Stephen W. Orfei, general manager, PCI Security Standards Council
Stephen W. Orfei is the incoming general manager of the PCI Security Standards Council. He succeeds the council's first general manager, Bob Russo, who will retire at the end of 2014.
Orfei has decades of experience in payment technology, including 13 years in telecom with MCI International as director of international business marketing, and14 years in payments with MasterCard Worldwide, the last three as senior vice president of emerging payments platform, advanced technology.
Earlier this month, Orfei applauded President Obama's executive order requiring federal agencies to adopt EMV (chip and PIN) technology for government payment cards and for point-of-sale terminals at federal facilities.
In a statement, Orfei called EMV a "critical layer in any payment security strategy," but added that, "it is not by itself a silver bullet for data protection," since it does not stop malware or card-not-present attacks.
Orfei recently spoke with CSO about his goals for the council and about better security practices for the payment card industry.
CSO: In your view, what in your background and experience is the most important qualification for this post; and what drew you to PCI SSC?
Orfei: I was drawn to this position for one simple reason: The council is leading a critical fight we are taking on the hackers who have taken aim at our way of life and at our financial system. We are the good guys, fighting the good fight. I'm honored and humbled to lead this global cross-industry coalition in tackling the challenges of payment security.
My background and experience has had me on the front lines with merchants, technology companies and financial institutions. I am passionate about technology, payments and security, and I will be tireless in my efforts to fight this fight.
CSO: What are your short- and long-term goals while in this position?
Orfei: I have three: First, my vision for the council is to be a "Center of Excellence." We need to expand our focus on standards and become a trusted source for payment security matters. We'll provide subject matter expertise, best practices, security standards, vetted solutions, laboratory testing, training and education. We're moving in this direction with forthcoming studies on tokenization, mobile and cloud technologies that are crucial to the future of payment security.
Second, I would like to see us improve our collaboration across industries and sectors. No single organization can ensure payment security on its own. We need to work together with merchants, acquirers, financial institutions and law enforcement.
Third, I want to expand our geographic reach. Payment security is a global problem requiring global solutions. That's why I'm particularly excited about our upcoming meeting in Asia-Pacific, and we plan to have our first face-to-face meetings in the Middle East region next year.
Sign up for CIO Asia eNewsletters.