Before you begin the PCI compliance assessment process, it’s important to understand your merchant-level categorization and corresponding compliance validation and reporting requirements. It’s also important to know whether you have a direct contractual relationship with Discover (Discover Merchants), or if you have a contract with a Discover Acquirer (Acquired Merchants). This information will help you understand where and how you are required to submit your compliance report.
An organization’s Discover Merchant Level is determined by several factors: annual transaction volume, merchant level with other payment brands and, in some cases¹, the discretion of Discover.
1. Any merchant that suffers a data security breach that resulted in the actual or suspected compromise of Discover Cardholder data may be required to validate their compliance with the PCI DSS at a higher level as determined by the sole discretion of Discover.
Back to compliance resources