Day-to-day management of PCI Council operations is guided by a five-member Executive Staff, which reports to the Council's Executive Committee representing the founding payment brands. The Executive Staff directly manages the Council's operational team in the areas of technology, international, financial and communications.
Stephen W. Orfei
As General Manager Mr. Orfei leads the Council in its mission to educate, empower and protect payment data globally, through development and delivery of standards, best practices, market guidance, alerts, certified solutions and training services for merchants, Qualified Security Assessors (QSAs), financial institutions, and key stakeholders across the global payment eco-system.
Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He brings to this role more than 20 years of experience developing and delivering complex global payment solutions. A holder of several payments industry patents and awards, Orfei’s career spans senior posts at MCI International, a global telecommunications corporation, as Director of International Marketing, with 13 years of service; MasterCard Worldwide, a global payments & technology company, as Senior Vice President Emerging Payment Platforms, with 14 years of service. He has also worked as a cyber security consultant with security assessment companies and served in the military.
As a former Product Officer, with frontline experience defending high-value targets from cyber-attack, Mr. Orfei understands the perspectives of PCI SSC stakeholders across the payment industry. Orfei joined the Council in July 2014.
Chief Technology Officer
Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure.
He is a congressional subject matter expert on payment security and the current chairman of the Council's Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.
Jeremy King leads the Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.
Chief Operating Officer
Mauro Lance is the Chief Operating Officer for the PCI Security Standards Council. In this role, Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council's mission of increasing payment card security globally through adoption of the PCI Security Standards.
Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master's degree in Business Administration from Suffolk University, and a Bachelor's degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.
Vice President, Public Relations
John Fitzsimmons is Vice President of Public Relations for the PCI Security Standards Council. In this role, Mr. Fitzsimmons is responsible for growth of the Council, building global awareness of the PCI SSC brand and increasing adoption of PCI Data Security Standards.
Mr. Fitzsimmons' prior responsibilities include executive marketing & communications roles with technology companies in security, cloud and mobile industries. His experience includes work in Canada, China, Europe, Israel, India, Japan and China. John has served as mentor, speaker and competition judge for entrepreneurial groups including MassChallenge and Northeastern University. He also served as an advisor to AccelerateMichigan, a global business competition attracting entrepreneurs and start-ups to Michigan.
John holds a Bachelor of Science in Electronics Engineering Technology and a Bachelor of Arts in English. He also holds a Master of Business Administration degree from Babson College. He lives with his wife and four children in Massachusetts.
VP Network Capabilities, Global Network Business, American Express
Mike Matan is Vice President, Network Capabilities at American Express and is based in New York City.
Mike leads the strategic and technical development of network products and capabilities, such as EMV chip-enabled products, tokenization, American Express SafeKey and contactless and mobile NFC payments. In this role, he also has responsibility for business development and seeking strategic partnerships, which will support the payments network, including ATM management.
Lib de Veyra
In his role as Vice President of Emerging Technologies for JCB International, Lib de Veyra is responsible for planning JCB's mid- to long-term brand security policy, which includes JCB's data security compliance program and response management to account data compromises with particular emphasis on the U.S. market.
Mr. de Veyra has more than 15 years of business management, operations, brand policy, fraud risk management and security experience in both issuing and acquiring areas of the credit card industry.
Bruce Rutherford (Chairperson)
Bruce Rutherford is Group Head, Fraud Management Solutions. He is responsible for the product management, development, sales, and implementation of MasterCard fraud management solutions, the evolution and deployment of industry standards including the PCI Standards and MasterCard SecureCode, product management and related operations for Holograms, fraud reporting and associated data analytics, and for risk/fraud training through the Academy of Risk Management. In addition, Mr. Rutherford also represents MasterCard on the executive committee of the PCI Security Standards Council, an industry-standards organization that was formed in September, 2006. He is also a member of the board of directors of Brighterion, Inc., a San Francisco-based artificial intelligence technology software firm whose products are integrated with MasterCard risk product offerings.
Mr. Rutherford's extensive experience in product management and the development and evolution of industry Security Standards gives him unique insight into the challenges and opportunities of deploying emerging technologies to help MasterCard customers and merchants reduce their exposure to fraud and other financial risks.
Mr. Rutherford joined MasterCard in 1997 and has had previous roles within the MasterCard Advanced Payments organization where he managed internet and data security initiatives. His prior experience includes senior management responsibilities associated with the product management and service development of voice telephony initiatives for major telecommunications carriers including AT&T and MCI.
Mr. Rutherford is a graduate of The Pennsylvania State University and holds a Bachelor of Science degree and a Master of Business Administration degree.
As Senior Vice President of Global Product and Innovation Risk at Visa, Inc., Karteek focuses on the successful ideation, development and implementation of new Visa products and innovation efforts globally, while ensuring the security and safety of the payments ecosystem, and its stakeholders.
Karteek has over 20 years of experience in product management, development and delivery and has contributed to the success of Visa since 2002 in key product areas, including Processing, Commercial, Back Office, Mobile, Loyalty, and Information products and platforms. Additionally, he has been instrumental in developing centralized product development and service support teams for the company.
Karteek is a graduate of Santa Clara University and holds a Bachelor of Science degree in Decision and Information Sciences.
The PCI Security Standards Council Board of Advisors is composed of representatives of Participating Organizations. This cross-industry group is chartered to ensure that all voices are heard in the ongoing development of PCI Security Standards, with representation from across the payment chain -- merchants, financial institutions, processors and more -- as well as from around the world.
The 2015-2017 Board Members are posted below and may be contacted at email@example.com
British Airways PLC
Carlson Wagonlit Travel
Mary Jo Adams
Chase Paymentech, a division of JPMorgan Chase
Elavon Merchant Services
European Payment Council AISBL
European Payment Service Providers for Merchants (EPSM)
First Bank of Nigeria
First Data Merchant Services
Global Payments Inc.
Kimberlee Ann Brannock
Middle East Payment Services (MEPS)
PayPal Holdings, Inc.
Retail Solutions Providers Association (RSPA)
Wal-Mart Stores Inc