There are reports from the financial industry that Dairy Queen may be the latest company to be the victim of cybercrime. DQ says that they have no reports of this, however, most of there stores are franchises and there is no established process in place to report a security breach. So it is possible several of the franchises are the source of this activity by thieves.
This story demonstrates a problem with national or franchise brands. If the above story ends up being true the franchisee will not be named in the headline of the story, rather the parent company Dairy Queen even though they were not directly responsible in this case.
I am not trying to call out DQ specifically, rather I think this demonstrates an issue with franchises. If I go to a McDonalds in Orangeburg, SC and get a bad meal I say that McDonalds was terrible, not the local guy who owns it. It may change my opinion on the whole company. I went to an Applebee's years ago and they gave my son moldy applesauce, we have not been to another Applebee's since. You remember the experience you had with the parent brand not the franchise.
You have to control your brand weather it is in food, hotels, coffee, or security. Your brands name is on the line. Starbucks does not franchise for this very reason, they want to protect their quality. If you are a franchisor you have to establish clear security practices and subject each office to an assessment as part of the agreement. The requirements for security need to come from the top down. IT security is as important as any other area of the business as a breach will be very costly.