Lastminute.com is the most important online travel agency in the United Kingdom, visited by more than 1,65 million people every week to get flights and hotels all around the world. Over the last year, Lastminute sold more than 750,000 tickets to more than 1,300 destinations across the globe, and it received at least one hotel reservation every 15 minutes. Due to this high online transactional volume, the platform is governed by the most strict level of requirements defined by the Payment Card Industry (PCI), the open global forum established in 2006 responsible for the formulation, management, education and knowledge of the security standards of the credit card industry, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Among other matters, PCI establishes and permanently renews the fraud prevention processes in electronic payments with credit cards. In this sense, in 2012, Lastminute.com faced the challenge of migrating their electronic transactions system without stopping their normal operations, in order to obtain the PCI certification.
With the value of the previous experience working together, in 2012 Lastminute called Edrans to lead the migration process of the components that were part of the scope of PCI to a secure and PCI-certified network. The biggest challenge started in May 2012, when after a detailed planning of each phase, Edrans built the dedicated work team for this project. Phase 1 required an integral process of immersion to know and evaluate each of the applications linked to the payment platform, to understand the intercommunication between each of them to then be able to design an effective firewall policy so the migration wouldn't have any impact in the operations of the company. The entire process demanded an intense work of reverse engineering over a period of 6 months, during which there was a constant dialogue between the different areas so Edrans could understand how they worked and which were their applications and functionalities in order to reach PCI compliance. Why is being PCI compliance important for companies such as Lastminute.com? PCI defines the data security standards for payment applications and the security requirements for operating with credit cards. It was founded by 5 of the biggest financial companies in the world, which agreed in incorporating PCI DSS as one of the technical requirements for each of the compliance programs in the subject of data security. This standard is intended to guard the information about users in order to prevent online fraud.