The PCI Security Standards Council (PCI SSC) is pleased to welcome its newest team member, Úna Dillon, Regional Director, Europe. As Regional Director, Úna serves as the primary liaison with European payment security stakeholders. In this role, she will drive awareness and growth of the Council with an emphasis on educating stakeholders on the importance of data security for payments and supporting the adoption of PCI SSC standards within the European region.
In this Q&A, we will learn more about Úna and all that she brings to the Council.
Your background is in payments with a long tenure at Merchant Risk Council (MRC). Can you describe your career path in this industry and how it led you to PCI SSC?
Úna Dillon: Yes, indeed. I started my career at a retail bank covering issuing and acquiring chargebacks. The acquiring part of the bank was then taken over and I went with it, heading up the Chargebacks Department and working on acquiring with merchants for a few years. I then took up a role as General Manager of the Irish national debit card scheme, Laser Card. When Laser was taken over by Visa and Mastercard in 2014, I worked as a consultant for a time, engaging Venture Capitalists who wanted to invest in Irish payments companies but who needed an expert to let them know what was what! I then joined the MRC as Managing Director for Europe, expanding the membership of that organization in the region. I went on to expand my reach on a more global scale and finally became the Head of Advocacy & Education where I mainly provided advice and data on payments to financial regulators globally. A natural progression was PCI SSC, continuing my work in the area of standards, compliance, and payment security.
You bring a wealth of industry relationships and knowledge to the Council. What does that mean for you in terms of helping PCI SSC succeed in its mission to secure payment data?
Úna Dillon: For me, it means being able to act as a bridge between the Council and the many stakeholders across the payments ecosystem. Having worked with issuers, acquirers, merchants, service providers, and regulators, I understand the challenges and perspectives each brings. I see my role as helping the Council listen effectively to these voices, foster collaboration, and translate those insights into practical guidance. Effectively, it’s about ensuring that industry expertise drives stronger, more resilient security practices globally.
A major part of your new role at the Council involves growing the Participating Organization program. Why is that important and how do you hope to achieve that?
Úna Dillon: The Participating Organization (PO) program is essential because it ensures that PCI SSC’s work reflects the realities of those who are implementing security controls every day. The more diverse and engaged our PO community is, the better positioned we are to create standards that are relevant, globally applicable, and effective. My focus will be on demonstrating the value of participation, showing to organizations this is not just compliance, but an opportunity to influence, collaborate, and shape the future of payment security. I’ll also be working to build stronger regional engagement, especially in Europe, where unique regulatory and market conditions require dedicated dialogue.
What do you think is most important to understand about the unique payment security landscape in Europe?
Úna Dillon: Europe is distinctive because of its regulatory complexity and diversity. We have a patchwork of national regulators layered with EU-wide directives, each influencing how payment security is approached. Add to that the wide range of payment methods, traditional cards, strong e-commerce adoption, and growing alternative payments, and you have a very dynamic environment. The most important thing is to recognize that “one size fits all” does not work in Europe; security must be adaptable, interoperable, and aligned with both global standards and local realities.
What opportunities are you most looking forward to in this new role?
Úna Dillon: I am excited about the chance to bring people together, whether that is through workshops, forums, or one-on-one discussions, and to help them see the value of collective action in security. I’m also looking forward to strengthening the Council’s presence in Europe and ensuring European perspectives continue to influence global standards. For me, this role is about both learning from the industry and helping to shape its future.
What kinds of things are you passionate about?
Úna Dillon: I’m passionate about collaboration and knowledge-sharing. Payment security is complex, but it becomes manageable when organizations work together and learn from one another. I’m also passionate about innovation, finding ways to support payment security initiatives without stifling customer experience. Outside of work, I care deeply about mentorship and developing the next generation of professionals in our industry.
What would you like others to know about you?
Úna Dillon: I’d like people to know that I’m approachable and always open to conversation. I believe every voice in this industry matters, whether you’re a large multinational or small regional organization. I thrive on building connections, learning from others, and finding common ground to move initiatives forward.
