Reflectiz Helps lastminute.com Just in Time

When lastminute.com got going in London, England, during the late-1990s Internet boom, the concept was revolutionary. As the name suggests, the company introduced the novel idea that people could now spontaneously book travel experiences online, and its runaway success helped popularize and normalize e-commerce across Europe. Fast-forward to today, and the group has evolved from a British start-up into a pan-European leading player in the travel industry, with a presence in over 50 markets and annual revenues of €313.7 million (FY 2024). lastminute.com is committed to delivering personalised, flexible travel experiences that resonate with real customer needs and desires: whether that’s flights, hotels or its speciality – holiday packages – along with a wide range of additional travel services.

Since July 2025, the responsibility for securing its large portfolio of websites has fallen to Director of Platform Security and IT Service Management, Alessandro Gazzoni, who graciously talked to us at Reflectiz as lastminute.com was gearing up for its first PCI DSS 4.0 audit.

The Security Challenge

It was during the preparations to meet requirements 6.4.3 and 11.6.1 that Alessandro and his team realized they needed a better solution. Its script monitoring capabilities were okay, so far as they went, but they were never going to satisfy the requirements for actionable alerting, compliance reporting, evidence generation, and supply-chain governance that the latest PCI standard calls for – “With PCI 4.0 on the way, we needed to implement new controls.”

A Different Approach

For a company like lastminute.com, with multiple sites, shared backend architecture, and thousands of scripts, trying to force websites into compliance by controlling scripts directly through the tool was never going to work. So, Alessandro started looking at a different approach:

Onboarding with Reflectiz

Setting up Reflectiz typically takes just hours, and Alessandro said the team’s experience lived up to that.

“The onboarding was very smooth, and we even had a chance to explore Reflectiz before the official onboarding. We gained visibility, and the tool is easy to use. The hardest part for us was identifying and assigning ownership for each script.”

Why Reflectiz Worked Better

Alessandro settled on Reflectiz after talking to their PCI auditor, who approved it without any caveats. We asked him what he sees as its stand-out features.

How Things Are Going

We were curious to know how the PCI audit went, but it hasn’t concluded yet. That said, Alessandro confirmed that the Reflectiz element has been going smoothly with no issues so far.

We were also keen to hear how much time Reflectiz has saved the team so far, but Alessandro couldn’t say, and for good reason.

“The search for a workable solution took time, so it’s great to see that with Reflectiz we found one and we’re now free to focus on moving forward in advancing our PCI compliance.”

Visibility Improvements

On the question of visibility, Alessandro was on firmer ground.

“Working with Reflectiz allowed a more comprehensive visibility and more streamlined processes.”

Beyond PCI

Wrapping up, we wondered where Alessandro could see Reflectiz supporting lastminute.com next.

Full website monitoring is something the business will be evaluating, too.

“Our security shouldn’t be limited just to the scope of PCI. We want visibility across our entire ecosystem. Benchmarking with similar companies is also interesting. The exposure rating tool is useful.”

Summarizing lastminute.com’s experience of Reflectiz, Alessandro is enthusiastic.

“It gives us visibility, awareness, and most importantly, actionable insights that improve our processes.”