What is Crowne Plaza responsible for ensuring regarding the Merchant Account and Merchant Systems?
Crowne_Plaza Franchise · 2025 FDDAnswer from 2025 FDD Document
- (b) Merchant Provider Compliance. You must ensure that you and Merchant Providers: (i) comply with the registration process which can involve site inspections, background investigations, provision of financial statements, and any other information required by us or a Card Organization; (ii) comply with the periodic and other reporting required by a Card Organization; and (iii) comply with all applicable Card Organization Rules, including without limitation, those requiring security of Cardholder data.
You may allow Merchant Providers access to Cardholder data only for purposes authorized under and in conformance with the Card Organization Rules.
You are responsible for all our costs and expenses associated with our review, approval, certification (and recertification as may be required by us or the Card Organization Rules) and registration of any Merchant Providers.
Source: Item 23 — Receipts (FDD pages 100–424)
What This Means (2025 FDD)
According to the 2025 Crowne Plaza FDD, the franchisee is responsible for ensuring compliance with Card Organization Rules, including PCI DSS, for all Merchant Systems and Merchant Providers used in connection with card transactions. This includes equipment, software, and third-party services used for processing payments. The franchisee must also ensure that Merchant Providers comply with registration processes, periodic reporting, and all applicable Card Organization Rules, including those related to cardholder data security.
Crowne Plaza's approval is required before a franchisee can engage any Merchant Provider, and the franchisee must provide the Merchant Provider's information in writing for this approval. The franchisee is responsible for all costs associated with Crowne Plaza's review, approval, certification, and registration of Merchant Providers. Failure to comply with data security requirements can result in fines, penalties, or restrictions on accepting cards, potentially impacting the hotel's revenue and operations.
The FDD also states that the franchisee is responsible for all chargebacks and fees arising from fraudulent activity processed through their Merchant Systems or Merchant Account, regardless of any Address Verification Service (AVS) response. Additionally, if a data compromise event occurs and the franchisee or their Merchant Provider is determined to be the source, the franchisee is responsible for all related expenses, claims, assessments, fines, losses, costs, penalties, and issuer reimbursements imposed by the Card Organizations against Crowne Plaza. However, Crowne Plaza agrees not to pass through to the franchisee any amounts imposed upon them by the Card Organizations in connection with Crowne Plaza's Data Security Event.
In summary, while Crowne Plaza maintains some oversight and approval authority regarding Merchant Providers, the primary responsibility for ensuring the security and compliance of Merchant Systems and Accounts rests with the franchisee. This includes covering the costs associated with compliance and bearing the financial risk of fraudulent activities and data breaches.