PCI Compliance

Card Production Vendor Compliance

Back to compliance resources

All approved vendors providing services to Discover® Global Network Issuers for the production of payment card products must comply with Discover Information Security Compliance (DISC) program requirements, including submission of annual reporting of their compliance with PCI Card Production Security Requirements and/or other security requirements as deemed applicable by DISC. Please refer to the Validation and Reporting Requirements for Card Production Vendors for information on how to validate and report your compliance to DISC.

Validation and Reporting Requirements for Card Production Vendors:

Validation

Card Production Vendors providing services to Discover Global Network Issuers for the production of payment card products must validate compliance to the PCI Card Production Physical Security Requirements and Logical Security Requirements Annually. Such assessments must be completed by a PCI certified Card Production Security Assessor company and must include an applicable on-site assessment.

Reporting

Card Production Vendors providing services to Discover Global Network Issuers for the production of payment card products must annually submit to DISC the completed and signed Attestation of Compliance (AOC) and Report on Compliance (ROC) attesting to their ongoing compliance with both the PCI Card Production Physical Security Requirements and PCI Card Production Logical Security Requirements Annually.

Note: On-site assessments may only be performed by a PCI approved Card Production Security Assessor (CPSA).

View qualified Card Production Security Accessors


Back to compliance resources