Service Provider Compliance
All Service Providers, including Acquirers, Processors and Gateway Providers who store, process, or transmit Discover® Cardholder data are required to comply with the PCI DSS. They may be required to report their compliance status upon a request from Discover.
Note: Discover reserves the right to request a full copy of a Service Provider’s Report on Compliance or Self-Assessment Questionnaire (SAQ) at its discretion. The Service Provider must comply with such a request promptly.
All Service Providers, including Acquirers and Acquirer Processors that store, process, or transmit Discover Cardholder data on the Discover network may be required to report their compliance annually upon a request from Discover. To validate and report their compliance status to Discover Network, Service Providers submit one of the following:
Note: Please ensure that all assessments use the most current version of PCI DSS that applies to the reporting period.
Service Providers that perform a self-assessment are required to complete PCI DSS Self-Assessment Questionnaire D and submit the Service Provider Version of the Attestation of Compliance.
Submission of an action plan to Discover Global Network shall not be deemed a waiver by Discover Global Network of its rights under any applicable agreement or operating regulations.
All Service Providers are required to submit a compliance report every year.