|
Service providers that process, store or transmit Discover Network Cardholder data are urged to comply with the PCI DSS at all times.
When validating compliance to the PCI DSS, service providers may contract with a Qualified Security Assessor (QSA) to perform their compliance assessments or perform a self-assessment. All self-assessments must be performed using the applicable PCI DSS Payment Card Industry Self-Assessment Questionnaire and must be certified by an authorized officer of the service provider. The PCI SSC Web site contains the following useful information when validating compliance:
- PCI DSS
- PCI DSS Security Audit Procedures
- PCI DSS Payment Card Industry Self-Assessment Questionnaire (SAQ)
- List of Approved Scanning Vendors (ASV)
- List of Qualified Security Assessors (QSA)
Discover Network may require service providers to report their compliance status on an annual basis, or upon request from Discover Network. Service providers that performed a self-assessment may report their compliance status by submitting the applicable SAQ Attestation of Compliance to Discover Network.
Service providers that contracted with a QSA may report their compliance status using the DISC Attestation of Compliance Form
. This two-page form allows service providers to communicate their compliance status to Discover Network by completing the form and having an authorized officer of the company sign the completed document. Instructions for submitting this information to Discover Network are included on the form.
|