A cloud-native PCI compliance leader with embedded CCaaS partnerships and newly achieved profitability—yet valued like a no-growth micro-cap, creating asymmetric upside if execution continues.
Overview
PCI-PAL PLC (PCIP.L) is a UK-headquartered, AIM-listed pure-play SaaS provider focused on securing payment card data in business communications (contact centers and customer engagement hubs). Its cloud-native platform, hosted on AWS, enables enterprises to achieve PCI DSS compliance by “descoping” their environments—ensuring sensitive cardholder data (PAN/SAD) does not enter internal networks, reducing breach exposure and simplifying audits. The company serves 700+ customers across EMEA, North America, and ANZ, and monetizes primarily through recurring subscriptions (91% of FY2025 revenue), providing strong visibility. The product suite includes Key to Pay (DTMF masking for voice), Speak to Pay (AI speech recognition-based capture without agent exposure), and Click to Pay (secure payment links for digital channels). In late 2025, PCI Pal broadened its strategy with Fraud Screen—an AI-powered real-time fraud risk scoring tool—signaling a shift toward a multi-product “secure engagement platform.” Distribution is partner-first, with deep integrations and reseller motions through major CCaaS/UCaaS vendors such as Zoom, RingCentral, Genesys, Salesforce, and 8x8; in FY2025, partners contributed ~82% of new contracts and ~68% of new business value. FY2025 was a milestone: revenue grew 25% to £22.48m and the company delivered its first full-year adjusted profit before tax (£0.81m), while maintaining ~90% gross margins and strong retention (GRR 95%, NRR 104%).