Identifying Merchant Level

Prior to beginning the PCI compliance assessment process, it is important to understand your merchant level categorization and corresponding compliance validation and reporting requirements. Lastly, knowing whether you have a direct acquiring relationship with Discover or through a third party will help you understand your requirements and where to send your documentation.

An organization’s Discover Merchant Level is determined by several factors: annual transaction volume, merchant level with other payment brands, and, in some cases¹, the discretion of Discover.

Level Validation
1 All merchants processing more than 6 million card transactions annually on the Discover network. Any merchant that Discover, in its sole discretion1, determines should meet the Level 1 compliance validation and reporting requirements All merchants required by another payment brand or acquirer to validate and report their compliance as a Level 1 merchant
2 All merchants processing between 1 million and 6 million card transactions annually on the Discover network
3 All merchants processing between 20,000 and 1 million card-not-present only transactions annually on the Discover network
4 All other merchants
1Any merchant that suffers a data security breach that resulted in the actual or suspected compromise of Discover Cardholder data may be required to validate their compliance with the PCI DSS at a higher level, as determined in the sole discretion of Discover.
Please Note: JavaScript is not enabled in your web browser. In order to enjoy the full experience of the Discover Network website, please turn JavaScript on. If JavaScript is disabled, some of the functionality on our website will not work.