When a Town Council Saves Credit Card Numbers After Swiping the Card
Recently, I paid a bill at my local town council using my credit card. The card was swiped, the transaction was charged, and from a normal citizen’s point of view, that should have been the end of the payment process.
But then I noticed something troubling: the officer was manually entering my credit card numbers into the system.
When I questioned it, the explanation was simple: “That’s how the system works.”
That answer may sound harmless to some people, but from a cybersecurity and policy management perspective, it raises serious concerns. A system design that requires staff to manually enter or save credit card numbers after a successful card transaction is not just a technical inconvenience. It may represent a deeper failure in data governance, payment security, vendor oversight, and institutional accountability.
The situation became even more concerning when the mayor passed by and, reportedly said something along the lines of: if I did not want them to save the numbers, then I should not use the card and should “paga con cash” – basically pay with cash.
That response was not only unprofessional. It showed a worrying attitude toward citizen privacy.
This Is Not Just About One Credit Card
Some may look at this and say, “Well, just pay cash next time.”
But that misses the real issue.
The question is not whether I personally should use cash, card, or online banking. The bigger question is: why is a public institution collecting or saving full credit card numbers in the first place, especially after a card has already been swiped and charged?
In cybersecurity, we follow a basic principle: do not collect or store data you do not need. The more sensitive data an organization collects, the greater the risk. If a system stores full card numbers, that system becomes a more attractive target for misuse, insider abuse, accidental exposure, ransomware, or future data breaches.
The PCI Security Standards Council explains that PCI DSS is intended to protect cardholder data and sensitive authentication data wherever it is processed, stored, or transmitted. PCI guidance also makes clear that, in general, merchants should not store payment card data unless there is a legitimate business need, and that sensitive data from the magnetic stripe or chip must never be stored. So when a public officer says, “That’s how the system works,” the next question should be: who designed the system that way, who approved it, who audits it, and who is accountable for the risk?
Data Security Issue or Policy Failure?
In my view, this is both.
It is a data security issue because credit card information is sensitive financial data. If full card numbers are being entered or stored unnecessarily, that creates a risk. If the system does not mask, encrypt, tokenize, or restrict access to that information, the risk becomes even greater.
But it is also a policy failure because technology does not operate in a vacuum. Systems are approved by people. Processes are accepted by management. Vendors are contracted. Staff are trained, or not trained. Privacy notices are published, or not published. Citizens are informed, or kept unaware.
A system that normalizes the manual entry or storage of credit card numbers suggests possible weaknesses in several areas:
First, there may be weak data minimization practices. The institution may be collecting more data than it needs.
Second, there may be weak vendor governance. If Belize E-Data manages or provides the system, then the town council should be able to explain what data is collected, where it is stored, how long it is retained, who can access it, and whether the system is compliant with payment security requirements.
Third, there may be weak staff training. A frontline employee may simply be following instructions, but staff should still understand that cardholder data is private and should be handled carefully.
Fourth, there may be weak leadership culture. A dismissive response from an elected official tells citizens that privacy is being treated as an inconvenience rather than a right.
The Role of E-Data and Vendor Accountability
If E-Data is indeed the system provider or handler, then this introduces another layer of responsibility.
The town council may be the public-facing institution collecting payments, but the vendor may be involved in designing, hosting, processing, maintaining, or storing the data. That means the issue is no longer limited to the cashier’s desk. It becomes a question of the entire data-processing chain.
A responsible public institution should be able to answer:
Are full credit card numbers stored in the system?
Are they masked so staff cannot view the complete number later?
Are they encrypted?
Are they tokenized?
Who has access to the data?
How long is it retained?
Is the system PCI DSS compliant?
Has there been an independent audit?
Is Belize E-Data acting as a data processor, technology provider, or payment intermediary?
Has the public been informed that their card numbers may be entered or stored?
These are not unreasonable questions. These are basic governance questions.
The Public Has a Right to Know
What concerns me most is not only that this happened to me. It is that many residents may have paid by card without realizing that their credit card numbers were being manually entered or saved into a system.
That raises a public awareness issue.
Citizens should not have to be cybersecurity experts to protect themselves at a payment counter. They should not have to question whether a public office is safely handling their financial information. Trust in public services depends on institutions doing the right thing by default.
In Belize, the Data Protection Act, 2021 establishes legal expectations around the handling of personal data, including safeguards and accountability when personal data is processed.
Financial data connected to an identifiable person should be treated with care, especially when handled by a public body or its technology provider.
The issue is not whether a town council can accept card payments. Of course it can. The issue is whether the payment process is designed in a way that respects security, privacy, and citizen trust.
“Pay Cash Then” Is Not a Privacy Policy
The mayor’s reported response — “paga con cash” — reflects a larger governance problem.
That is not a privacy policy.
That is not a cybersecurity control.
That is not a compliance explanation.
That is not public accountability.
Telling citizens to avoid digital payment if they care about privacy undermines the entire idea of digital government. Public institutions should be encouraging secure digital transactions, not making residents choose between convenience and privacy.
A mature digital public sector does not say, “If you don’t like it, don’t use it.”
A mature digital public sector says, “Thank you for raising this concern. We will review the process, verify the system controls, and ensure citizens’ data is protected.”
That is the difference between defensive administration and responsible governance.
Why This Matters for Belize’s Digital Transformation
Belize is moving toward more digital public services. That is necessary. Citizens expect online payments, digital records, faster processing, and modern service delivery.
But digital transformation without data governance is dangerous.
When institutions digitize poor processes, they do not automatically become efficient. They may simply create faster, larger, and more invisible risks. A paper-based mistake affects one file. A poorly designed digital system can expose thousands of citizens.
This is exactly why cybersecurity and policy management must work together. A technical system may function, but that does not mean it is secure. A policy may exist, but that does not mean it is implemented. A vendor may provide software, but that does not remove accountability from the public institution using it.
As someone with a cybersecurity background and currently pursuing doctoral research focused on policy management, I see this as a textbook example of how weak system design and weak institutional policy can collide.
The question should not be, “Did the payment go through?”
The question should be, “Was the citizen’s data protected before, during, and after the payment?”
What Should Happen Next
The town council should publicly clarify whether full credit card numbers are being stored in its system. If the answer is yes, it should explain why that is necessary.
It should also confirm whether the payment system is PCI DSS compliant, whether card numbers are masked or tokenized, and whether E-Data or any other vendor has access to the information.
There should be a written policy on card payment handling, data retention, access control, and breach notification.
Staff should be trained not only to operate the system, but to understand why citizens may be concerned when sensitive data is being entered or stored.
Finally, public officials should treat privacy concerns seriously. A citizen questioning the handling of financial data is not being difficult. That citizen is raising a valid governance issue.
Final Reflection
This incident may look small: one payment, one credit card, one town council counter.
But small incidents often reveal bigger institutional weaknesses.
If the system requires unnecessary collection of credit card numbers, then it is a data security issue.
If staff cannot explain why the information is needed, then it is a training issue.
If leadership dismisses the concern, then it is a governance issue.
If a vendor designed or manages the system without proper safeguards, then it is a vendor accountability issue.
And if citizens are unaware that their card numbers may be entered or stored, then it is a public policy failure.
Digital government cannot be built on convenience alone. It must be built on trust, transparency, security, and respect for citizens’ data.
Because in 2026, “that’s how the system works” is not a good enough answer.
