November 16, 2022

Inside PCI DSS and Privacy for Payments with Skyflow's Bjorn Ovick

Share In
How to Subscribe

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It was introduced to create a level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data and ultimately reduce fraud.

Merchants that wish to accept payments need to be PCI compliant. Without PCI compliance, the merchant not only risks destroying customer trust in the case of a data breach, but they risk fines and potentially being stopped from being able to accept payments.

Payment processors like Stripe, Adyen, Braintree, and so on, help offload PCI compliance by providing PCI compliant infrastructure available through simple APIs. 

Bjorn Ovick, Head of Fintech at Skyflow, formerly of Wells Fargo, Visa, Samsung, and American Express, holds over 20 patents related to payment applications. He joins the show to share his background, thoughts on the evolution of technology in this space, break down PCI DSS, payment processors, and how Skyflow helps not only offload PCI compliance but gives businesses flexibility to work with multiple payment processors.


  • Can you share a bit about your background and how did you end up working in the financial industry?
  • You also have over 20 patents for payment applications, what are some of those patents?
  • So you are Head of Fintech Business and Growth at Skyflow, what does that consist of and how did you come to work at Skyflow?
  • Can you talk a bit about the evolution and change of the fintech market from when you started your career to today?
  • What is PCI DSS and where did it come from?
  • How does a company achieve PCI DSS compliance?
  • What’s a company’s responsibilities with respect to PCI compliance?
  • What's it take to build out PCI compliant infrastructure?
  • What happens if you violate PCI compliance?
  • How do you offload PCI compliance and still accept payments?
  • What is PCI tokenization?
  • What patterns do you see in payments and what should someone consider as they build their payment stack?
  • Why would a merchant use multiple payment processors?
  • How does a company use multiple payment processors?
  • What is network tokenization and how does that improve privacy and security?
  • What is 3D secure?
  • What are the big gaps in terms of payment processing today? What problems still need to be solved?
  • Where do you see the payment technology industry going in the next 5-10 years?
  • Where should someone looking to learn more about the payments space go?


Other Podcast

Bug Bounties, Pentesting, and Automated Security Workflows with Trickest's Nenad Zaric

Former pentester and bug bounty hunter Nenan Zaric joins the show to talk about the types of vulnerabilities that companies should be looking for and about how to automate security workflows through the Trickest platform, a company he founded.

Machine Learning and Privacy at the Edge with Edge Impulse's Daniel Situnayake

Dan Situnayake, Head of Machine Learning at Edge Impulse, joins the show to share his knowledge about the practical privacy and security concerns when working with edge IoT devices and how to still leverage this incredible technology but do so in an ethical and privacy-preserving way.

Building a Secure CI/CD Pipeline with Google's Anjali Khatri and Nitin Vashishtha

Google Cloud Principle Architect Anjali Khatri and Google Cloud Solutions Engineer Nitin Vashishtha join the show to discuss DevOps, DevSecOps, the shift left movement, and how to use Google Cloud to create a secure CI/CD pipeline.