included looking to understand the ‘time from test payment link to create live payment link’ metric to help improve the journey, (as identified in the performance framework)
What the team needs to explore
Before their next review, the team needs to:
- review how the customer satisfaction score works. Instead of a single metric, this is derived on an ad-hoc basis from the client engagement teams, Feedex analysis and other qualitative methods. We recommend looking into the potential to survey existing users, (through one-off or regular surveys), to help generate the single metric that all services are required to collect
16. Identify performance indicators
Decision
The service met point 16 of the Standard.
What the team has done well
The panel was impressed that:
- the team developed their KPIs through the ‘North Star’ framework with the performance analyst using this to develop the teams performance framework which details the metrics and data sources associated with these KPIs
- in reviewing the teams KPIs since the last assessment, the performance analyst has detailed ‘how’ these are made up using the appropriate data sources and metric calculations. The ‘Churn’ metric was a good example of this and shows the team are spending significant time to ensure their KPIs are available and appropriate
- we saw examples of how performance measures were being integrated into design changes and to some extent inform/validate user needs. The performance analyst also shared how they attend and contribute towards weekly planning/sprint sessions. In these meetings the OKRs are discussed to see if any significant changes have occurred and to see if they are on track to meet their targets
What the team needs to explore
Before their next review, the team needs to:
- identify how the performance framework and personas can be more closely aligned. Currently, this is structured to map against the different teams within Pay, (as are the North Star KPI’s). In the next framework review session the analytics assessor recommends mapping these against the different users defined in the User Research part of the presentation in order to help improve the teams understanding of user needs and identify areas for improvement
17. Report performance data on the Performance Platform
Decision
The service met point 17 of the Standard.
What the team has done well
The panel was impressed that:
- the team have a performance platform set up, this is updated regularly
What the team needs to explore
Before their next review, the team needs to:
- review the data on the performance platform and migrate only the most robust metrics to data.gov.uk as the performance platform is decommissioned
18. Test with the minister
Decision
The service met point 18 of the Standard.