What are the components of 'Cardholder Data' that Dollar Rent A Car franchisees must protect?
Dollar_Rent_A_Car Franchise · 2025 FDDAnswer from 2025 FDD Document
You shall ensure that Your hardware, software, business practices, and information security program are consistent with the PCI Standards and the requirements outlined in the "Franchisee Information Security Standards", if You have access to, process, store, or otherwise handle Cardholder Data. "Cardholder Data" means: (i) with respect to a payment card, the account holder's name, account number, service code, card validation code/value, PIN or PIN block, valid to and from dates and magnetic stripe data; and (ii) information relating to a payment card transaction that is identifiable with a specific account. "PCI Standards" means the security standards for the protection of payment card data with which the payment card companies require merchants to comply, including, but not limited to, the Payment Card Industry Data Security Standards currently in effect and as may be updated from time to time. If any audit or inspection conducted pursuant to this Agreement reveals a material technical issue, security problem, or other non-compliance with any applicable Data Protection Requirement(s) and/or the PCI Standards, You will pay Our costs for conducting such audit and/or inspection and will propose an appropriate written response, including a plan for the remediation of the problem, within the time reasonably requested by Us. Upon Our approval of such plan, You will remedy the problem according to the plan. We will not be responsible for any additional costs or fees related to such remedy.
Source: Item 23 — RECEIPTS (FDD pages 102–301)
What This Means (2025 FDD)
According to Dollar Rent A Car's 2025 Franchise Disclosure Document, franchisees must protect 'Cardholder Data' if they have access to, process, store, or otherwise handle it. Cardholder Data includes two main categories of information. First, it encompasses details related to a payment card, specifically the account holder's name, account number, service code, card validation code/value, PIN or PIN block, valid to and from dates, and magnetic stripe data. Second, it includes any information relating to a payment card transaction that can be identified with a specific account.
This means that Dollar Rent A Car franchisees are responsible for securing a wide range of sensitive customer financial information. The Payment Card Industry Data Security Standards (PCI Standards) are the benchmark for these security measures, and franchisees must ensure their hardware, software, business practices, and information security programs align with these standards.
Failure to comply with these data protection requirements and PCI Standards can result in financial penalties for the Dollar Rent A Car franchisee. If an audit or inspection reveals a material technical issue, security problem, or any non-compliance, the franchisee will be responsible for covering the costs of the audit or inspection. Furthermore, the franchisee must propose a written plan to remediate the problem within a timeframe specified by Dollar Rent A Car. The franchisee is solely responsible for all costs and fees associated with implementing the remediation plan.