How a UK University Cut PCI Work by 20% And Strengthened Security

Share article
twitter linkedin medium facebook

We sat down with Jack Davies, a Cyber Security Director at Aberystwyth University, to hear how his small team tackled PCI DSS compliance challenges and how Reflectiz made the process faster, easier, and stress-free.

At Aberystwyth University, with online payments to protect, security and PCI DSS compliance are top priorities. To meet these requirements, they needed a way to monitor and secure payment page scripts while preventing unauthorized changes and other security risks. Before Reflectiz, compliance had been a constant headache—manual investigations, team coordination issues, and hours spent tracking scripts took valuable staff time away from critical security work.

Challenges: Too Many Blind Spots, Too Much Manual Work

Maintaining PCI compliance was far more complicated than it needed to be. Aberystwyth University’s security team was buried in manual processes, scoping payment pages, tracking scripts, and verifying integrity by hand, which took them hours each week. Since key details weren’t always documented, identifying relevant scripts required constant team coordination, and they also struggled to define the right level of monitoring, unsure whether to scan just the final payment page or the entire user journey.

With just two people handling security, investigating one page took an hour—so reviewing five a week could have cost the team 52 workdays a year. Aberystwyth University needed an automated solution to streamline compliance and reduce this heavy manual workload.


Watch the full testimonial video here:


University PCI DSS Solution: A Dedicated PCI Dashbaord

Reflectiz helped identify the necessary scans for PCI compliance. Its agentless monitoring provided continuous oversight without adding to the team’s workload, so instead of spending hours chasing scripts, they gained instant visibility into risks, approvals, and compliance status through a single dashboard. That intuitive dashboard streamlined their script investigations, while audit-ready reports made compliance information easy to share with QSAs and leadership.

Results and Impact: Making PCI DSS Compliance Manageable for Universities

Reflectiz removed manual burdens and made PCI compliance easy for Aberystwyth University’s small team without adding additional resources.

  • Fast, agentless deployment: Setting up Reflectiz was incredibly easy—no installation or maintenance was needed. The university simply provided the in-scope pages and user navigation details, and within minutes, setup was complete. It was fully operational in under a week.
  • Improved web security posture: Before Reflectiz, the security team didn’t realize Google Tag Manager (GTM) was injecting scripts into payment pages, creating a supply chain risk. After Reflectiz flagged this, they worked with the Applications team to remove GTM—originally added for marketing analytics—significantly strengthening security.
  • New procedures to prevent unauthorized scripts: Aberystwyth University implemented a policy ensuring that any new third-party script requests for the corporate website would no longer apply to payment pages—eliminating the risk of “sneaky” script additions in the future.
  • Faster, easier script investigations: Reflectiz’s intuitive dashboard structures script data clearly, making it easy to assess changes in minutes. Investigating one page used to take an hour, so five a week could have cost them 52 workdays a year in unnecessary effort. Automating this process reduced their PCI compliance manual workload by 20%.
  • Time-saving smart approvals: Smart Approvals saved Aberystwyth’s understaffed team valuable time by automating asset reviews and generating AI-powered summaries, making compliance faster and more efficient.
  • Effortless compliance reporting: They can now access audit-ready reports in just a few clicks, so it’s easy to share essential information with QSAs and leadership for smoother audits.
  • Smoother cross-department collaboration: Reflectiz has made it easy for security to present their findings to other teams—showing the Applications team the scan results that identified the misconfigured GTM scripts helped drive a faster fix.

Try Reflectiz PCI Dashboard for 30 days – Free

Subscribe to our newsletter

Stay updated with the latest news, articles, and insights from Reflectiz.

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free