An interesting post from blog.elementps.com on the difficulties of franschise models and their impact on the paths of responsibility for PCI DSS compliance.

From a branding standpoint, franchisors have a lot to lose if one of their franchisees falls victim to a breach.  Depending on the level of media attention the breach garners, one for a store in downtown Philadelphia has the potential to negatively affect the brand – and, arguably, sales— across the state, regionally or even nationally.

The interesting thing with franchising and PCI DSS is that while franchisees may have individual merchant accounts with the bank (and therefore be responsible for their own reporting) the impact of a breach on the franchisers compliance may come up for question if a breach was to occur, as well as the inevitable brand reputation loss…

I’d be interested to here any feedback from the field on the topic.

Related articles by Zemanta

• PCI DSS Myths 2009: Myths and Reality (slideshare.net)
• ProPay to Host 2010 Data Security Summit (eon.businesswire.com)
• Why Businesses need to be PCI Compliant (wealthyways4you.com)
• Goodbye PCI – Hello Encryption and Data Loss Prevention Products (pindebit.blogspot.com)
• 2010 Compliance Laws (deurainfosec.com)