Discover Information Security and Compliance Program

In this article we’ll be exploring the Discover Information Security and Compliance (DISC) Program.

Before we get into Discover’s specific rules, you’ll need to make sure you’re compliant with PCI DSS – This is an agreed set of requirements for everyone involved in the credit card system. You can check out our article on PCI compliance if you need more information.

Meeting PCI DSS standards is essential, as that’s what Discover and other credit card providers will ask you to prove. Once you know you’re meeting PCI DSS, you can start going through Discover’s compliance program. Here’s how.


Find Out What Merchant Level

All of Discover’s requirements are based on what’s called your “merchant level” (from 1 to 3 – 1 being the highest), with higher levels needing to do more. In the past, Discover has utilized 4 merchant levels, but at the time of this update, there are only 3, as explained on the company’s website.

You can find your merchant level as follows:

You’re a level 1 merchant if:

  • You process more than 6 million transactions annually on the Discover network.
  • Another credit card provider (e.g. Amex, Visa) has decided you are a level 1 merchant.
  • You have suffered a data security breach resulting in an actual or suspected compromise of Discover cardholder data.
  • Discover decides you’re level 1.

You’re a level 2 merchant if:

  • You process between 1 million and 6 million transactions annually on the Discover network.

You’re a level 3 merchant if:

  • None of the above conditions for other levels apply.

Once you know your merchant level, you can find out what requirements you need to meet.

Requirements and Paperwork

The table below provides guidelines on what requirements you’ll need to meet to achieve and maintain compliance. Links under the table offer more information on the specific requirements.

 

Discover merchant level chart

Report on Compliance
Qualified Security Assessor
Attestation of Compliance
Self-Assessment Questionnaire
Approved Scan Vendor

Once you know what you need to do, you’ll need to contact an approved vendor to carry out the requirements and go through the validation process.

Providing Documents to Discover

Once you’ve carried out all of the necessary steps and put your reports and compliance documents together, you’ll need to send them to Discover.

  • Electronic – Send electronic copies to DISCCompliance@discover.com. If you need to setup encryption or PGP, email DISCCompliance@discover.com to request a public PGP key or a secure email connection.
  • Hardcopy – Send paper copies to:
    DFS Services LLC, Discover Network-Data Security
    2500 Lake Cook Road
    Riverwoods, IL 60015.

Useful Resources and Further Information

See also:

Visa CISP
Mastercard SDP
American Express Data Security Operating Policy

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *