What do PCI security standards cover for a Fitstop franchise?

According to Fitstop's 2024 Franchise Disclosure Document, because franchisees accept credit cards as a payment method, they must comply with payment card infrastructure (PCI) industry and government requirements. PCI security standards are in place to protect cardholder data. These standards apply to all organizations that store, process, or transmit cardholder data and cover technical and operational payment system components involving cardholder data.

Fitstop does not represent or certify that the credit card processing service they approve or provide is compliant with PCI Data Security Standards, whether or not certified. This means that while Fitstop requires franchisees to adhere to PCI standards, the responsibility for ensuring compliance ultimately falls on the franchisee.

This is a common practice in franchising, where franchisors set standards but franchisees must implement and maintain them. Prospective Fitstop franchisees should independently verify the PCI compliance of any credit card processing services they use, even if those services are approved or provided by Fitstop. Failure to comply with PCI standards can result in significant fines and penalties, as well as damage to the franchisee's reputation.