PCI-DSS Compliance: Are CEOs Buying In?Winning Senior Executive Support for Security Vigilance
Ten years after the launch of the PCI Data Security Standards Council, the key to ensuring ongoing compliance with the PCI Data Security Standard is winning CEO buy-in worldwide, says Stephen Orfei, general manager of the council.
"Our biggest challenge is vigilance, and building in proper data security, which the standard does exceptionally well, into 'business as usual,'" he says in an interview with Information Security Media Group.
Given the global nature of business, Orfei says it's become critical that the PCI-DSS be recognized and adopted internationally, especially in developing markets, including China. Until the PCI-DSS is adopted worldwide, he argues, organizations will struggle to comply with varying security standards in various international markets (see PCI-DSS: Building Global Acceptance).
Businesses interested in expanding to new markets want to know they have a single payments standard with which to comply, he says. "This drive toward having a single standard for the payment industry is in everyone's interest," he says.
During this interview (see audio link below photograph), Orfei also discusses:
- Steps the council has taken to push global acceptance of the PCI-DSS in Asia;
- Work the council is doing to address small merchant security, including new guidance soon to be released;
- Why more global education about the standard is still needed.
Orfei is an industry expert in global payment platforms, e-commerce, mobile payments and cybersecurity. He brings more than 20 years of experience developing and delivering complex global payment solutions to his role as general manager of the PCI Security Standards Council. The holder of several payments-industry patents and awards, Orfei has held senior positions at an international telecommunications corporation, security assessment companies, a global payments card brand and in military service.