This week, we talk with Chris Bucolo, director of market strategy for managed security service provider ControlScan, about e-commerce security.

When they take on payments, companies jump into a complex system where all parties are responsible for maintaining data security.

In some cases, payment facilitators are companies that have created applications that work well for the vertical they serve. But they may not always be aware of all the risk elements associated with that application, Bucolo said.

“It’s important to look at the strength of the application itself that’s been developed, how it interacts with the system that it’s part of, and the human element that could be involved as well,” he said.

Bucolo shares some of the industry resources, including guidance and best practices issued by the card brands and the PCI Security Council, that payment facilitators can turn to for an understanding of the security issues affecting their e-commerce applications.

“A lot of the breaches in the last few years have centered around remote access,” he said. “So there’s definitely an ability to look at what are the key areas that are causing breaches, and make sure that those areas have been addressed adequately by you as the payment facilitator and any third party that you may be relying on.”

“It’s sort of what you miss or what you don’t know that could hurt you,” he added.

Learn more about what payment facilitators should know about securing e-commerce in this week’s podcast.