Do Governments Need to Maintain PCI Compliance?

This past December, Russian hackers managed to infiltrate a North Carolina County website and demand ransom of $26,000. Sounds like the storyline from a Hollywood movie right? This disturbing trend is becoming an everyday part of reality for municipalities and county governments across the country as these hackers are exposing the vulnerabilities in antiquated government computing systems.

With a lack of resources and funding to ensure proper upkeep being the most common cause, a decaying security plan often leads to costly demands to something that could have been easily protected with an investment in proper firewall protection, updated servers and things as simple as requiring employees to update their passwords. Most of us carry and are very familiar with policies that cover auto insurance, health insurance, home insurance, life insurance and even cell phone insurance. PCI Compliance are the policies put in place to help ensure a business or government agency is doing everything it can to prevent the loss of sensitive customer payment information and credit card data.

The term PCI compliance has become a household name over the past few years as the need for a standard approach to protecting data breaches and fraud have become synonymous with the ability to accept digital currency. Major corporations spend hundreds of thousands of dollars annually to maintain strict protocols that have been recommended by the security council and it’s something the public sector can no longer place as a low-level priority. PCI Compliance takes into consideration multiple factors including hardware compliance, software compliance and general rules and practices utilized by merchants who handle sensitive data. The way you store receipts, the length of time you hold on to credit card data, how you enter credit card information are just a few of the hundreds of questions on how compliance is maintained.

Most local government agencies, however, fall into the lowest category of compliance that requires a simple questionnaire and scan of their systems annually. This scan typically identifies obvious errors or issues and serves as a reminder to make certain sensitive data is being protected. Governments that process a higher volume (1+ million in annual transactions) are often subject to rigorous standards and more comprehensive audits. These third-party audits can take weeks, require multiple vendors to be on site and can cost thousands of dollars.

One of the biggest issues we’ve found is that private sector businesses that utilize a third-party vendor to collect their payments often think that they’re immune to PCI compliance as the processing is outside of their walls. Businesses must still maintain protocols to manage and maintain any data that is shared with those third parties including how that information is transmitted. There are multiple PCI Compliance companies that continue to simplify the process of completing annual questionnaires, quarterly and annual scans and recommendations for weaknesses in your systems. Most credit card processing companies align with a vendor to help simplify the process, but will often allow customers to choose their own vendor.

Any business whether public or private that accepts payments digitally should strive to maintain the highest standard of compliance to not only meet the required standards but to protect the very data that their customers and constituents trust them to maintain. Keeping data safe from an accidental breach, a lost computer or from Russian hackers should be something that every business should make significant efforts to prevent. The time and energy to fix that breach far out ways the investment and making sure you remain compliant.

About Joel Darby

Joel has over a decade of payment processing experience focusing almost exclusively on public sector integration. His expertise in the payments industry helps keep projects both fiscally responsible and PCI compliant.


FivePoint Payments simplifies and modernizes the process of paying government agency fees and fines, making it more efficient for both the payee and the payer. We do this through innovative software applications and hardware solutions that can be integrated with government agencies’ current systems.


Corporate Headquarters
Mailing Address
FivePoint Payments 2221 Peachtree Road NE STE D-205 Atlanta, GA 30309
Contact Us