Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today we'll meet the Council's Regional Director of Latin America and the Caribbean, Guilherme Scheibe. Guilherme is based in Brazil and joined the Council last year to help us educate and promote the importance of the PCI Security Standards within the region. Thank you for joining us today, Guilherme.
Guilherme Scheibe: Hi Alicia, thanks for the introduction. I'm happy to have this chance to talk to you today. I've been listening to the podcast for a while, and I see that we've had some very good interviews and topics. I just hope to have some good things to share as well.
Alicia Malone: Well, thank you so much, Guilherme. We're very excited to chat with you today. So, tell us a little about your role at the Council and what regions you serve.
Guilherme Scheibe: Okay. So, although I'm based in Brazil, it is very important to mention that I am responsible for the LAC region. So, it means that I provide support to all the entities all over Latin America and the Caribbean. I like saying that I am the point of contact for all the stakeholders in the region, however, my main role is to provide awareness and ensure that we can have consciousness of the security risks that we face in the payment industry.
One of the ways that this can be done is by spreading the word in relation to the challenges that we have, and how the PCI standards deal with them. It is deeply correlated to another one of my roles, which is to speak on behalf of the Council. This could include events, meetings, interviews, and anything that could help us to spread the word, with relevant content, and support the growth and adoption of the PCI standards in the region. I would also like to highlight how participation from the industry is very important, as we have a lot of feedback from them, too. One of my goals is to have more entities participating and providing invaluable content, so the Council can better understand the challenges and how they could affect not only standards, but the payment industry. At last, I can also say that I have two other very important roles, which is leading the Regional Engagement Board and as the chairman of the Translation Committee.
Alicia Malone: So Guilherme, you came to the Council from Foregenix, where you served as a Managing Consultant, and you hold several certifications. Can you describe your career path in this industry and how it led you to PCI SSC?
Guilherme Scheibe: It's actually a very interesting fact that I am happy to say that I always knew what I wanted to do. So even before joining University. So, Information Security was always my area of interest and study. Prior to working with the PCI SSC, I was involved with internet banking security, which provided me with a great learning opportunity and allowed me to travel to different continents while working with the financial industry.
So, my involvement with the PCI Council started back in 2006 when I attended the first QSA training that took place in Brazil. I worked as a QSA for a few years but the market in the region was not very mature by that time. I can say that things really started to take off in 2010, when I joined a multinational QSA company that was expanding its business in the region, as a QSA and as a PA-QSA. From there, my career progressed from consultant to manager responsible for parts of Latin America. It's still that company, but after that one I joined Foregenix, as the manager for Latin America. I had the opportunity to learn a lot of new things and to study things such as the P2PE Standard, which was quite new by that time and required a lot of technical knowledge. From there, I also became a PIN Assessor for VISA as a VSA, which was later changed to QPA, when the Council took on the responsibility of the certification program. I was also a 3DS Assessor and, most recently, a Card Production Assessor. So, I can say that despite the last one, I was able to work in several different regions and compare what was happening in the whole world with the LAC.
Throughout my career, I have managed to balance both technical and managerial skills which has enabled me to navigate and advance in both these fields. Luckily, I can say that joining the Council was the perfect match for me. I am very proud to be in this role and I think it is the perfect win-win situation.
Alicia Malone: What kinds of trends are you seeing in the payment industry in Latin America? What are the opportunities? And what are the threats to payment security there?
Guilherme Scheibe: Hmm, that's a very good point. So, it is interesting to say that Latin America is a region with a very fast adoption of new technologies. If there is something new that can be used for payments and most importantly, to drive a new business, it will be used. Based on the conversations that I've been having with the stakeholders, I can say for sure that there is a lot of interest in mobile standards, especially right now with MPoC, which was released at the end of last year. This standard has a different approach from the previous CPoC and the SPoC and gives the industry a lot of different possibilities. Many of the entities that I'm talking to are trying to understand what they can do to turn this possibility into new business and new business opportunities.
Another trend that's happened quite a lot in the region is the growth of regional acquirers. In the past, different countries had some different limitations, for this type of business - I would say limitations and rules - and now more new players are coming into the market. So, it's really important to reach these new Fintechs to ensure that they can think about security from the start.
Thinking in terms of threats, I would say that the region is very cutting-edge in developing all sorts of malware. So, you probably have heard about some malware from here. We have a few ones that started in specific locations and now are used worldwide, so it's like different levels of the payment chain. On the other hand, the entities of the region have developed a lot of skills to deal with this threat. Of course, I mean, as we start moving to the mobile world, we understand that these threats will also migrate, or perhaps evolve, so it's very important to ensure that the mobile payment security standards are consistent, and they are kept up to date with these new attacks. I believe that the region will be very important in providing this type of feedback for the mobile standards as well.
Alicia Malone: Yes, we've received a lot of feedback that the mobile standards are very popular right now and we're glad that we're able to share MPoC with the world and I'm sure that there is more to come. So, why is it important for PCI SSC to have dedicated representation in a role like yours in Latin America?
Guilherme Scheibe: Well, the LAC is a key region to the payment industry, and this is how it is seen by the PCI Council. We have not only a representative in the region, but also programs such as the Regional Engagement Board, which allows us to have like a two-way conversation with the entities in Latin America and Brazil Latin America. So, this brings us immense value. Also, the region is quite large with different specific scenarios among countries and maybe within the specific countries that are larger, for example, such as Brazil and Mexico. Also, at some points the language can also be a barrier and I'm happy to speak both Portuguese and Spanish, which allows us to have fluid conversation in almost all the countries in the region.
This is a very important point I can say, so based on the conversations that I have with different entities, so it’s not, I would say, a major point but it makes a difference. I can also say that we get a lot of feedback from the LAC and this feedback is very important for what we do. This is why one of my priorities at this moment is to have more entities participating with us so we're just trying to get more entities to join and participate with the Council.
Alicia Malone: What do you enjoy most about your role at the Council?
Guilherme Scheibe: This is a nice question. So first, I can say that working for the Council is, for me, a great opportunity. It allows me to see how things work from the other side, considering that I was used to being a QSA. It also allows me to have daily contact with many very skilled people who are referenced in the industry. I mean, it was amazing for me to get in contact to join meetings and to actually learn from these people, so it is a lot of learning especially considering the work done by the working groups, which are responsible for the programs and the standards, which I have had a chance to participate in many of them. But to be more specific, I can say that the role comes with a huge responsibility of being a key person in the industry for a whole region. So, it is scary at first but it’s very enjoyable. It puts me in contact with many stakeholders and we learn a lot from each other. It is also very pleasant to see the results of the work and how the support that we provide makes a difference in the region. I could say many others, however, I will just keep these ones as the key points.
Alicia Malone: I think that's great, Guilherme, and you do have a very large region to represent, and the fact that you are multilingual, I'm sure is a huge help in that regard. So, moving on, this is an election year for the Council's Brazil Regional Engagement Board. Can you talk a little about the importance of that Board and what stakeholders can expect from the coming election?
Guilherme Scheibe: The election should be by the end of the year. It is a two-year term that we have. I can say that the Regional Engagement Board serves as advisors to PCI SSC on payment data security issues in Brazil and Latin America. They represent the PCI SSC Participating Organizations and industry stakeholders from the region, and work to foster broad adoption of the PCI standards and improve payment security. So, the priorities for the Regional Engagement Board have been the awareness of PCI DSS v4.0, for example, helping increase understanding of updates to PCI DSS v4.0 as the latest security standard. I would also say helping with the educational resources for Brazil, collaborating on the development of content, and resources for the Brazilian payment industry. So, another key thing is the awareness of key payment security initiatives. So, for example, driving regional awareness and understanding of the PCI Software Security Framework, and right now the mobile standards, such as the MPoC, as we've discussed. So, generally speaking, this is one of the goals for the Regional Engagement Board. And I'm sure it's the idea for the next term, for the next group, to not only expand that, but to have more feedback and more support from them. So, it's a really nice group. It has entities from many different groups in the financial industry. And this is something that matters because we listen, we work together, and this is very important for us.
Alicia Malone: So, outside of your day job, tell us a little bit about yourself. What kinds of things are you passionate about? What would you like others to know about you?
Guilherme Scheibe: Okay, well I'm from Brazil so I have to say that I'm a huge soccer fan. I prefer to say football, however I will just say soccer to avoid confusion in this conversation. So, I've seen my team win many important competitions, not only here but also while traveling abroad to see them play. So, I can say that it was very unfortunate that the team had a bad moment in the past few years. And like not having a crowd during Covid, which made things a bit worse. So, another thing that I like doing is playing and watching tennis. And here's a fun fact: I had a chance to see some of the most important tournaments around the world by mixing with business trips. For example, I was at the U.S. Open once, sorry, I was in the U.S. for one assessment once on the dates of the U.S. Open and the same happened once in London. So, I had a business trip in London, and it was on the same week of the ATP Finals. I'm proud to say that from the generation of Federer and Serena, I was lucky to see ‘live’ all of the players that I wanted to see. So, I'm really happy to say that. So, besides that, I like being with my family. Becoming a father was, and it is, the greatest and most pleasant challenge that someone can have. I like to be present and do as many things together as possible while I have the chance, as you know what happens when the kids grow up. So that’s what I would say.
Alicia Malone: I love it. And of course, I would be remiss if I didn't ask you how you take your coffee. Or if you're not a coffee drinker, what do you prefer instead?
Guilherme Scheibe: Well, I do like coffee, and I also like to taste different flavors when I'm traveling. I'm not an expert and I cannot notice notes and flavors, but I'm happy when I have the chance to taste some good ones and sometimes bring back with me some good ones for drinking here. Regionally speaking, we don't drink large glasses of coffee as it is done mostly from the U.S. Coffee here is mostly short, strong, and we have a few cups during the day. So, I particularly like espresso with no sugar. I mean, it took me some time to be able to drink that with no sugar. So, I usually enjoy that with perhaps a small candy or a piece of chocolate. So, that would be the ideal coffee for me.
Alicia Malone: Yes, you're right because Americans tend to like our coffee fishbowl size!
Guilherme Scheibe: Yeah, that's true.
Alicia Malone: We drink a lot of coffee, but espresso is delicious.
Alicia Malone: Thank you so much for joining us on Coffee with the Council, Guilherme, and it's been such a pleasure getting to know you more.
Guilherme Scheibe: Alicia, thanks for the opportunity and it has been a pleasure for me as well.
Like what you’ve heard? Subscribe to PCI SSC’s “Coffee with the Council” podcast by visiting any of the following platforms: Spotify, Anchor, Pocket Casts, Google Podcasts, or RadioPublic. Coming soon, the podcast will also be available on Apple Podcasts.