What is the Buff City Soap franchisee's obligation regarding PCI DSS and FACTA compliance?

According to Buff City Soap's 2025 Franchise Disclosure Document, franchisees must comply with the PCI DSS (Payment Card Industry Data Security Standards) as revised by the Payment Card Industry Security Standards Council. Franchisees must also comply with FACTA (Fair and Accurate Credit Transactions Act). Furthermore, franchisees are obligated to periodically upgrade their Technology System, at their own expense, to maintain compliance with PCI DSS, FACTA, and all other applicable laws.

This requirement means that a Buff City Soap franchisee is responsible for ensuring that their business operations, particularly those involving credit card processing and data handling, meet the security standards set forth by PCI DSS and FACTA. These standards are designed to protect consumer data and prevent fraud. Failure to comply with these standards can result in significant penalties, including fines and the inability to process credit card transactions.

The obligation to upgrade the Technology System periodically to maintain compliance places an ongoing financial burden on the franchisee. As technology and security standards evolve, the franchisee must invest in updates and improvements to their systems to remain compliant. This could involve software upgrades, hardware replacements, or other security enhancements.

It is important for prospective Buff City Soap franchisees to understand the costs and responsibilities associated with PCI DSS and FACTA compliance. They should budget for ongoing technology upgrades and security measures to avoid potential penalties and maintain the integrity of their business operations. Franchisees should also stay informed about changes to these standards and seek professional guidance to ensure they are meeting all requirements.