Compliance

PCI DSS 4.0 and AI Assistants: The New Cardholder-Data Reality

PCI DSS 4.0 tightens scope and evidence requirements. Pasting a PAN into ChatGPT is a scope-expansion event most merchants have not accounted for.

PromptShielder Security Team· Applied cryptography & privacy engineering July 1, 2025 6 min read

Scope is the whole game

PCI DSS applies to every system component that stores, processes or transmits cardholder data, plus every connected system. If a support agent pastes a customer PAN into ChatGPT to draft a refund email, ChatGPT is now in scope — and OpenAI's inference infrastructure is now a connected system.

4.0 evidence changes

Requirement 12.10.5 explicitly requires monitoring critical security-control failures. That includes DLP controls on channels where cardholder data could plausibly be sent. 'We told employees not to' is not a monitored control.

The browser-edge control

Detecting a PAN in a prompt textbox before it is sent — with Luhn validation and BIN sanity check to avoid false positives on ISBNs — and either blocking or tokenising it, is the compensating control that keeps ChatGPT out of PCI scope. It is also cheap: card patterns are the easiest PII category to catch reliably.

Frequently asked

What about tokenised cards?+

A tokenised card outside the token vault is out of scope. A raw PAN in an LLM prompt is not tokenised in the PCI sense.

Does this apply to test cards?+

Test cards specifically issued for testing (4111...) are out of scope. Real cards in test environments are not.

Sources
Compliance
Try PromptShielder

Redact prompts before they leave your browser.

Free to try. Nothing is sent to a server. Ever.