{"id":2042,"date":"2012-09-12T00:00:00","date_gmt":"2012-09-12T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-compliant-hosting-for-franchises\/"},"modified":"2012-09-12T00:00:00","modified_gmt":"2012-09-12T00:00:00","slug":"pci-compliant-hosting-for-franchises","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/","title":{"rendered":"PCI Compliant Hosting for Franchises"},"content":{"rendered":"

Visa.com has provided a Payment System Security Best Practices for Franchises<\/em> document; a security overview touching on many valuable tips for franchise businesses looking to minimize data breach risks. Visa\u2019s strategy aligns PCI DSS compliance standards with five major areas of risk found in franchises:<\/p>\n

<\/span>1. Payment App Security<\/span><\/h2>\n

One way to stay within PCI DSS boundaries is to understand what kind of data is off-limits for storage. Magnetic stripe, CVV2 and PIN data are all prohibited. Visa recommends franchisors and franchisees do their homework and choose a payment application that won\u2019t store additional data without their knowledge.<\/p>\n

Visa developed a document, Payment Application Best Practices<\/a> (PABP) as a guideline for franchise businesses to follow – one recommendation is to use payment apps that have been validated against their PABP. They also recommend asking your vendors about what type of information they store, and checking with a merchant acquiring bank,<\/em> (the bank that processes credit statements directly; also known as an acquirer<\/em> or merchant bank<\/em>), for a list of apps that may have vulnerabilities. These apps could be fixed with updates or patches, but if updating, the historical, prohibited stored data has to be wiped immediately.<\/p>\n

<\/span>2. Network Security<\/span><\/h2>\n

With an insecure network, many franchises may be at risk to be a target of hackers due to brand recognition and knowledge of a large amount of online transactions, according to Visa. PCI compliant hosting<\/a> may help franchises outsource their network security to ensure a high availability and reliable system; provided their hosting provider is able to attest they meet all of the PCI compliant standards. Seeking a quality hosting provider? Read 8 Questions to Ask Your PCI Hosting Provider<\/a> and Transparency with PCI Hosting Providers: Not Always Included<\/a> for tips on what to look for and questions to ask.<\/p>\n

Visa recommends mandating IP-based POS (Point of Sale) systems for all franchisees, hardware firewalls, logging\/audit trails and strong access controls. Online Tech recommends high availability (HA), redundant firewalls, routers, Internet Service Providers (ISPs), two-factor authentication<\/a> for remote access, web application firewall<\/a> (WAF) and SSL certificates<\/a>. For more details and diagrams, as well as a list of secure server and data center requirements, sign up to read our PCI Compliant Hosting<\/a> white paper (it\u2019s free!).<\/p>\n

<\/span>3. Remote Management App Security<\/span><\/h2>\n

Remote management applications<\/em> (RMAs) are used by corporate franchise businesses to distribute materials and communicate with their franchise community. Some franchisees may establish their own RMAs, and even grant vendors access to service their POS systems, according to Visa. While convenient, RMAs can open up another point of entry for hackers if not secured and configured properly.<\/p>\n

Visa recommends changing all default settings set by vendors and creating unique user IDs and complex passwords, a requirement of PCI. \u00a0Configuring the system to allow connections from only known IPs, or configuring to allow VPNs (Virtual Private Network) remote access before access is granted can also help secure a RMA.<\/p>\n

Two-factor authentication can provide an additional layer of security when users connect via VPN remotely. Online Tech\u2019s method includes 1) Username\/password; 2) Verification via text, passcode, one-button push or voice authentication using a mobile device.<\/p>\n

<\/span>4. Franchisee Contractual Agreements<\/span><\/h2>\n

Visa acknowledges that while franchises and franchisees are bound by three or five year contract agreements, they should also reevaluate at time of renewal to judge whether or not they have achieved adequate data security with their vendors.<\/p>\n

Franchises and franchisees should also amend their contracts to included updated data security policies that align with the PCI DSS standards. As your PCI hosting<\/a> provider, Online Tech has documented security policies and audited staff, PCI compliant data centers<\/a> and solutions.<\/p>\n

<\/span>5. Communication and Training<\/span><\/h2>\n

Visa also recommends that franchisors expand their training programs to include cardholder data security awareness, and to include a incident response plan. PCI DSS mandates merchants establish, document and distribute procedures on behalf of an incident response plan (12.9). An incident response plan include disaster recovery<\/a>, offsite backup<\/a> and more. Find out more by reading Disaster Recovery and Backup with PCI Hosting Providers<\/a>.<\/p>\n

Reference:
\nPayment System Security Best Practices For Franchises<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Visa.com has provided a Payment System Security Best Practices for Franchises document; a security overview touching on many valuable tips for franchise businesses looking to minimize data breach risks. Visa\u2019s strategy aligns PCI DSS compliance standards with five major areas of risk found in franchises: 1. Payment App Security One way to stay within PCI DSS boundaries is to understand what kind of data is off-limits for storage. Magnetic stripe, CVV2 and PIN data are all prohibited. Visa recommends franchisors and franchisees do their homework and choose a payment application that won\u2019t store additional data without their knowledge. Visa developed a document, Payment Application Best Practices (PABP) as a guideline for franchise businesses to follow – one recommendation is to use payment apps that have been validated against their PABP. They also recommend asking your vendors about what type of information they store, and checking with a merchant acquiring bank, (the bank that processes credit statements directly; also known as an acquirer or merchant bank), for a list of apps that may have vulnerabilities. These apps could be fixed with updates or patches, but if updating, the historical, prohibited stored data has to be wiped immediately. 2. Network Security With…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2042","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nPCI Compliant Hosting for Franchises | OTAVA<\/title>\n<meta name=\"description\" content=\"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI Compliant Hosting for Franchises\" \/>\n<meta property=\"og:description\" content=\"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-09-12T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"PCI Compliant Hosting for Franchises\",\"datePublished\":\"2012-09-12T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\"},\"wordCount\":682,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\",\"url\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\",\"name\":\"PCI Compliant Hosting for Franchises | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-09-12T00:00:00+00:00\",\"description\":\"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI Compliant Hosting for Franchises\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PCI Compliant Hosting for Franchises | OTAVA","description":"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/","og_locale":"en_US","og_type":"article","og_title":"PCI Compliant Hosting for Franchises","og_description":"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:","og_url":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/","og_site_name":"OTAVA","article_published_time":"2012-09-12T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"PCI Compliant Hosting for Franchises","datePublished":"2012-09-12T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/"},"wordCount":682,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/","url":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/","name":"PCI Compliant Hosting for Franchises | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-09-12T00:00:00+00:00","description":"Security overview touching on valuable tips for franchise businesses looking to minimize data breach risks. Details five areas of risk found in franchises:","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/pci-compliant-hosting-for-franchises\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"PCI Compliant Hosting for Franchises"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2042"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2042\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2042"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}