Reducing PCI DSS Compliance Complexity and Risk for The Jockey Club
The Jockey Club is one of the UK’s largest racecourse operators, operating 15 racecourses and directly employing around 650 people. It hosts some of the nation’s most prestigious horse racing events across its racecourses, hospitality venues, and entertainment experiences, while reinvesting profits into British horseracing to support the sport’s long-term growth and sustainability.
Challenge
Operating within a complex environment, the organisation required support to achieve PCI DSS compliance across three merchant acquirers. With limited experience of payment card industry requirements, the bank-provided documentation was complex and difficult to interpret.
The challenge centred on:
- Accurately attesting PCI DSS compliance to each acquiring bank
- Reducing compliance overhead and ongoing operational risk
- Building internal capability to take ownership of future compliance
Solution
CCP supported the engagement by delivering a straightforward, structured approach to certification through a fixed-price, fixed-outcome proposal designed to achieve PCI DSS compliance across each acquiring bank and payment acceptance channel, while also supporting The Jockey Club’s knowledge-transfer objectives.
This included guiding the organisation through a clearly defined compliance journey, using tailored templates to map all card payment use cases and engage effectively with suppliers to determine each provider’s PCI DSS compliance status. A consistent, template-driven approach was also used for supplier engagement, requirement validation, and evidence gathering, helping streamline the process and reduce complexity throughout the certification programme.
Outcome
The project moved from initial scoping through to full mapping of payment use cases, supplier engagement, validation of PCI DSS requirements, and identification of evidence gaps. Documentation was then completed for each payment acceptance channel and acquiring bank, leading to successful certification.
A structured delivery model enabled internal teams to progress work with confidence, supported by clear guidance materials, glossaries, briefing notes, and hands-on coaching from CCP.
The engagement reduced compliance risk and internal effort while strengthening in-house capability. The Jockey Club now has the processes, knowledge, and ownership required to maintain PCI DSS compliance going forward with lower cost, reduced complexity, and minimal ongoing risk.
Mark Carter, Head of Business Services, The Jockey Club“CCP gave us practical advice to support our journey to compliance. The provision of clear, supportive documentation and breaking the project into manageable steps turned what seemed like an insurmountable challenge into a manageable project.“