25
Nov
10

Visa’s Corporate Franchise Servicer Program

My friend, Walter Conway has a great article posted on StoreFrontBackTalk.com regarding this “wonderful” new program and category of third parties for franchise operations where the franchisees’ computer systems are tied to franchiser’s computer systems.  Visa thinks that regardless of whether cardholder data flows back to the franchiser’s systems, if these systems and networks are connected and there is no segmentation of the cardholder data environment, then the franchiser needs to register as an Corporate Franchise Servicer with Visa.  This change will likely create a real mess for a lot of franchise operators particularly hoteliers and certain fast food chains.

UPDATE: We had a number of inquiries regarding this program and had to pose questions to Visa for clarification.  The first question posed was in regards to Web sites that just pass through cardholder data for reservations and the like.  We have always included those sites as part of an organization’s PCI assessment since they transmit cardholder data.  Therefore, they were not like the systems in the fast food industry where no cardholder data was processed, stored or transmitted and therefore not assessed as part of any PCI assessment.  Visa acknowledged that these sorts of Web sites will require organizations to register in their Corporate Franchise Servicer program.  Visa also acknowledged that in order for an organization to register for the Corporate Franchise Servicer program, the organization must file a Report On Compliance (ROC) with their application.

Advertisements

1 Response to “Visa’s Corporate Franchise Servicer Program”



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

November 2010
M T W T F S S
« Oct   Dec »
1234567
891011121314
15161718192021
22232425262728
2930  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 1,843 other followers


%d bloggers like this: