Card Production Vendor Compliance
All Approved Vendors* providing services to Discover® Global Network Issuers for the production of payment card products must comply with the Payment Card Industry (PCI) Card Production Physical & Logical Security Requirements currently in effect (as applicable to their services provided). Please refer to the Validation and Reporting Requirements for Card Production Vendors for information on how to validate and report your compliance.
* Note: Effective October 13, 2023, the “Approved Vendor” list will be retired, and Issuers will be able to choose their own Card Production Vendors to provide them with goods and services related to the production of Cards, as long as such vendors are compliant with PCI Card Production standards.
Validation and reporting requirements for Card Production Vendors
Validation
Card Production Vendors providing services to Discover Global Network Issuers for the production of payment card products must annually validate compliance to the PCI Card Production Physical and Logical Security Requirements. Such assessments must be completed by a PCI certified Card Production Security Assessor (CPSA) company and must include an applicable on-site assessment*.
Reporting
Card Production Vendors providing services to Discover Global Network Issuers for the production of payment card products must, upon a request from Discover, submit to DISC the completed and signed Attestation of Compliance (AOC) and Report on Compliance (ROC) attesting to their ongoing compliance with the PCI Card Production Physical and Logical Security Requirements.
*Note: On-site assessments may only be performed by a PCI approved Card Production Security Assessor (CPSA).
Contact our Data Security team
To report a data compromise or cardholder breach, call 1-800-347-3083. Or contact us for any compliance-related questions.