PCI Security Standards Council®


Day-to-day management of PCI Council operations is guided by a five-member Executive Staff, which reports to the Council's Executive Committee representing the founding payment brands. The Executive Staff directly manages the Council's operational team in the areas of technology, international, financial and communications.

Executive Staff

Stephen W. Orfei
General Manager

As General Manager Mr. Orfei leads the Council in its mission to educate, empower and protect payment data globally, through development and delivery of standards, best practices, market guidance, alerts, certified solutions and training services for merchants, Qualified Security Assessors (QSAs), financial institutions, and key stakeholders across the global payment eco-system.

Mr. Orfei is a recognized industry expert in global payment platforms, e-commerce, mobile payments, transit and cybersecurity. He brings to this role more than 20 years of experience developing and delivering complex global payment solutions. A holder of several payments industry patents and awards, Orfei’s career spans senior posts at MCI International, a global telecommunications corporation, as Director of International Marketing, with 13 years of service; MasterCard Worldwide, a global payments & technology company, as Senior Vice President Emerging Payment Platforms, with 14 years of service. He has also worked as a cyber security consultant with security assessment companies and served in the military.

As a former Product Officer, with frontline experience defending high-value targets from cyber-attack, Mr. Orfei understands the perspectives of PCI SSC stakeholders across the payment industry. Orfei joined the Council in July 2014.

Troy Leach
Chief Technology Officer

Troy Leach is the Chief Technology Officer for the PCI Security Standards Council. In his role, Mr. Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure.

He is a congressional subject matter expert on payment security and the current chairman of the Council's Standards Committee. Prior to joining the PCI Council, Mr. Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise. Mr. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.

Jeremy King
International Director

Jeremy King leads the Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.

Mauro Lance
Chief Operating Officer

Mauro Lance is the Chief Operating Officer for the PCI Security Standards Council. In this role, Mr. Lance is responsible for the day to day operations, business strategy, investments and growth of the Council. He leads the creation and implementation of programs and world-class processes for certification, assessor quality management and training, critical to the Council's mission of increasing payment card security globally through adoption of the PCI Security Standards.

Most recently, Mr. Lance held leadership positions at the MIT Media Lab and the World Wide Web Consortium, and was a founding director of the Web Foundation. He is a Fulbright Scholar and holds a Master's degree in Business Administration from Suffolk University, and a Bachelor's degree in Business Administration from the Pontificia Universidad Católica de Valparaiso. Mr. Lance has lived and worked in Chile, China, France, and the United States.

John Fitzsimmons
Vice President, Public Relations

John Fitzsimmons is Vice President of Public Relations for the PCI Security Standards Council. In this role, Mr. Fitzsimmons is responsible for growth of the Council, building global awareness of the PCI SSC brand and increasing adoption of PCI Data Security Standards.

Mr. Fitzsimmons' prior responsibilities include executive marketing & communications roles with technology companies in security, cloud and mobile industries. His experience includes work in Canada, China, Europe, Israel, India, Japan and China. John has served as mentor, speaker and competition judge for entrepreneurial groups including MassChallenge and Northeastern University. He also served as an advisor to AccelerateMichigan, a global business competition attracting entrepreneurs and start-ups to Michigan.

John holds a Bachelor of Science in Electronics Engineering Technology and a Bachelor of Arts in English. He also holds a Master of Business Administration degree from Babson College. He lives with his wife and four children in Massachusetts.

PCI SSC Executive Committee

Mike Matan
American Express

Mike Matan is Vice President, Network Capabilities at American Express and is based in New York City. 

Mike leads the strategic and technical development of  network products and capabilities, such as EMV chip-enabled products, tokenization, American Express SafeKey and contactless and mobile NFC payments.  In this role, he also has responsibility for business development and seeking strategic partnerships, which will support the payments network, including ATM management.   

Gina Gobeyn

Lib de Veyra
JCB International

In his role as Vice President of Emerging Technologies for JCB International, Lib de Veyra is responsible for planning JCB's mid- to long-term brand security policy, which includes JCB's data security compliance program and response management to account data compromises with particular emphasis on the U.S. market.

Mr. de Veyra has more than 15 years of business management, operations, brand policy, fraud risk management and security experience in both issuing and acquiring areas of the credit card industry.

Bruce Rutherford

As Group Head of Fraud Management Solutions, Mr. Rutherford is responsible for the product management, development, sales, and implementation of MasterCard fraud management solutions, the evolution and deployment of industry standards including the PCI Standards and MasterCard SecureCode, product management and related operations for Holograms, fraud reporting and associated data analytics, and for risk/fraud training through the Academy of Risk Management. In addition, Mr. Rutherford also represents MasterCard on the executive committee of the PCI Security Standards Council, an industry-standards organization that was formed in September, 2006. He is also a member of the board of directors of Brighterion, Inc., a San Francisco-based artificial intelligence technology software firm whose products are integrated with MasterCard risk product offerings.

Mr. Rutherford's extensive experience in product management and the development and evolution of industry Security Standards gives him unique insight into the challenges and opportunities of deploying emerging technologies to help MasterCard customers and merchants reduce their exposure to fraud and other financial risks.

Mr. Rutherford joined MasterCard in 1997 and has had previous roles within the MasterCard Advanced Payments organization where he managed internet and data security initiatives. His prior experience includes senior management responsibilities associated with the product management and service development of voice telephony initiatives for major telecommunications carriers including AT&T and MCI.

Mr. Rutherford is a graduate of The Pennsylvania State University and holds a Bachelor of Science degree and a Master of Business Administration degree.

Karteek Patel (Chairperson)
Visa Inc.

As Senior Vice President of Global Product and Innovation Risk at Visa, Inc., Karteek focuses on the successful ideation, development and implementation of new Visa products and innovation efforts globally, while ensuring the security and safety of the payments ecosystem, and its stakeholders.

Karteek has over 20 years of experience in product management, development and delivery and has contributed to the success of Visa since 2002 in key product areas, including Processing, Commercial, Back Office, Mobile, Loyalty, and Information products and platforms. Additionally, he has been instrumental in developing centralized product development and service support teams for the company.

Karteek is a graduate of Santa Clara University and holds a Bachelor of Science degree in Decision and Information Sciences.

Board of Advisors

The PCI Security Standards Council Board of Advisors is composed of representatives of Participating Organizations. This cross-industry group is chartered to ensure that all voices are heard in the ongoing development of PCI Security Standards, with representation from across the payment chain -- merchants, financial institutions, processors and more -- as well as from around the world.

The 2015-2017 Board Members are posted below and may be contacted at boa@pcisecuritystandards.org

Marie-Christine Vittet

Scott Gregory

Michael Christodoulides

Philip Morton
British Airways PLC

Kathy Orner
Carlson Wagonlit Travel

Pierre Chassigneux
Cartes Bancaires

Mary Jo Adams
Chase Paymentech, a division of JPMorgan Chase

Henrique Takaki
Cielo S.A.

Christian Janoff

Ash Khan
Citigroup Inc.

Phil Agcaoili
Elavon Merchant Services

David Baker
European Card Payment Association

Claude Brun
European Payment Council AISBL

Rodney Farmer
European Payment Service Providers for Merchants (EPSM)

Lara Nwokedi
First Bank of Nigeria

Tim Horton
First Data Merchant Services

John Sutton
Global Payments Inc.

Kimberlee Ann Brannock

Eric Brier

Izdehar Safarini
Middle East Payment Services (MEPS)

Kevin Glass
PayPal Holdings, Inc.

Kelly Funk
Retail Solutions Providers Association (RSPA)

Rob Sadowski

Mike Dahn
Square, Inc

Dave Estlick

Dave Faoro
Verifone Inc

Mike Cook
Wal-Mart Stores Inc

Jeff Monts
Wells Fargo

Tracey Long

Powered By OneLink