Does Fitstop require franchisees to comply with PCI industry and government requirements?

According to Fitstop's 2024 Franchise Disclosure Document, franchisees are required to comply with payment card industry (PCI) and government requirements because they accept credit cards as a method of payment at their franchise. PCI security standards are in place to protect cardholder data and apply to all organizations that store, process, or transmit this data. These standards cover the technical and operational components of payment systems that involve cardholder data.

Even though Fitstop requires compliance with PCI standards, the FDD states that Fitstop does not represent or certify that the credit card processing service they approve or provide is compliant with PCI Data Security Standards. This means that while Fitstop mandates the use of credit card processing, it does not guarantee the security or compliance of those services.

For a prospective Fitstop franchisee, this means they must ensure their credit card processing systems and practices meet all PCI requirements. This includes understanding and implementing the necessary technical and operational security measures to protect cardholder data. Given that Fitstop does not certify the compliance of its approved services, franchisees should independently verify that their systems are secure and compliant with all applicable standards. This may involve hiring a qualified security assessor to conduct regular audits and ensure ongoing compliance.