PCI's Orfei on How EMV Will Spur Mobile PaymentsEmerging Technology a Hot Topic at Annual Community Meeting
PCI Council General Manager Stephen Orfei says the migration to EMV in the United States will facilitate faster adoption of contactless mobile payments. That's why mobile will be a hot topic at the PCI Council's annual North America Community Meeting.
As U.S. merchants brace for the Oct. 1 EMV fraud liability shift date, Orfei says the council is exploring with the merchant community how EMV is setting the stage for mobile payments.
"We're going to be very focused on mobile, as mobile is the future of payments," Orfei says in an interview with Information Security Media Group. "With regard to mobile and EMV and contactless payments, the thing that is very exciting about the EMV implementation here in the U.S. is that as we move to EMV technology, RFID [radio frequency ID] and NFC [near-field communication] comes with it."
At some point, Orfei anticipates cards will be removed from payments transactions, which is why the council is broadening its focus and purpose. While helping merchants and the industry secure card data remains the PCI Council's primary goal, Orfei says the council has spent the last year honing its collaboration and cross-industry information sharing skills.
"We're reaching out to the merchant associations and working with them, together with the regulatory community, to help them understand what we're doing in the payment industry and how we're looking to defend and protect," he says.
Orfei says the council is doing more to help merchants understand the cyber risks they face by publishing guidance and best practices. "One of our core tenants is getting the information out to the merchant community in a language that they can get their arms around," he says. "We need to remove the info-sec talk, the payment acronyms and the law enforcement jargon."
Orfei points out the council has issues best practices for tokenization, a point-to-point encryption version 2 standard, card production standards and a PIN transaction security standard. "We've done malware alerts and ATM skimming alerts; and we've done provisioning alerts through the law enforcement community."
During this interview (see audio link below photo), Orfei also discusses:
- Why the shift to EMV will spur upticks in ATM and pay-at-the-pump skimming attacks;
- How EMV could help reduce demands for PCI compliance; and
- How complementary technologies, such as encryption and tokenization, can help merchants devalue card data to secure transactions.
Orfei is an industry expert in global payment platforms, e-commerce, mobile payments and cybersecurity. In his role as the general manager of the PCI SSC, Orfei brings more than 20 years of experience developing and delivering complex global payment solutions. The holder of several payments-industry patents and awards, Orfei has a career that spans senior positions at an international telecommunications corporation, security assessment companies, a global payments card brand and military service.