Breach, Data Security, Incident Response, TDR

PCI Council holds North America community meeting, new GM Orfei speaks

In the wake of major retailer breaches, more than 1,200 payment security experts gathered in Orlando, Fla., last week for the PCI Security Standards Council's annual community meeting.

One of three community meetings to take place this year, the North America event also served as an introduction for the council's new general manager Stephen Orfei. The product development expert, who spent 13 years building products and services for the telecommunications industry, as well as 14 years doing the same at MasterCard, succeeded the council's former GM, Bob Russo, who is set to retire at the end of the year.

Just prior to joining PCI SSC, Orfei served as a consultant in the New York City area for three years, where he shared insight on mobile payment security with clients. At the North America community meeting, which convened from Sept. 9 though Sept. 11, Orfei spoke before the PCI community for the first time in his new role.

Major discussion points entailed ways for retailers to integrate security practices into their day-to-day activities in a “business-as-usual” manner, as well as how they can use new technologies to protect and “devalue” consumer card data, so that it can't be used for fraudulent transactions even if it should fall in the hands of an attacker.

Of note, the meeting also addressed the coming EMV chip migration process set to take place in the U.S. in 2015, which will include major tasks such as upgrading point-of-sale terminals for EMV compatibility. MasterCard and Visa set a deadline of next October, for when fraud liability will shift from banks to merchants that have yet to implement EMV as a security protection.  

In a Thursday interview with, Orfei said that the PCI community appeared to be making “great progress” on the EMV front, and that the technology would “truly deliver on its promise,” to better secure transactions. He also added, however, that the technology wouldn't serve as a silver bullet for payment security.

“EMV chip is a critical layer of security,” Orfei said, but among many the council advocates for payment card safety. “It will allow us to button down the point-of-sale,” he continued.  

“You'll also see that once we deploy EMV in the U.S., fraud will migrate to the card-not-present environments,” Orfei added. Such transactions, often occurring online or via telephone, are appealing to criminals aiming to avoid cardholder verification steps.  

The PCI council's next community meetings will take place in Berlin, Germany on Oct. 7 through Oct. 9, and in Sydney, Australia from Nov. 18 to Nov. 19. In the meantime and going forward, Orfei said that the council's mission will be to continue its mission to educate merchants about payment security, and make sure that PCI SSC becomes a go-to resource for “any and everything that has to do with cardholder security.”

“I want the community to turn to us,” Orfei said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.