Data Privacy Risk Exists Even When Using Merchant Processing for Credit Card Transactions

October 2, 2012

Data privacy and identity theft are very real threats to franchise owners. Unfortunately many don’t realize it or underestimate the potential for damage to their business from such risks.

In my many visits with franchisors, I often hear that they use a merchant processor for their credit card transactions. Because they don't keep the card information on file, they don't have an exposure with credit card usage. While this offsets some liability, it does not eliminate all exposure for a franchise system.

Some of the reasons are:

  1. If a consumer’s confidential data is compromised by using their card at your store, you are going to be first in line for their anger. For example, if my data was lost or compromised, I am not going to bring suit against the processer, especially the initial suit. If I go to your store and my credit card was compromised there, I am mad at you, and I will sue you.

  2. Even if it was the computer or system owned by a merchant processor that gets hacked, you will likely face liability. Most vendor contracts contain mutual hold harmless wording that allocates some liability back on the individual business for their failure to protect the vendor’s systems or for allowing corrupt software to be downloaded, which opens the door for third-party liability.

  3. Through the power of marketing within your franchise system, you are all instantly linked. A data privacy issue at one franchise location can affect all other franchisees and the brand because these claims tend to be public and talked about in social media. It's important that the franchise system have a true data privacy policy including a crisis management plan in case something does happen. This will help mitigate claim issues, and minimize public relations issues.

Fortunately, there is protection available for this exposure. Data privacy insurance is available to protect your business, and its reputation. Not only does it provide for the financial loss but it also provides coverage for investigation, notification, credit monitoring, regulatory issues that may result, additional public relations costs and defense and indemnity for any allegations a third party suffered financial harm.