PCI Security Standards Council®


Day-to-day management of PCI Council operations is guided by a five-member Executive Staff, which reports to the Council's Executive Committee representing the founding payment brands. The Executive Staff directly manages the Council's operational team in the areas of technology, international, financial and communications.

Executive Staff

Stephen W. Orfei
General Manager

As General Manager, Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.

Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He is called on regularly for his expertise by government, law enforcement, industry groups and the media.

Mr. Orfei has testified before the U.S. Congress as a cybersecurity expert, served as a representative of the United States at the G7 Roma Lyon group of world leaders on card crimes, participated in U.S. Presidential Cybersecurity Summits, and has played a leading role in global Acquirer Forums and PCI Community Meetings around the world. Orfei regularly meets with top U.S. government officials from a range of agencies to discuss cybersecurity and provide strategic guidance.

A holder of several payments industry patents and awards, Mr. Orfei’s career spans senior posts at several high-profile companies including MCI International, a global telecommunications corporation, where as Director of International Marketing, he oversaw marketing for international business with direct revenue responsibility for over $400 million. Following his successful 13 years of service at MCI International, Orfei spent 14 years at MasterCard Worldwide, a global payments & technology company as Senior Vice-President Emerging Payment Platforms.

In his role at MasterCard, Orfei managed all aspects of development, implementation, and deployment of emerging payment platforms across Global Products and Services. Among his many achievements, Orfei led the entrepreneurial initiative to design, build and demonstrate (NYC-MTA) the next generation of Automated Fare Collection Systems for the transit industry. The initiative was awarded the prestigious NYU Rubin Center Transportation Industry Innovation Award.

Prior to his leadership of the PCI Security Standards Council, Mr. Orfei served as a security consultant where he led a highly credentialed security team to defend “high value targets” from cyber-attacks.

Orfei is a former U.S. Marine who is active with veteran related charities including the Semper Fi Fund and the Wounded Warrior Project.

Troy Leach
Chief Technology Officer

Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure.

He is a congressional subject matter expert on payment security and the current chairman of the Council's Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.

Jeremy King
International Director

Jeremy King leads the Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.

Mauro Lance
Chief Operating Officer

Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council’s mission of increasing payment card security globally through adoption of the PCI Security Standards.

Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master’s degree in Business Administration from Suffolk University, and a Bachelor’s degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.

Mark Meissner
VP, Public Relations

Mr. Meissner leads the Council’s public relations efforts. In this role, Mr. Meissner works closely with the Council’s leadership team to develop communications strategies that promote the PCI Security Standards and the priority initiatives of the Council globally and with a wide range of stakeholders. Mr. Meissner brings more than two decades of experience in helping Fortune 500 companies, elected officials, trade associations and high profile individuals navigate a myriad of communications challenges in the global marketplace. Over the years Mark has worked with many high-profile clients in engaging with major news organizations such as USA Today, The Washington Post, 60 Minutes, The New York Times, The Wall Street Journal, CNN, and The Times of London.

Before joining the PCI Security Standards Council, Meissner was the Founder and President of MJM Strategies, a strategic communications consulting firm.

Meissner began his career in the world of politics. He honed his political skills working on the staffs of two fellow Hoosiers– U.S. Senator Evan Bayh (D-IN) and U.S. Representative Tim Roemer (D-IN). Meissner served as Campaign Manager for Representative Roemer’s successful 1994 re-election campaign. Mark was a candidate for U.S. Congress in 2002, finishing second among a crowded field of five better known candidates for Indiana’s 2nd Congressional District. His underdog campaign was hailed by the media as “relentless” and “impressive”.

Meissner teaches as an Adjunct Professor at The George Washington University Graduate School of Political Management (GSPM) where he has served on the faculty for more than a decade. Meissner holds a Master’s Degree from The American University and a Bachelor’s Degree from Indiana University.

PCI SSC Executive Committee

Mike Matan (Chairperson)
American Express

Mike Matan is Vice President, Network Capabilities at American Express and is based in New York City. 

Mike leads the strategic and technical development of  network products and capabilities, such as EMV chip-enabled products, tokenization, American Express SafeKey and contactless and mobile NFC payments.  In this role, he also has responsibility for business development and seeking strategic partnerships, which will support the payments network, including ATM management.   

Gina Gobeyn

Gina Gobeyn is a Payment Security professional with over 15 years of information security experience.

Ms. Gobeyn is currently the Director of Payments Security for Discover Financial Services, where she oversees Fraud Prevention and Payment Protection programs for Discover and Diners Club International. Ms. Gobeyn represents Discover on PCI Security Standards Council, LLC as a member of the Executive Committee. Prior to joining Discover, Ms. Gobeyn held Information security positions at the Federal Reserve Bank of Chicago, AON Insurance, and Internet Security Systems (ISS). Ms. Gobeyn has a Bachelor of Science in Business Administration from the University of Illinois – Urbana/Champaign, and is a Certified Information System Security Professional (CISSP).

Lib de Veyra
JCB International

In his role as Vice President of Emerging Technologies for JCB International, Lib de Veyra is responsible for planning JCB's mid- to long-term brand security policy, which includes JCB's data security compliance program and response management to account data compromises with particular emphasis on the U.S. market.

Mr. de Veyra has more than 15 years of business management, operations, brand policy, fraud risk management and security experience in both issuing and acquiring areas of the credit card industry.

Bruce Rutherford

As Group Head of Fraud Management Solutions, Mr. Rutherford is responsible for the product management, development, sales, and implementation of Mastercard fraud management solutions, the evolution and deployment of industry standards including the PCI Standards and Mastercard SecureCode, product management and related operations for Holograms, fraud reporting and associated data analytics, and for risk/fraud training through the Academy of Risk Management. In addition, Mr. Rutherford also represents Mastercard on the executive committee of the PCI Security Standards Council, an industry-standards organization that was formed in September, 2006. He is also a member of the board of directors of Brighterion, Inc., a San Francisco-based artificial intelligence technology software firm whose products are integrated with Mastercard risk product offerings.

Mr. Rutherford's extensive experience in product management and the development and evolution of industry Security Standards gives him unique insight into the challenges and opportunities of deploying emerging technologies to help Mastercard customers and merchants reduce their exposure to fraud and other financial risks.

Mr. Rutherford joined Mastercard in 1997 and has had previous roles within the Mastercard Advanced Payments organization where he managed internet and data security initiatives. His prior experience includes senior management responsibilities associated with the product management and service development of voice telephony initiatives for major telecommunications carriers including AT&T and MCI.

Mr. Rutherford is a graduate of The Pennsylvania State University and holds a Bachelor of Science degree and a Master of Business Administration degree.

Karteek Patel
Visa Inc.

As Senior Vice President of Global Product and Innovation Risk at Visa, Inc., Karteek focuses on the successful ideation, development and implementation of new Visa products and innovation efforts globally, while ensuring the security and safety of the payments ecosystem, and its stakeholders.

Karteek has over 20 years of experience in product management, development and delivery and has contributed to the success of Visa since 2002 in key product areas, including Processing, Commercial, Back Office, Mobile, Loyalty, and Information products and platforms. Additionally, he has been instrumental in developing centralized product development and service support teams for the company.

Karteek is a graduate of Santa Clara University and holds a Bachelor of Science degree in Decision and Information Sciences.

Board of Advisors

The PCI Security Standards Council Board of Advisors is composed of representatives of Participating Organizations. This cross-industry group is chartered to ensure that all voices are heard in the ongoing development of PCI Security Standards, with representation from across the payment chain -- merchants, financial institutions, processors and more -- as well as from around the world.

The 2015-2017 Board Members are posted below and may be contacted at boa@pcisecuritystandards.org

Marie-Christine Vittet

Scott Gregory

Michael Christodoulides

Philip Morton
British Airways PLC

Kathy Orner
Carlson Wagonlit Travel

Pierre Chassigneux
Cartes Bancaires

Juan Garrido
Chase, a division of JPMorgan Chase

Bruno Napolitano
Cielo S.A.

Christian Janoff

Ash Khan
Citigroup Inc.

Phil Agcaoili
Elavon Merchant Services

David Baker
European Card Payment Association

Claude Brun
European Payment Council AISBL

Rodney Farmer
European Payment Service Providers for Merchants (EPSM)

Lara Nwokedi
First Bank of Nigeria

Tim Horton
First Data Merchant Services

John Sutton
Global Payments Inc.

Kimberlee Ann Brannock

Eric Brier

Izdehar Safarini
Middle East Payment Services (MEPS)

Francisco Igual
PayPal Holdings, Inc.

Kelly Funk
Retail Solutions Providers Association (RSPA)

Angel Grant

Todd Aument
Square, Inc

Dave Estlick

Dave Faoro
Verifone Inc

Mike Cook
Wal-Mart Stores Inc

Jeff Monts
Wells Fargo

Tracey Long