top of page

Navigating PCI Compliance


Success in Expedia's IT security and compliance refresh


Expedia faced a time-critical challenge in completing a refresh of their agent environment for 3500 agents in 60 offices worldwide in a way that maintained security and didn't compromise PCI compliance requirements. PCI accreditation is a mandatory compliance standard for credit card processors and necessary to conduct business. The existing project to replace the desktop environment was underway but was logistically complex, high-velocity and needed more clarity, vendor coordination, and effective control and governance. 


The problem: 


Expedia found itself grappling with a large-scale refresh with compliance implications in its agent environment. This wasn't just a technology issue—it had a ripple effect, touching every aspect, from its people and the technology they rely on to reputation and revenue streams. The need to adhere with PCI accreditation and, in turn, the impact that would have on processing credit card payments injected a sense of urgency into the situation, making it clear that decisive action was needed to safeguard the core of that business. 



Working with a global team of 3500 agents across 60 offices introduced a fair share of challenges that Karumba had to navigate: 

  • Regional variations: Coordinating activities across different time zones, languages and customs regulations posed a significant challenge. Meetings, updates, and collaboration required careful planning to ensure the participation of teams spread across diverse geographical locations. Communication, documentation, and training needed to be tailored to accommodate language differences. Clear and concise communication became crucial to avoid misunderstandings and ensure everyone was on the same page. 

  • Process variation:  The logistical challenges of the deployment were immense that required coordinating the technology design for each country, maintaining track on each item, each stakeholder in the proces and providing a dashboard of current status required a breakdown of the process into micro steps and adding telemetry to the process to ensure accurate status reporting.Cultural differences: Different offices and regions often have unique working cultures, including working hours/days, public holidays, etc. Karumba had to consider these cultural nuances to foster effective collaboration and avoid potential conflicts. 

  • Diverse regulatory landscapes: Compliance requirements varied across different regions, adding complexity to the project. Karumba navigated these diverse regulatory landscapes to ensure a unified and compliant agent platform. 

  • Vendor coordination: Engaging with vendors and ensuring their understanding of local requirements and constraints required a strategic approach. Vendor management had to consider variations in business practices and legal frameworks. 


Karumba stepped in to provide project management and consulting support to bring the project back on track and instil proper control and governance.

The approach involved: 

  • Clarifying objectives with senior stakeholders. 

  • Building a global project team. 

  • Breaking down and optimising workflow processes. 

  • Embedding workflows and telemetry into tools for better tracking. 

  • Establishing effective communication channels between internal staff and external vendors. 


Karumba's strategic intervention: 

Karumba's entry into the project marked a pivotal turning point in addressing Expedia's urgent need for compliance remediation within their agent environment. Recognising the multifaceted challenges inherent in a global IT security and compliance refresh, Karumba orchestrated a comprehensive approach aimed at restoring order, enhancing governance, and ensuring project success. 


Clarifying objectives with senior stakeholders: 

One of the initial steps taken by Karumba was to engage in a series of strategic discussions with senior stakeholders. The goal was to gain a profound understanding of Expedia's overarching objectives, compliance requirements, and the specific outcomes desired from the technology refresh. This step was crucial in aligning all stakeholders and setting a clear roadmap for the project. 


Building a global project team: 

With a project spanning 60 offices worldwide, Karumba recognised the importance of a cohesive and collaborative team. Working with the local project managers and leveraging internal staff from different global locations, they meticulously crafted a diverse yet unified project team. This approach brought in local expertise and ensured a holistic perspective on the challenges posed by regional variations. 


Optimising workflow processes: 

The existing project, though underway, needed more clarity and efficiency. Karumba thoroughly evaluated the workflow processes, identifying bottlenecks, redundancies, and areas for improvement. They streamlined the workflow through a series of optimisations, enhancing efficiency and ensuring that each step contributed meaningfully to the overall project objectives. 


Embedding workflows into tools for better tracking: 

Karumba embedded optimised workflows into advanced project management tools, recognising the importance of transparent and real-time tracking. This facilitated better progress tracking and provided a centralised platform for stakeholders to access crucial information, monitor milestones, and stay informed throughout the project lifecycle. 


Establishing effective communication channels: 

The success of a project of this magnitude hinged on effective communication channels. Karumba worked meticulously to establish clear and efficient communication pathways between internal staff and external vendors. This involved not only technological solutions but also the creation of standardised communication protocols to ensure a consistent flow of information across the global team. 


Results and benefits: 


  • Enhanced efficiencies and reduced costs: The streamlined workflows and optimised processes improved efficiencies, reducing unnecessary costs associated with delays and inefficiencies. 

  • Unified agent platform implementation: The global project team, with clear objectives and efficient workflows, successfully implemented a unified agent platform, meeting PCI compliance requirements and ensuring a standardised environment across all offices on time and within budget. 

  • Minimised business disruption: Through effective communication channels and strategic planning, Karumba minimised business disruption, ensuring a smooth transition to the new agent environment without negatively impacting Expedia's operations. 

Karumba's intervention not only ensured PCI compliance for Expedia but also delivered benefits, including improved efficiencies and a unified agent platform, demonstrating the value of effective project management and consulting support in the realm of IT security and compliance, especially when faced with the challenges of a global and diverse team. 


As you navigate your own challenges and transformations, consider how Karumba's expertise and bespoke solutions can assist in achieving your business objectives. Contact us to explore how our strategies can empower your organisation's success. 

bottom of page