Bob Russo, general manager of the PCI Security Standards Council, announced his retirement at the end of 2014. He will be replaced by Stephen Orfei.
Orfei brings a background in payment technology and innovation, and perhaps most critically, frontline experience defending targets from cyber attacks. He holds several payments industry patents and awards and enjoyed senior posts at Arsenal Security Group and MasterCard.
His appointment was the result of a nine-month search.
"The council is excited to welcome Steve and to work with him to lead our organization into its next chapter," said Lib de Veyra, VP, emerging technologies, JCB International and chairperson, PCI Security Standards Council. "As new payment technologies evolve, the council is looking ahead to ensure our standards, solutions and services continue to help organizations protect payment card data in the best way possible. Steve's background in innovative technology, product development and management, and partnership-building means he is strongly positioned to lead us into this future. Steve inherits a strong brand and team built with Bob at the helm. Steve's diverse experience means he sees the opportunities and challenges of our community from a number of perspectives."
Russo helped to found and grow the council, but new challenges stemming from recent high-profile data breaches have given rise to new priorities.
"As evidenced by recent high-profile breach incidents, keeping payment data secure in today's world is an increasingly complex challenge," Russo wrote in a recent column for FierceRetailIT. "While EMV chip solves one part of the problem, there's no single solution that addresses all security challenges."
"It was time for a change at the PCI Council," Gartner analyst Avivah Litan told Bank Info Security. "Bob did a good job launching the council and seeing it through its formative years, but it's apparent that some major overhauls are needed to the processes around PCI, and perhaps to the standards themselves, since the status quo has failed to stop the major breaches."
Orfei will assume the Council's general manager role in September and will be meeting with the PCI Community at the 2014 annual PCI SSC Community Meetings in Orlando, Berlin and Sydney.
What retailers need to know about reducing fraud with EMV chip and PCI standards
How to prevent Target-like data breaches
Will PF Chang's data breach speed EMV?
Shoppers stop buying online after breaches
Target gets serious about its digital transformation