Who bears the expense for upgrading technology to maintain compliance with Point to Point Credit Encryption Standards (P2PE) and the Payment Card Industry Data Security Standard (PCI DSS) for a Hardees franchise?
Hardees Franchise · 2025 FDDAnswer from 2025 FDD Document
Franchisee shall: (1) use the proprietary software program, system documentation manuals and other proprietary materials now and hereafter required by HR in connection with the operation of the Franchised Restaurant; (2) if requested by HR, execute HR's standard software license or similar Agreement; (3) input and maintain in Franchisee's computer such data and information as HR prescribes in the OPM, software programs, documentation or otherwise; (4) purchase new or upgraded software programs, system documentation manuals and other proprietary materials at then-current prices whenever adopted system-wide by HR; (5) comply with Point to Point Credit Encryption Standards ("P2PE") and the
Payment Card Industry Data Security Standard ("PCI DSS") at all times, and if necessary to maintain such compliance, upgrade its technology, at Franchisee's expense; and (6) engage any vendor that HR designates to ensure the security of Franchisee's data and compliance with P2PE and PCI DSS. Franchisee must maintain continuous compliance and attest annually by providing a completed and signed PCI Attestation of Compliance (AOC) to HR.
Source: Item 22 — Contracts (FDD page 85)
What This Means (2025 FDD)
According to Hardees's 2025 Franchise Disclosure Document, the franchisee is responsible for the expenses associated with upgrading technology to maintain compliance with Point to Point Credit Encryption Standards (P2PE) and the Payment Card Industry Data Security Standard (PCI DSS). This requirement is part of the franchisee's obligation to adhere to data security standards.
This means that a Hardees franchisee must invest in and maintain the necessary technology to ensure that all credit card transactions and data handling meet the required security protocols. These protocols are designed to protect customer data and prevent fraud. The franchisee's responsibility includes not only the initial setup but also ongoing upgrades and maintenance to stay compliant with evolving standards.
For a prospective Hardees franchisee, this implies a potentially significant and ongoing cost. It is crucial to budget for these technology upgrades and factor them into the overall financial planning for the franchise. Additionally, franchisees must stay informed about changes to P2PE and PCI DSS requirements to ensure continuous compliance and avoid potential penalties or security breaches.