Must the Bumper Man franchisee comply with the PCI DSS?
Bumper_Man Franchise · 2025 FDDAnswer from 2025 FDD Document
processing such payment. Franchisee must comply with the PCI DSS as they may be revised and modified by the Payment Card Industry Security Standards Council, or any successor or replacement organization and/or in accordance with other standards Franchisor may specify, and FACTA. Franchisee also must upgrade periodically its Technology System, at Franchisee's expense, to maintain compliance with PCI DSS, FACTA and all Applicable Law. Franchisee must notify Franchisor immediately if it is notified of a credit card breach (as such constitutes a Crisis Management Event) related to the Bumper Business and Franchisee's business related thereto and must cooperate with applicable authorities fully with respect to the investigation. Further, Franchisee must cooperate with Franchisor fully with respect to media statements (if any) and other items related to managing the Crisis Management Event for the purpose of protecting the Marks and System.
Source: Item 23 — RECEIPTS (FDD pages 45–180)
What This Means (2025 FDD)
According to the 2025 Bumper Man Franchise Disclosure Document, franchisees must comply with the PCI DSS (Payment Card Industry Data Security Standards) as they may be revised. These standards are set by the Payment Card Industry Security Standards Council. Franchisees are also required to comply with FACTA (Fair and Accurate Credit Transactions Act).
To maintain compliance, Bumper Man franchisees must periodically upgrade their Technology System at their own expense. This ensures they meet the requirements of PCI DSS, FACTA, and all other applicable laws.
Furthermore, the FDD stipulates that franchisees must immediately notify Bumper Man if they become aware of any credit card breach related to their Bumper Business. Such a breach is considered a Crisis Management Event, and the franchisee must fully cooperate with authorities during any investigation. Franchisees must also cooperate with Bumper Man regarding any media statements or other actions related to managing the Crisis Management Event to protect the Bumper Man brand and system.