What financial instruments potentially subject Bambu to significant concentrations of credit risk?
Bambu Franchise · 2025 FDDAnswer from 2025 FDD Document
- 10.3 Credit Card Services.
Franchisee must accept credit and debit cards from customers of its Bambū shoppe for all transactions in any amount.
Franchisee shall use Bambu's designated POS System and credit card merchant service provider.
The Payment Card Industry ("PCI") requires all companies that process, store, or transmit credit or debit card information to protect the cardholders' information by complying with the PCI Data Security Standard ("PCI DSS").
Therefore, Franchisee shall be PCI compliant by following and adhering to then-current PCI DSS, currently found at www.pcisecuritystandards.org, or any similar or subsequent standard for the protection of cardholder data throughout the term of this Agreement.
Franchisee's Bambū shoppe shall be in compliance with PCI DSS at all times.
- 10.4 Electronic Funds Transfer.
Franchisee authorizes Bambu and its affiliates to initiate debit entries and credit entries to Franchisee's checking, savings or other account for the payment of the Royalty Fee (defined in Section 12.1), payment of the Marketing and Technology Fee (defined in Section 12.2), the purchase of equipment and inventory, and any other amounts due from Franchisee under this Agreement or otherwise.
Source: Item 23 — Receipts (FDD pages 52–209)
What This Means (2025 FDD)
Based on the 2025 Franchise Disclosure Document, Bambu franchisees are required to accept credit and debit cards for all transactions at their Bambū shoppes, which exposes them to risks associated with credit card processing. Specifically, franchisees must use Bambu's designated POS system and credit card merchant service provider. This requirement means franchisees are reliant on a third-party vendor chosen by Bambu for these services.
Additionally, the FDD highlights the importance of Payment Card Industry (PCI) compliance, stating that franchisees must adhere to the PCI Data Security Standard (PCI DSS) to protect cardholder information. Failure to comply with PCI DSS can result in significant penalties and liabilities for the franchisee. The franchisee bears the responsibility of ensuring their Bambū shoppe is compliant with PCI DSS at all times.
Furthermore, Bambu is authorized to initiate debit and credit entries to the franchisee's accounts for various payments, including royalty fees, marketing and technology fees, and purchases of equipment and inventory. This electronic funds transfer (EFT) system, while convenient, means the franchisee is granting Bambu direct access to their accounts, which could pose a risk if not properly managed or monitored. Franchisees should ensure they have adequate oversight and reconciliation processes in place to safeguard against unauthorized or incorrect transactions.