In May 2024, the City of Wichita, Kansas — the largest city in the state — was forced to shut down its online payment systems entirely following a ransomware attack. Residents couldn’t pay utility bills online. City staff couldn’t process digital transactions. For days, Wichita reverted to cash-only payments at in-person locations.
Wichita isn’t an outlier. It’s a preview.
Local Governments Are High-Value, Low-Defense Targets
Cybercriminals have made a calculated assessment of the government sector: high value, constrained IT budgets, aging infrastructure, and — critically — services that residents depend on and can’t simply stop using. That combination makes municipalities and utility districts attractive targets.
The numbers are alarming. During the first half of 2025 alone, 208 ransomware attacks hit government agencies worldwide — a 65% increase year over year. According to Sophos, 69% of state and local government organizations were hit by ransomware in 2023 alone, and the attack rate has only accelerated since. And the attacks are becoming more sophisticated, more targeted, and more expensive to recover from.
For local governments, the payment system is a particularly high-value target. It handles sensitive financial data, it’s connected to resident account records, and — if disrupted — it immediately impacts the government’s ability to collect revenue and serve residents.
What Happens When a Payment System Goes Down
The Wichita scenario illustrates the cascading impact of a payment system breach. It’s not just an IT problem. It’s an operational crisis:
- Revenue collection stops. Every day the system is down, payments that would have been made aren’t. Delinquency backlogs build instantly.
- Call center volume spikes. Residents who can’t pay online call. Staff who aren’t equipped to handle the volume get overwhelmed.
- Manual fallback processes create new errors. Cash-only processing without normal systems generates reconciliation problems that take weeks to unwind.
- Public trust erodes. A payment system failure is visible and personal. Residents whose data may have been exposed don’t forget.
- Legal and regulatory exposure increases. Depending on the nature of the breach, PCI compliance violations, notification requirements, and potential litigation follow.
Recovery from a significant ransomware attack costs local governments an average of $2.83 million — and that’s before accounting for the indirect costs of staff time, reputational damage, and resident attrition in fee-based services.
The Enforcement Environment Is Changing
For years, cybersecurity in local government was largely a self-policing matter. Breach notifications were required, but enforcement was light. That is changing rapidly.
The DOJ’s Civil Cyber-Fraud Initiative — launched to hold government contractors and technology vendors accountable for cybersecurity failures — recovered $52 million across nine settlements in FY 2025 alone, more than tripling the prior year’s total, according to the DOJ’s own annual report. While this initiative primarily targets federal contractors, the enforcement posture is signaling a broader shift: cybersecurity negligence is increasingly treated as a legal liability, not just an operational risk.
For local governments, this means that the standard of care for payment system security is rising. “We didn’t know” is becoming a less defensible position when breaches occur in systems that lacked basic protections like encryption, tokenization, and multi-factor authentication.
What Best-in-Class Security Looks Like for Government Payments
Not all payment platforms are built with the same security posture. When evaluating your current system — or a prospective vendor — these are the non-negotiable standards:
- PCI DSS Level 1 compliance — the highest certification level for payment card data security, covering all aspects of data storage, transmission, and processing
- End-to-end encryption on all payment transactions, so cardholder data is never transmitted in plain text
- Tokenization that replaces sensitive card data with non-sensitive tokens, so a breach of your system doesn’t expose usable payment credentials
- 99.98%+ uptime SLA backed by redundant infrastructure — because availability is itself a security property; systems that go down are systems that fail residents
- Zero data breach history — a track record matters; a vendor who has never had a breach has demonstrated the discipline, not just the intent
- Regular third-party security audits and penetration testing to proactively identify vulnerabilities
The Vendor Accountability Question
One of the most important — and most frequently overlooked — questions in government payment security is simple: if something goes wrong, who is responsible?
Many payment vendors operating in the government space are resellers or integrators of underlying payment infrastructure they don’t fully control. When a security incident occurs, accountability gets diffused across the vendor, the underlying processor, and the implementation partner. The local government is left navigating a multi-party dispute while residents are waiting for answers.
A platform built specifically for local government and utilities — with end-to-end ownership of the security stack and a clear contractual accountability structure — eliminates that ambiguity. It also means that security isn’t an afterthought bolted onto a commercial payment product. It’s architected from the ground up for the specific risk environment of public sector payments.
Security Is a Civic Responsibility
There’s a framing shift worth making here. Government payment security isn’t just a technology decision or a budget line item. It’s a civic responsibility.
Residents who pay their utility bill online are trusting their local government with their financial data. That trust is foundational. A government that fails to protect that data — through negligence, outdated infrastructure, or choosing the wrong vendor — isn’t just facing an IT problem. It’s failing a basic obligation to the people it serves.
The question isn’t whether your payment system will be targeted. It’s whether it will hold when it is.
