Xcina Case Study

PCI DSS: Breach Remediation for UK-based Travel Company

The client

A UK based travel company providing day trips around London and sightseeing tours to attractions in the South of England.

The work

The company had been taking payment cards to make bookings over the internet and via an internal booking system. The internal booking system was used for telephone bookings and for bookings made via hotel concierges. Following a breach in security, the company had been subject to payment card data theft and subsequent misuse. As a result, the exposure was immediately mitigated and then, with PCI Qualified Security Assessor (QSA) support, the Card Data Environment (CDE) was assessed in line with the Payment Card Industry Data Security Standard (PCI DSS) and compliance formally demonstrated to the card payment brands.

How we helped

The firm processing the company’s card payments insisted that the company become PCI DSS compliant with the support of a QSA. The payment brand defined the company’s reporting level. As a QSA company we undertook a review of the CDE and identified options to reduce its scope, which in turn reduced the PCI DSS reporting overhead. We conducted a gap analysis against the PCI DSS requirements, oversaw the remedial activity and assessed the effectiveness and adequacy of the mitigating actions against the PCI DSS controls. Throughout the process we maintained regular contact with the company’s card transaction processor to report progress and discuss matters arising. Once the remedial activity was satisfactorily completed, we provided the company with a final analysis report.

Value added

We provided the client with PCI DSS knowledge and support to assist them in recovering from a position of security breach to operating as a PCI DSS compliant company.

Industry and sector:


Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>