PCI Compliance

Acquirer’s merchant portfolio compliance

Back to compliance resources

Acquirers are required to submit a report of their merchant portfolio compliance to Discover twice per year in accordance with the calendar below. It is the responsibility of the acquirer to ensure that their merchants are following the appropriate DISC requirements for validating and reporting their compliance status. Please refer to the Merchant Level table, for required validation and reporting requirements and the acceptable PCI DSS version. Discover requests that acquirers use the DISC Acquirer Portfolio Compliance Status Submission form when submitting their merchant portfolio compliance status.

To obtain a copy of the DISC Acquirer Portfolio Compliance Status Submission Form required for validation and reporting the status of compliance of your merchants, please download the form and submit for approval. Included in the form are instructions and tips for completion.

Please consult the calendar below for compliance reporting deadlines.

Acquirer Portfolio Compliance Reporting Calendar

DISC Acquirer Portfolio Compliance Status Submission Form must be submitted no later than:

  • June 30
  • December 31

Note: Completed semiannually

Service Provider & Acquirer Compliance

All acquirers that process, store or transmit cardholder data on the Discover network are required annually to report their compliance status, as a service provider, to Discover Network. Please refer to the Compliance Validation and Reporting Requirements for Service Providers for information on how to validate and report your compliance to Discover Network as a service provider.

Back to compliance resources

Contact Our Data Security Team

To report a data compromise or cardholder breach, call 1-800-347-3083. Or contact us for any compliance-related questions.
Contact Us