There have been a dramatic proliferation of credit card and security breaches impacting large franchisors. Many of the breaches that impact on the Franchisor’s brand and pocket book emanate from mistakes caused within their Franchisee locations. This “weak link” is difficult to plug up as franchisors are unable to exercise and push down the same security controls and system awareness to their Franchisees as they do with their own employees.
What franchisors have learned is that there is a greater impediment that they face in minimizing the risk of security breaches that is not common to the rest of the corporate world. Thanks to the legal concept of Joint Employer Liability, Franchisors attempt to stay clear of their Franchisees’ day to day operational decisions so that the Franchisor can avoid being sued by a plaintiff’s attorney seeking redress against one of their franchisees for a “local” action or omission. Although this has been an effective approach for Franchisors over the years in other areas, it is more problematic for Franchisors trying to implement a comprehensive plan to better safeguard their enterprise from the immense harm hackers can cause to their brand. As a result, Franchisors are compelled to find trusted third party PCI DSS experts that understand the dilemma and can properly walk the tight rope between Franchisor and Franchisee.