We Got PCI-DSS Certified — And Lived to Tell the Tale

If you know anything about Nigerians (honestly, Africans everywhere), we don’t play about two things: our people, and our money. We take both very seriously at Cardtonic, too; our people’s money is our money to protect.

Because when you play in the financial industry, you realise pretty quickly: if you’re going to be here for a good time AND a long time, your regulators and your customers need to see that you rate financial security as highly as they do. Probably even more.

So, in case you missed the big news: Cardtonic is officially PCI-DSS Certified!

Before you picture us popping confetti and doing our celebratory high-fives (which we definitely did, by the way!), here’s the real story behind our shiny new certificate.

It started with a list, and not the cute kind. A long, intimidating list of policies, documents, and diagrams that (almost) had us wondering who in the world invented compliance in the first place. Timi, our Operations Manager, took one look and said, “This will be a lot of work.” And Eazy, our Tech Lead, admitted to running on double his usual coffee supply that first week. 

We made sure that this was a hands-on mission for everyone at Cardtonic. Our technical experts dove into the jargon, mapping network flows and making sure every technical requirement was accounted for. We documented policies like firewall policies, access policies, and other key operational guidelines, ensuring every technical and operational rule was formalised.

Our Head of HR helped make sure all the non-technical documents were ready on time — policies, forms, training records — all the boring stuff that’s actually super important for PCI-DSS. Our CEO, ES, kept checking in and chipping in, making sure things moved fast.

(His subtle promise of a ‘little’ end-of-year staycation for the team may or may not have influenced how quickly we wrapped this up, but don’t tell him we said that.)

One night, after a late work call that ran past midnight, Tech Lead Eazy sat back at his work desk, staring into space for ten minutes afterward. In the days that followed, he saw network diagrams showing up unprovoked in his dreams. 

But in between the mountain of documents and a minor existential crisis over network diagrams, we were making visible progress. Bit by bit, we pulled it together. Documents polished, systems reviewed, boxes ticked.

Audit day finally came; it went smoother than we expected. And before the certification was officially issued, the external auditors came around to review our processes, check our documentation, and make sure everything met the global PCI-DSS standards.

Then just like that, on October 16, 2025, we got the official nod. Certified till October 16, 2026!

(This was the first time we submitted documentation for review to get this certification, and the excitement of seeing that we actually nailed it? It was clear!)

Now, why does this matter? PCI-DSS (Payment Card Industry Data Security Standard) isn’t just a fancy certificate to hang on a wall. It’s the global benchmark for keeping cardholder data safe from hackers, fraud, and sloppy operations.

For us at Cardtonic, this is proof that we care about your money and your personal finance information as much as you do. That we take no shortcuts and cut no corners; getting PCI-DSS certified is our way of showing we mean business.

So, here’s to more milestones, fewer sleepless nights, and a future where your money is always in safe hands. Cardtonic is thrilled, proud, and maybe just a little smug — like someone who just got their name engraved on a trophy, and is quietly deciding which corner of their office deserves it most!