What must a Carls franchisee do annually to attest to continuous PCI compliance?
Carls Franchise · 2024 FDDAnswer from 2024 FDD Document
You must comply with the Payment Card Industry Data Security Standard ("PCI-DSS") at all times and engage any vendor that we may designate to ensure the security of your data and compliance with PCI-DSS. You must maintain continuous PCI compliance and must attest this to us annually by providing us with a completed and signed PCI Attestation of Compliance.
Source: Item 8 — RESTRICTIONS ON SOURCES OF PRODUCTS AND SERVICES (FDD pages 36–40)
What This Means (2024 FDD)
According to Carls's 2024 Franchise Disclosure Document, franchisees must maintain continuous Payment Card Industry Data Security Standard (PCI-DSS) compliance. To attest to this ongoing compliance, a Carls franchisee must provide the franchisor with a completed and signed PCI Attestation of Compliance annually.
PCI-DSS compliance is crucial for protecting customer payment card data and preventing data breaches. By requiring annual attestation, Carls aims to ensure that all franchise locations adhere to the necessary security protocols and standards. This helps to maintain the integrity of the Carls brand and protect customers' financial information.
For a prospective franchisee, this requirement means incorporating PCI compliance into their annual operational budget and schedule. They will need to allocate resources to maintain the required security measures and complete the attestation process each year. Failure to comply with PCI-DSS standards can result in penalties, legal repercussions, and damage to the franchisee's and Carls's reputation.