Discover Financial Services (NYSE: DFS), a leading credit card issuer and electronic payment services company, today announced it is rolling out an enhancement to its Discover Information Security and Compliance (DISC) program that will streamline the validation and reporting process, making it easier for merchants that process transactions on the Discover Network to communicate their compliance with the PCI Data Security Standard (DSS).
DISC is Discover Network's compliance management program and was designed to support the requirements outlined in the PCI DSS. The PCI DSS is an industry security requirement for safeguarding payment cardholder data. It was developed to facilitate the broad adoption of consistent data security measures on a global basis to assist in the prevention of cardholder data compromises in the card payments industry. PCI DSS compliance is required of any organization that stores, processes or transmits payment cardholder data.
Discover's merchant level framework enhancement helps bring network merchant categorization into closer alignment and each merchant level will have its own associated validation and reporting requirements. The merchant level framework is comprised of four levels:
- Level 1 - all merchants processing more than 6 million Discover Network transactions per year; any merchant that Discover Network determines should meet level 1 compliance and reporting requirements; all merchants required by another payments network to validate and report as a level 1 merchant
- Level 2 - all merchants processing 1 million to 6 million Discover Network transactions per year; all merchants required by another payments network to report compliance as a level 2 merchant
- Level 3 - all merchants processing 20,000 to 1 million Discover Network card-not-present only transactions per year; all merchants required by another payments network to report as a level 3 merchant
- Level 4 - all other merchants.
"Data security is a top priority for Discover," said Suzanne Smits, vice president, Discover Financial Services. "Our move to roll out merchant levels is in direct response to feedback from our merchants and acquirers. This enhancement to our DISC program, in addition to leveraging the validation and reporting tools published by the PCI Security Standards Council, will give our merchants and acquirers a more streamlined and consistent process for validating and reporting compliance."
"This is a positive move by Discover," said Ed Labry, president of First Data's USA division. "Streamlining the validation and reporting processes with others in the industry provides a tremendous benefit for us as an acquirer and our merchants. Not only will this provide a more consistent data security framework, but it better drives adoption and compliance of the standard, which is the ultimate goal of our industry."