What is the annual requirement for PCI compliance attestation for a Carls franchisee?

According to Carls's 2024 Franchise Disclosure Document, a franchisee must maintain continuous Payment Card Industry Data Security Standard (PCI DSS) compliance. To demonstrate this compliance, the franchisee is required to attest annually by providing a completed and signed PCI Attestation of Compliance (AOC) to Carls. This attestation confirms that the franchisee's systems and processes meet the security standards necessary to protect cardholder data.

This requirement means that a Carls franchisee must not only initially achieve PCI compliance but also maintain it throughout the term of the franchise agreement. The annual attestation serves as a regular check to ensure that the franchisee is adhering to these standards. Failure to maintain continuous compliance or provide the annual attestation could result in penalties or other enforcement actions from Carls.

For a prospective franchisee, this highlights the importance of understanding and budgeting for the ongoing costs and efforts associated with PCI compliance. It is not a one-time setup but a continuous process that requires regular monitoring, updates, and documentation. Engaging a qualified vendor, as suggested by Carls, can help ensure that the franchisee meets these requirements and avoids potential security breaches or non-compliance issues.