I have worked for both of the major card brands and was their representative on the PCI Security Standards Council, so I contributed to the development of a number of PCI standards including PCI DSS (v3 and v4), PCI PIN, PCI 3DS and P2PE. I was also responsible for PCI compliance programmes in Europe - so I've a detailed knowledge of who needs to comply with PCI DSS and how they need to demonstrate that. When I've not been writing security standards, I've been a security consultant, a QSA and I've worked with lots of large merchants in Europe, helping them comply with payment security standards.

I hold professional certifications in information security and privacy and have an LLM in Information Rights Law.

In my spare time I write PCI training courses for Pluralsight.

Any answers or contributions I post on StackExchange are my own personal opinion, they are not the view of a card brand and in the case of PCI-related questions you should (of course) ask your QSA or acquiring bank.