What compliance program is required for Ben Jerrys locations that accept credit card payments?
Ben_Jerrys Franchise · 2025 FDDAnswer from 2025 FDD Document
As more fully described in Item 11, you are required to purchase a Ben & Jerry's approved point-of-sale system ("POS System") and enter into a purchasing contract for the system hardware, software/software license, configuration, credit card, gift card, Dashboard, and help desk. The POS vendor provides integrated and PCI compliant credit card and gift card processing. If contracted, credit card processing and interchange fees are paid directly to the vendor. If you do not contract with the POS vendor to process credit cards, you will need to purchase the hardware, software and support for processing credit/debit/cards on your own (pricing will vary). You should note that our Manual requires that all locations that accept credit card payments must comply with the requirements of the Cardholder Information Security Program ("CISP") promulgated by Visa®, including compliance with all requirements mandated by the Payment Card Industry ("PCI"). You must also enter into a purchasing contract for the POS SaaS based software and support, and contract with local service provider(s) for the installation of cable or DSL internet access, and phone line.
Source: Item 7 — ESTIMATED INITIAL INVESTMENT (FDD pages 28–37)
What This Means (2025 FDD)
According to Ben Jerrys's 2025 Franchise Disclosure Document, all locations that accept credit card payments must comply with the requirements of the Cardholder Information Security Program (CISP) promulgated by Visa, including compliance with all requirements mandated by the Payment Card Industry (PCI). This is a standard requirement in the franchise industry, as it protects both the franchisee and the customer from potential data breaches and fraud.
Ben Jerrys franchisees have the option to contract with the POS vendor to process credit cards. The POS vendor provides integrated and PCI compliant credit card and gift card processing. If a franchisee chooses not to contract with the POS vendor for credit card processing, they will need to independently purchase the necessary hardware, software, and support to process credit/debit cards. The costs for this will vary depending on the chosen provider and system.
Compliance with CISP and PCI standards involves implementing security measures to protect cardholder data, such as installing firewalls, encrypting data transmissions, and regularly updating security software. Franchisees are responsible for ensuring their systems and procedures meet these requirements, which may involve undergoing regular audits and assessments. Failing to comply with these standards can result in penalties, fines, and even the loss of the ability to accept credit card payments, which could significantly impact the business's revenue and reputation. Therefore, it is crucial for franchisees to prioritize and maintain ongoing compliance with these security protocols.