The Green Sheet Online Edition
January 21, 2009 • Issue 09:01:02
Discover streamlines compliance
Discover Financial Services rolled out an enhancement to its Discover Information Security and Compliance (DISC) program on Jan. 16, 2009. It is designed to streamline the validation and reporting processes and make it easier for merchants who process transactions on the Discover network to verify their compliance with the Payment Card Industry (PCI) Data Security Standard (DSS).
Discover created the DISC program to promote and sustain secure transaction processing, as well as support and maintain efficient DSS-compliance procedures for its merchants and acquirers.
Levels, numbers, alignment
With this move, DISC merchant categorizations are now in closer alignment with the PCI DSS categories. Each of four merchant levels has its own associated validation and reporting requirements, as follows:
- Level 1: All merchants processing more than 6 million Discover network transactions per year; any merchant that Discover Network determines should meet level 1 compliance and reporting requirements; all merchants required by another payment network to validate and report as level 1 merchants
- Level 2: All merchants processing 1 million to 6 million Discover network transactions annually; all merchants required by another payment network to report compliance as level 2 merchants
- Level 3: All merchants processing 20,000 to 1 million Discover network card not present only transactions each year; all merchants required by another payment network to report as level 3 merchants
- Level 4: All other merchants
Good idea, right time
"Data security is a top priority for Discover," said Suzanne Smith, Vice President for Discover. "Our move to roll out merchant levels is in direct response to feedback from our merchants and acquirers.
"This enhancement to our DISC program, in addition to leveraging the validation and reporting tools published by the PCI Security Standards Council, will give our merchants and acquirers a more streamlined and consistent process for validating and reporting compliance."
Ed Labry, President of First Data Corp.'s USA Division, said streamlining the validation and reporting process with others in the industry is a positive move by Discover and will provide tremendous benefits to acquirers and merchants. "Not only will this provide a more consistent data security framework, but it better drives adoption and compliance of the [PCI DSS], which is the ultimate goal of our industry," Labry said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.