PCI certification was just the start
Our association with Travel Tripper started in 2016, when we were conducting a yearly assessment of their CDE and apps for the PCI Certification audit.
However, their engineering team was developing and releasing new features every quarter, which the annual assessment wasn’t accounting for. Audits once a year just wouldn’t be enough.
Around 2018, there were new developments with the PCI standard, too. Now it was mandatory to assess an application every time they introduced a new feature, or changed the app’s code significantly.
In order to maintain certification a single annual audit was out of the question, given the pace of development at Travel Tripper. But that created another issue: conducting multiple assessments purely for PCI certification would rack up a significant cost.