Performing a PCI DSS Compliance Assessment

Performing a PCI DSS compliance assessment, or validating compliance, is the process of actually evaluating an organization’s security policies, procedures, and network configurations against each applicable control in the standard. This includes, but is not limited to, testing business facilities, system components, and verifying the security of third party service providers.

Once you determine that you’ll perform a PCI compliance assessment, the first step is to decide whether you’ll self-assess compliance or perform a full on-site assessment.

Self-Assessment

Only Level 2, 3, and 4 Discover Merchants are eligible to perform a self-assessment. If you’re a Level 1 Discover Merchant, you’re required to perform a full on-site assessment. Additionally, if you are required to perform a full on-site assessment for another card brand, you won’t have to perform an additional self-assessment for Discover.

The appropriate tool to perform a self-assessment is the PCI Self-Assessment Questionnaire (“SAQ”), available on the PCI Web site.

Full On-Site Assessment

 Level 1 Discover Merchants are required to perform full on-site assessments. The appropriate tool to perform a full-onsite assessment is the PCI DSS Requirements and Security Assessment Procedures, available on the PCI Web site.

Any merchant that suffers a data security breach that resulted in the actual or suspected compromise of Discover Cardholder data may be required to validate their compliance with the PCI DSS at a higher level, as determined solely by Discover.

Please Note: JavaScript is not enabled in your web browser. In order to enjoy the full experience of the Discover Network website, please turn JavaScript on. If JavaScript is disabled, some of the functionality on our website will not work.