What documentation must a Dog Haus franchisee provide to demonstrate compliance with PCI DSS requirements?
Dog_Haus Franchise · 2025 FDDAnswer from 2025 FDD Document
You are required to honor all credit, charge, courtesy and cash cards approved by us in writing. To the extent you store, process, transmit or otherwise access or possess cardholder data in connection with selling Dog
Haus Authorized Products, you are required to maintain the security of cardholder data and adhere to the then-current Payment Card Industry Data Security Standards ("PCI DSS"), currently found at www.pcisecuritystandards.org for the protection of cardholder data throughout the Term of your Franchise Agreement. You are responsible for the security of cardholder data in the possession or control of any of subcontractors you engage to process credit cards. All subcontractors must be identified to and approved by us in writing prior to sharing cardholder data with the subcontractor. You must, if requested to do so by us, provide appropriate documentation to us to demonstrate compliance with applicable PCI DSS requirements by you and all identified subcontractors.
Source: Item 8 — RESTRICTIONS ON SOURCES OF PRODUCTS AND SERVICES (FDD pages 31–36)
What This Means (2025 FDD)
According to Dog Haus's 2025 Franchise Disclosure Document, franchisees must provide documentation to demonstrate compliance with Payment Card Industry Data Security Standards (PCI DSS) if requested by Dog Haus. This requirement extends not only to the franchisee but also to any subcontractors they engage to process credit cards. These subcontractors must also be approved by Dog Haus in writing before being entrusted with cardholder data.
This means that if a prospective Dog Haus franchisee intends to accept credit card payments, they must adhere to PCI DSS standards, which are designed to protect cardholder data. The franchisee is responsible for ensuring that their own systems and those of any third-party processors meet these security requirements. Failure to comply with PCI DSS could result in fines, penalties, and potential legal liabilities for data breaches.
For a prospective franchisee, this highlights the importance of selecting reputable and PCI DSS-compliant subcontractors for payment processing. It also underscores the need to maintain meticulous records and documentation related to PCI DSS compliance, as Dog Haus may request this information at any time. The franchisee should also factor in the costs associated with PCI DSS compliance, including assessments, security measures, and potential training for employees who handle cardholder data.
It is also important to note that Dog Haus has the right to change POS systems and merchant service providers at any time upon 90 days' notice. Currently, Toast, Inc. is Dog Haus's only approved supplier for POS equipment and merchant processing services. This means that franchisees must be prepared to adapt to changes in technology and service providers as directed by Dog Haus to maintain compliance and operational standards.