Tim Thomas • Product Management, ControlScan

Tim Thomas oversees the product management function for ControlScan. Tim is focused on enhancing the company’s product and service deliverables to guide businesses through the complexity of the Payment Card Industry Data Security Standard (PCI DSS) as well as other security and privacy compliance processes.

Prior to joining ControlScan, Tim built and led technical support teams for TeleMate.Net software, a network monitoring and security solutions company, as well as ServiceCentral Software and CipherTrust, an email security and anti-spam software company that is now part of McAfee/Intel. Tim is a member of the PCI Security Standards Council’s SMB Task Force. He tweets at @tethomas_99.

Chris Bucolo • Director of Market Strategy, ControlScan

Chris Bucolo has over 30 years’ experience in the financial technology and payments industries. In his current role as Director of Market Strategy for ControlScan, Chris is responsible for enhancing the company’s payments industry partnerships by identifying and delivering data security and compliance solutions that maximize the relationship between merchant service providers and their customers. Previously he managed business development for the company’s security consulting and security engineering services.

Chris possesses a wealth of knowledge in payment security best practices and merchant relationships, having built and sold his own Independent Sales Organization (ISO), which was one of the first in the country to embrace Payment Card Industry (PCI) security standards and include related services among its core merchant offerings. He is a regular speaker at payments and security industry events, and his commentary has appeared in several notable publications as well as AP stories and live television interviews.

Be Ready for Your First QSA-Led PCI DSS Assessment

June 11, 2018 • Published by Marc Punzirudu Best PracticesLevel 1, QSA

Ready for your QSA-led PCI DSS assessment?

So, you have been notified by a client, card brand, or your acquiring bank that you have to engage a third-party QSA company to perform a QSA-led PCI DSS assessment. There are some things that you need to know, or need to consider before moving … Read more

PCI vs. HIPAA in Healthcare [Video]

February 12, 2016 • Published by Marc Punzirudu PCI 101Healthcare, HIPAA

If your business calls its customers “patients,” then you are likely well aware of HIPAA-HITECH and all that goes along with it. But what happens if you throw the Payment Card Industry Data Security Standard (PCI DSS) into the mix? A lot of people like … Read more

5 “Buts” Your QSA Doesn’t Want to Hear

December 22, 2015 • Published by Marc Punzirudu Best PracticesPA-DSS, QSA, QSA Assessment

Qualified Security Assessors like myself are conducting annual PCI assessments year round, so while your assessment may seem like an “it’s that time of the year again” activity, our interaction with your business often involves common themes. For example, we QSAs often hear a lot … Read more

You’re Non-Compliant with PCI. Now What?

December 11, 2015 • Published by Marc Punzirudu Best PracticesAcquirers, Non-Compliant, PCI Non-Compliance, QSA, SAQ

You gather up all the necessary documentation and sit down to complete the SAQ for your business—only to realize that you can’t answer “yes” to all the questions. Somewhere, something down the line occurred which now makes things complicated. When confronted with the reality of … Read more

PA-DSS and PCI DSS: Beware the critical difference!

July 10, 2015 • Published by Marc Punzirudu PCI 101PA-DSS, Point of Sale, POS

“A QSA’s Deja Nightmare” A QSA walks into a bar (or gas station chain, or retail organization, etc.) to perform a PCI assessment. The bartender/owner says, “We just have some policies for you! We use <<insert POS company name>> POS, and it is PCI compliant.” … Read more