Skip to main content

Discover® Information Security & Compliance (DISC)

DISC overview

Data security is a top priority for Discover®. The Discover Information Security & Compliance (DISC) program was developed to implement and maintain efficient data security requirements and procedures for its partners, and to promote the adoption of secure transaction processing of cardholder data on the Discover® Global Network.

As a founding member, Discover works with other payments participants on an ongoing basis as part of the Payment Card Industry Security Standards Council, LLC (PCI SSC). The PCI SSC was created to develop and evolve the Payment Card Industry (PCI) security standards focused on protecting cardholder data throughout the payment transaction lifecycle. Discover is committed to the protection of payment card data, and thus the DISC program is aligned with the PCI security standards to help safeguard this data and limit data compromises.

To that end, any Merchants that accept Discover Global Network and Acquirers that process Discover transactions, as well their acquired merchants, if they store, process, or transmit Discover Cardholder data on the Discover network  must comply with the Payment Card Industry Data Security Standard (PCI DSS) at all times.

DISC for Merchants

In addition to requiring compliance to the PCI Data Security Standard, Discover requires that each new implementation of payment applications by Merchants and their Agents is compliant with the Payment Card Industry Payment Application Data Security Standard (PA-DSS). For a list of PA-DSS compliant applications or information regarding PA-DSS, please visit the PCI SSC website. PA-DSS will be retired as a standard by October 2022. At such time the new PCI Secure Software Standard will supplant the PA-DSS. To learn more, please visit the PCI SSC website.

Moreover, Merchants accepting PIN entry on POS terminals must comply with Payment Card Industry PIN Security Requirements. To view the current PCI PIN standard, please visit the PCI SSC website.

Software-Based PIN Entry on COTS (SPoC) Solutions enable EMV contact and contactless transactions with PIN entry on the merchant's consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Discover strongly recommends all SPoC solutions be PCI certified (PCI Software-Based PIN Entry on COTS) and listed on the PCI SSC website.

Contactless Payments on COTS (CPoC) Solutions enable Merchants to accept contactless payments using a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet) with near-field communication (NFC). Discover strongly recommends all CPoC solutions be PCI certified (PCI Contactless Payments on COTS) and listed on the PCI SSC website.

DISC for Acquirers & Service Providers

There are separate compliance requirements for Acquirers and Service Providers. In addition to requiring compliance to the PCI Data Security Standard, Discover supports the Payment Application Data Security Standard (PA-DSS) and strongly recommends that Acquirers ensure their Merchants, Service Providers and Agents use payment applications that have been validated as compliant with the PCI Payment Application Data Security Standard (PA-DSS).

For more information regarding PA-DSS, please visit the PCI SSC website.

PA-DSS will be retired as a standard by October 2022. At such time the new PCI Secure Software Standard will supplant the PA-DSS. To learn more, please visit the PCI SSC website.

Moreover, Acquirers and their Agents who store, process, transfer or otherwise handle PIN numbers as part of a credit or debit card authorization process must comply with Payment Card Industry PIN Security Requirements. To view the current PCI PIN standard, please visit the PCI SSC website.

Software-Based PIN Entry on COTS (SPoC) Solutions enable EMV contact and contactless transactions with PIN entry on the Merchant's consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Discover strongly recommends all SPoC solutions be PCI certified (PCI Software-Based PIN Entry on COTS) and listed on the PCI SSC website.

Contactless Payments on COTS (CPoC) Solutions enable Merchants to accept contactless payments using a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet) with near-field communication (NFC). Discover strongly recommends all CPoC solutions be PCI certified (PCI Contactless Payments on COTS) and listed on the PCI SSC website.

Issuers utilizing Card Production Vendors

Issuers may only use vendors approved by DISC (“Approved Vendor”) to provide goods and services related to the production of Cards. Goods and services provided include, but are not limited to, those provided by vendors and used for Card manufacturing, personalization, and fulfillment.

Contact our Data Security team

To report a data compromise or cardholder breach, call 1-800-347-3083. Or contact us for any compliance-related questions.