factual

Regarding PCI DSS compliance for Crowne Plaza, what components are the customers and clients responsible for?

Crowne_Plaza Franchise · 2025 FDD

Answer from 2025 FDD Document

FreedomPay is responsible for the merchant cardholder data that it possesses, processes, stores, or transmits on behalf of the customer, and will maintain compliance with all applicable PCI DSS requirements. Customers and clients are still responsible for the components of PCI compliance related to their location and related systems. Further, FreedomPay transmits cardholder and other sensitive authentication data to the customer's credit card processing provider to process transactions through the card networks. Customers are requested to notify us in the event that they experience issues that may affect the security, availability or confidentiality of the FreedomPay services they are utilizing.

Source: Item 23 — Receipts (FDD pages 100–424)

What This Means (2025 FDD)

According to the 2025 FDD, Crowne Plaza customers and clients are responsible for PCI DSS compliance related to their location and systems. While FreedomPay is responsible for the cardholder data it possesses, processes, stores, or transmits on behalf of the customer, the ultimate responsibility for PCI compliance at the franchisee's location remains with the franchisee.

This means that Crowne Plaza franchisees must ensure that their systems and processes at their specific location adhere to PCI DSS standards. This includes securing their networks, protecting cardholder data, and regularly testing their security systems. Franchisees are also responsible for ensuring that any third-party service providers they use in connection with card transactions also comply with PCI DSS.

Failure to comply with PCI DSS can result in significant financial penalties, restrictions on accepting card payments, and even termination of the franchise agreement. Therefore, it is crucial for prospective Crowne Plaza franchisees to understand their PCI DSS obligations and implement appropriate security measures to protect cardholder data and maintain compliance. Franchisees should consult with qualified security professionals to assess their PCI DSS compliance needs and implement appropriate security controls.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Crowne_Plaza 2025 FAQs Ask FDD Ninja