Discover® Information Security & Compliance (DISC)

DISC overview

Data security is a top priority for Discover® Network. The Discover Information Security & Compliance (DISC) program was developed to implement and maintain efficient data security requirements and procedures for its partners, and to promote the adoption of secure transaction processing of cardholder data on Discover Network.

As a founding member, Discover Network works with other payments participants on an ongoing basis as part of the Payment Card Industry Security Standards Council, LLC (PCI SSC). The PCI SSC was created to develop and evolve the Payment Card Industry (PCI) security standards focused on protecting cardholder data throughout the payment transaction lifecycle. Discover Network is committed to the protection of payment card data, and thus the DISC program is aligned with the PCI security standards to help safeguard this data and limit data compromises.

To that end, any Merchants that accept Discover Network and Acquirers that process Discover Network transactions, as well their acquired merchants, Service Providers, and Agents, if they store, process, or transmit Discover Network Cardholder data on Discover Network  must comply with the Payment Card Industry Data Security Standard (PCI DSS) at all times.

DISC for Merchants

In addition to requiring compliance with the PCI Data Security Standard, Discover Network requires that each new implementation of payment applications by Merchants and their Agents is compliant with the Payment Card Industry Secure Software Standard. To learn more, please visit the  PCI SSC website.

Merchants accepting PIN entry on POS terminals must comply with Payment Card Industry PIN Security Requirements. To view the current PCI PIN standard, please visit the  PCI SSC website.

Discover Network strongly recommends the use of Payment Card Industry (PCI) certified devices such as PIN Transaction Security Point of Interaction (PTS POI) or Point-to-Point Encryption (P2PE) devices or PCI Mobile Payment on COTs (MPoC) for PIN Acceptance.

Mobile Payments on COTS (MPoC), Contactless Payments on COTS (CPoC), and Software-based PIN Entry on COTS (SPoC) Standards provide security requirements for mobile applications to accept payments on a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet). Discover Network requires contactless mobile solutions to be compliant with applicable MPoC, CPoC, and SPoC standards in accordance with D-PAS and D-PAS Connect certification requirements.

For more information on MPoC, please visit the  PCI SSC website.

DISC for Acquirers & Service Providers

There are separate compliance requirements for Acquirers and Service Providers. In addition to requiring compliance to the PCI Data Security Standard, Discover requires that each new implementation of payment software solutions by you, your Agents, including Acquirer Processors, your Merchants, Merchant Processors and any Sponsored Merchants is compliant with the Payment Card Industry (PCI) Secure Software Standard.

For more information regarding PCI Data Security Standard or the PCI Secure Software Standard, please visit the  PCI SSC website.

Acquirers and their Agents who store, process, transfer or otherwise handle PIN numbers as part of a credit or debit card authorization process must comply with Payment Card Industry PIN Security Requirements. To view the current PCI PIN standard, please visit the  PCI SSC website.

Discover Network strongly recommends the use of Payment Card Industry (PCI) certified devices such as PIN Transaction Security Point of Interaction (PTS POI) or Point-to-Point Encryption (P2PE) devices or PCI Mobile Payment on COTs (MPoC) for PIN Acceptance.

Mobile Payments on COTS (MPoC), Contactless Payments on COTS (CPoC), and Software-based PIN Entry on COTS (SPoC) Standards provide security requirements for mobile applications to accept payments on a commercial off-the-shelf (COTS) mobile device (e.g., smartphone or tablet). Discover Network requires contactless mobile solutions to be compliant with applicable MPoC, CPoC, and SPoC standards in accordance with D-PAS and D-PAS Connect certification requirements.

For more information on MPoC, please visit the  PCI SSC website.

Issuers utilizing Card Production Vendors

Discover Network Issuers are allowed to choose their own Card Production Vendors to provide them with goods and services related to the production of Cards, as long as such vendors are compliant with PCI Card Production and Provisioning Logical, Physical Security Requirements. Such goods and services provided to the Issuer include, but are not limited to, card manufacturing, personalization, and fulfillment in accordance with current security procedures and card specifications.