What are the responsibilities of a Budget licensee regarding compliance with Payment Card Industry Data Security Standards (PCI Standards)?
Budget Franchise · 2025 FDDAnswer from 2025 FDD Document
tructure to protect its computer systems, reservation systems, network devices and/or the data processed thereon against the risk of hacking, surveillance, theft or penetration by, or exposure to, a third party via any system or feature utilized by Licensee. Licensee shall also implement and maintain current industry standard anti-malware measures to detect, prevent and remove computer malware and/or other contaminants to prevent the spread of computer viruses between the parties which access or exchange data or software through any network connectivity. Anti-malware measures shall be incorporated on all data transfer mechanisms, including current industry encryption standards, as well as any other points reasonably requested by Budget.
- 9.22 Payment Card Industry ("PCI") Compliance. Licensee is familiar with the Payment Card Industry Data Security Standards which are currently in effect ("PCI Standards") and Licensee agrees to undertake any necessary steps to be or remain in full compliance with all applicable PCI Standards. Further, Licensee is solely responsible for the compliance of any and all third parties (including but not limited to Internet and Host Service Providers) that are given access by Licensee, to Budget customer data. Licensee is also responsible for promptly notifying Budget of any data security compromise and to fully cooperate and assist in any subsequent investigation.
- 9.23 Conduct of Rental Business. Licensee shall comply strictly with all laws, regulations and ordinances pertaining to the operation of the Rental Business and shall refrain from
engaging in any practice which tends to mislead or deceive the public in any way, or which a reasonable person may characterize as unconscionable or which a governmental body claims is an unfair business practice. Licensee agrees to operate the business in a way, which will not discriminate in favor of, or against any class of customers based on race, creed, color, religion or national affiliation or background.
Source: Item 23 — RECEIPTS (FDD pages 80–426)
What This Means (2025 FDD)
According to Budget's 2025 Franchise Disclosure Document, Budget licensees must be familiar with and fully compliant with the Payment Card Industry Data Security Standards (PCI Standards). This means a franchisee must take all necessary actions to meet and maintain compliance with these standards.
Budget franchisees are also responsible for ensuring that any third parties who have access to Budget customer data, such as Internet and Host Service Providers, also comply with PCI Standards. Furthermore, franchisees must promptly inform Budget of any data security breaches and fully cooperate with any subsequent investigations.
Budget also stipulates that licensees will be held responsible for expenses required to correct any non-conformity of the licensee's equipment or communication systems, including non-PCI compliance. Failure to adhere to the Controls mandated by ABCR in written procedures constitutes a material breach of the Rental System Agreement and the License Agreement, making the licensee responsible for any resulting damage or expense incurred by ABCR and the System. This could lead to suspension from network access until the issue is resolved to ABCR's satisfaction, and repeated failures may result in permanent disconnection from the System via the Internet at the licensee's expense.