Credit Card Processing, Security and PCI Compliance

Discover Information Security and Compliance Program

by

August 07, 2023

If you process credit cards (whether face-to-face or online) you need to be fully compliant with the guidelines and regulations for credit card security and processing.

In this article we’ll be exploring the Discover Information Security and Compliance (DISC) Program.

Before we get into Discover’s specific rules, you’ll need to make sure you’re compliant with PCI DSS – This is an agreed set of requirements for everyone involved in the credit card system. You can check out our article on PCI compliance if you need more information.

Meeting PCI DSS standards is essential, as that’s what Discover and other credit card providers will ask you to prove. Once you know you’re meeting PCI DSS, you can start going through Discover’s compliance program. Here’s how.


Find Out What Merchant Level

All of Discover’s requirements are based on what’s called your “merchant level” (from 1 to 3 – 1 being the highest), with higher levels needing to do more. In the past, Discover has utilized 4 merchant levels, but at the time of this update, there are only 3, as explained on the company’s website.

You can find your merchant level as follows:

You’re a level 1 merchant if:

  • You process more than 6 million transactions annually on the Discover network.
  • Another credit card provider (e.g. Amex, Visa) has decided you are a level 1 merchant.
  • You have suffered a data security breach resulting in an actual or suspected compromise of Discover cardholder data.
  • Discover decides you’re level 1.

You’re a level 2 merchant if:

  • You process between 1 million and 6 million transactions annually on the Discover network.

You’re a level 3 merchant if:

  • None of the above conditions for other levels apply.

Once you know your merchant level, you can find out what requirements you need to meet.

Requirements and Paperwork

The table below provides guidelines on what requirements you’ll need to meet to achieve and maintain compliance. Links under the table offer more information on the specific requirements.

 

Discover merchant level chart

Report on Compliance
Qualified Security Assessor
Attestation of Compliance
Self-Assessment Questionnaire
Approved Scan Vendor

Once you know what you need to do, you’ll need to contact an approved vendor to carry out the requirements and go through the validation process.

Providing Documents to Discover

Once you’ve carried out all of the necessary steps and put your reports and compliance documents together, you’ll need to send them to Discover.

  • Electronic – Send electronic copies to DISCCompliance@discover.com. If you need to setup encryption or PGP, email DISCCompliance@discover.com to request a public PGP key or a secure email connection.
  • Hardcopy – Send paper copies to:
    DFS Services LLC, Discover Network-Data Security
    2500 Lake Cook Road
    Riverwoods, IL 60015.

Useful Resources and Further Information

See also:

Visa CISP
Mastercard SDP
American Express Data Security Operating Policy

TwitterFacebookLinkedIn
Ben Dwyer

BY Ben Dwyer

Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing. As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.

Please join the conversation

Your email address will not be published.

FOUND THIS USEFUL? SHARE THIS!
 

Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!
 

You might also like…

Discover Information Security and Compliance Program
Discover Information Security and Compliance Program

View all articles