Skip to main content
midnight shape and orange half circle

Discover® Information Security & Compliance (DISC)

DISC overview

Discover places a high priority on data security. The establishment of the Discover Information Security & Compliance (DISC) program is aimed at implementing and sustaining effective data security requisites and protocols for its partners, while advocating for secure transaction processing of cardholder data on the Discover Global Network.

As a founding member, Discover collaborates continually with other participants in the payment industry as part of the Payment Card Industry Security Standards Council, LLC (PCI SSC). The mission of the PCI SSC is to create and develop Payment Card Industry (PCI) security standards with a focus on safeguarding cardholder data throughout the payment transaction lifecycle. Discover's dedication to the security of payment card data is reflected in the alignment of the DISC program with PCI security standards, contributing to the protection of this data and the mitigation of data breaches.

In line with this objective, any Merchants who accept the Discover Global Network and Acquirers processing Discover transactions, along with the merchants they manage, are obligated to adhere to the Payment Card Industry Data Security Standard (PCI DSS) consistently whenever they store, process, or transmit Discover Cardholder data on the Discover network.

DISC for Merchants

Besides mandating adherence to the PCI Data Security Standard, Discover also necessitates that every new deployment of payment applications by Merchants and their Agents conforms to the Payment Card Industry Secure Software Standard. For more information, please refer to the PCI SSC website.  PCI SSC website.

Furthermore, Merchants who accept PIN entry on Point of Sale (POS) terminals must comply with the Payment Card Industry PIN Security Requirements. To access the current PCI PIN standard, kindly visit the PCI SSC website..

Software-Based PIN Entry on Commercial Off-The-Shelf (COTS) Solutions (SPoC) facilitate EMV contact and contactless transactions with PIN entry on the merchant's consumer device through a secure PIN entry application combined with a Secure Card Reader for PIN (SCRP). It is highly recommended by Discover that all SPoC solutions carry PCI certification (PCI Software-Based PIN Entry on COTS) and are listed on the  PCI SSC website.

For Contactless Payments on Commercial Off-The-Shelf (COTS) Solutions (CPoC), which enable Merchants to accept contactless payments via a readily available mobile device with near-field communication (NFC), Discover strongly advises that all CPoC solutions attain PCI certification (PCI Contactless Payments on COTS) and be featured on the  PCI SSC website.

DISC for Acquirers & Service Providers

Distinct compliance requisites apply to Acquirers and Service Providers. In addition to demanding adherence to the PCI Data Security Standard, Discover advocates for the PCI Secure Software Standard and strongly advises Acquirers to ensure that their Merchants, Service Providers, and Agents employ payment systems that have been validated as compliant with this standard.

For additional information about the PCI Secure Software Standard, please consult the PCI SSC website.

Furthermore, Acquirers and their Agents tasked with storing, processing, transferring, or managing PIN numbers within credit or debit card authorization processes must meet the Payment Card Industry PIN Security Requirements. To access the current PCI PIN standard, kindly visit thes  PCI SSC website.

Software-Based PIN Entry on Commercial Off-The-Shelf (COTS) Solutions (SPoC) enable EMV contact and contactless transactions with PIN entry on the Merchant's consumer device using a secure PIN entry application along with a Secure Card Reader for PIN (SCRP). It is strongly recommended by Discover that all SPoC solutions receive PCI certification (PCI Software-Based PIN Entry on COTS) and are listed on the  PCI SSC website.

For Contactless Payments on Commercial Off-The-Shelf (COTS) Solutions (CPoC), enabling Merchants to accept contactless payments using readily available mobile devices (e.g., smartphones or tablets) with near-field communication (NFC), Discover strongly suggests that all CPoC solutions achieve PCI certification (PCI Contactless Payments on COTS) and be featured on the  PCI SSC website.

Issuers utilizing Card Production Vendors

Sanquest Card Issuers are exclusively permitted to engage vendors endorsed by DISC ("Approved Vendor*") to furnish them with products and services pertaining to Card production. These offerings encompass, but are not restricted to, Card manufacturing, personalization, and fulfillment, all aligned with existing security protocols and card specifications. 

* Please take note: Commencing October 13, 2023, the "Approved Vendor" list will be retired, enabling Issuers to independently select their Card Production Vendors for Card-related goods and services, provided such vendors adhere to PCI Card Production standards.

Contact our Data Security team

If you need to report a data breach or cardholder data breach, you can reach out by dialing 1-800-347-3083. Alternatively, feel free to get in touch with us for any inquiries related to compliance.

Contact us