This week we’re talking with Chris Bucolo, director of market strategy for managed security service provider ControlScan. Last week, Bucolo wrote a guest post for in which he talked about how risk is viewed and managed within the payment facilitator space. He expands on the topic in this conversation.

“In the past year or so, a lot of forensics people would have dubbed it the year of the service provider breach,” Bucolo said, citing the third parties submerchants may be relying on as a potential area of vulnerability payment facilitators need to consider.

According to Bucolo, there is a range of approaches to security among payment facilitators, with a trend toward more concern about risk. New people who don’t have a background in payments security are beginning to accept payments amid a system that relies on multiple players along the way, making security best practices critical to protect cardholder data, he said.

Bucolo gives concrete ideas about how to balance the need for these security measures with the fact that they may be daunting to new players in the market in this week’s podcast.