What are the Payment Card Industry Data Security Standards (PCI-DSS) and how do they relate to a Cinnabon franchise?

According to the 2025 Cinnabon Franchise Disclosure Document, franchisees must ensure their point-of-sale (POS) systems or credit card processing terminals comply with the most current Payment Card Industry Data Security Standards (PCI-DSS). These standards are designed to protect customer credit card data and reduce the risk of fraud and data breaches. Compliance with PCI-DSS is a critical requirement for any business that processes credit card transactions, including Cinnabon franchises.

In practical terms, this means a Cinnabon franchisee is responsible for implementing and maintaining security measures to safeguard cardholder data. These measures can include installing firewalls, encrypting data, using strong passwords, regularly updating software, and restricting access to cardholder information. The franchisee must also adhere to all applicable federal and state laws and regulations related to the collection, use, and security of personal information.

Furthermore, Cinnabon may periodically establish privacy policies or data protection and breach response policies that franchisees must follow. Failure to comply with PCI-DSS and other data security requirements can result in significant financial penalties, legal liabilities, and damage to the Cinnabon brand's reputation. Therefore, it is essential for prospective franchisees to understand and budget for the costs associated with maintaining PCI-DSS compliance. They should also inquire about the specific systems and procedures Cinnabon requires to meet these standards.