Governments that process, store, or transmit credit card information must adhere to Payment Card Industry (PCI) Data Security Standard compliance standards (PCI DSS). Being PCI compliant ensures the secure handling of customer payment card data, minimizes the risk of data breaches, and protects customers’ trust. Governments that aren’t compliant may face fines and additional expenses from their merchant services providers or even lose the ability to process payments with certain providers. GFOA has long recommended that governments ensure PCI compliance and have robust policies and procedures in place to evaluate and implement compliance, including conducting an annual PCI compliance review.
- Publication date: April 2025
- Author: Ben Davidson