PCI Compliance

Identify Your Merchant Level

Back to compliance resources

Before you begin the PCI compliance assessment process, it’s important to understand your merchant-level categorization and corresponding compliance validation and reporting requirements. It’s also important to know whether you have a direct contractual relationship with Discover® (Discover® Merchants), or if you have a contract with a Discover® Acquirer (Acquired Merchants). This information will help you understand where and how you are required to submit your compliance report. Please reach out to your Discover representative or email the DISC team at DISCCompliance@discover.com with any inquiries regarding your Discover Merchant type.

An organization’s Discover Merchant Level is determined by several factors: annual transaction volume, merchant level with other payment brands and, in some cases¹, the discretion of Discover.

LEVEL
Description
LEVEL
1
Description

All merchants processing 6 Million or more card transactions annually on the Discover network.

OR

Any merchant that Discover, in its sole discretion, determines should meet the Level 1 compliance validation and reporting requirements.

OR

All merchants required by another payment brand or acquirer to validate and report their compliance as a Level 1 merchant.

LEVEL
2
Description

All merchants processing between 1 Million and 6 Million card transactions annually on the Discover network.

LEVEL
3
Description

All other merchants.

1. Any merchant that suffers a data security breach that resulted in the actual or suspected compromise of Discover Cardholder data may be required to validate their compliance with the PCI DSS at a higher level as determined by the sole discretion of Discover.

Back to compliance resources

Contact Our Data Security Team

To report a data compromise or cardholder breach, call 1-800-347-3083. Or contact us for any compliance-related questions.
Contact Us