RIU

RIU Hotels & Resorts is a hotel chain that was born more than 60 years ago with a small hotel in Playa de Palma de Mallorca, Spain. It currently has more than 100 hotels in 20 countries, where its main objective is the well-being of its guests and to offer the best possible service.

PCI DSS regulation as a lever for security and change

Many companies turn to external consultants and auditors to achieve compliance with the mandatory PCI DSS (Payment Card Industry Data Security Standard) as the vast majority of them accept, process or transmit credit or debit card data. However, during the process they encounter many difficulties in complying with this standard, and failure to comply leads to a number of problems for companies and their customers, such as fines in case of fraud, loss of customer confidence or bad reputation, legal problems, inability to accept payment cards, which has a direct impact on the continuity of service and sales.

The importance of complying with PCI DSS regulations

The RIU hotel chain had a challenge and that was to achieve compliance with all the requirements of this regulation in 100% of its flows and lines of business, since up to that moment they knew that they were not fully compliant, but they were aware that they needed help, auditing, support and training to achieve this important certification, the same one demanded by all their interlocutors: banks, payment methods, among others.

“That’s why we contacted A2SECURE as a QSA certified company to provide the right advice and training to carry out the audit with the maximum guarantees,” says Joan Manuel Orta Albalate, Chief Information Security Officer of RIU Hotels & Resorts.

The impact of this strategic alliance was at all levels, analyzing the company’s data flows in a transversal way, providing flexible solutions, giving them options to reduce risks and adapting their structure to the requirements of the PCI DSS regulations in an easy, dynamic and simple way.

Focused on risk reduction and safety for our customers

After several months of analysis and constant auditing, with absolute availability on both sides, training and monitoring of all personnel involved, the objective was achieved and RIU Hotels & Resorts now has PCI DSS certification.

It has also managed to minimize the risk of fraud through the use of payment cards, increasing customer confidence and improving the security climate throughout the company.

“The work carried out together with A2SECURE has been a success, thanks to the transparency, flexibility and communication between the employees of both companies; we have been able to comply with more than 300 requirements of the PCI DSS regulation and we have managed to implement it as our own in all our technological flows and processes. In short, A2SECURE has been an extension of our security department,” says Joan Manuel Orta.

Due to the excellent development of this project, they continue to collaborate in the implementation of other regulatory compliances such as SWIFT, and the PCI DSS certification audit.