What security standards must an Aplus franchisee meet to protect customer privacy and credit card information?
Aplus Franchise · 2024 FDDAnswer from 2024 FDD Document
tems) that Franchisor specifies periodically to enable customers to purchase authorized products, and to acquire and install all necessary hardware and/or software used in connection with these non-cash systems. Franchisee shall submit all fees and payments to Franchisor in U.S. dollars. Franchisee shall not accept any currency other than USD, and specifically is prohibited from accepting any cryptocurrency and tokens (including, but not limited to, Bitcoin, Ethereum, Litecoin, and other digital currencies and token). The parties acknowledge and agree that protection of customer privacy and credit card information is necessary to protect the goodwill of businesses operating under the Marks and System. Accordingly, Franchisee shall cause the Franchised Business to meet or exceed, at all times, all applicable security standards developed by the Payment Card Industry Standards Council or its successor and other regulations and industry standards applicable to the protection of customer privacy and credit card information. Franchisee is solely responsible for its own education concerning these regulations and standards and for achieving and maintaining applicable compliance certifications. Franchisee shall defend, indemnify, and hold Franchisor harmless from and against all claims arising out of or related to Franchisee's violation of the provisions of this Section 13.10.
Source: Item 23 — RECEIPT (FDD pages 68–302)
What This Means (2024 FDD)
According to Aplus's 2024 Franchise Disclosure Document, franchisees must meet or exceed all applicable security standards developed by the Payment Card Industry Standards Council or its successor, along with other regulations and industry standards that pertain to the protection of customer privacy and credit card information. Aplus franchisees are responsible for educating themselves on these regulations and standards and for achieving and maintaining applicable compliance certifications.
Furthermore, the franchisee's computer systems must comply with all applicable laws, regulations, and commonly accepted industry standards related to privacy, data security, and the processing and protection of confidential personal information. This includes, without limitation, the Payment Card Industry Data Security Standards and all other standards applicable to electronic payments that may be published from time to time by payment card companies.
Aplus emphasizes the importance of protecting customer privacy and credit card information to safeguard the goodwill of businesses operating under its Marks and System. Franchisees are obligated to defend, indemnify, and hold Aplus harmless from any claims arising from violations of these security provisions. This highlights the critical responsibility franchisees bear in maintaining robust data protection measures and staying informed about evolving security standards.