PCI DSS 4.0 and AI Assistants: The New Cardholder-Data Reality
PCI DSS 4.0 tightens scope and evidence requirements. Pasting a PAN into ChatGPT is a scope-expansion event most merchants have not accounted for.
Scope is the whole game
PCI DSS applies to every system component that stores, processes or transmits cardholder data, plus every connected system. If a support agent pastes a customer PAN into ChatGPT to draft a refund email, ChatGPT is now in scope — and OpenAI's inference infrastructure is now a connected system.
4.0 evidence changes
Requirement 12.10.5 explicitly requires monitoring critical security-control failures. That includes DLP controls on channels where cardholder data could plausibly be sent. 'We told employees not to' is not a monitored control.
The browser-edge control
Detecting a PAN in a prompt textbox before it is sent — with Luhn validation and BIN sanity check to avoid false positives on ISBNs — and either blocking or tokenising it, is the compensating control that keeps ChatGPT out of PCI scope. It is also cheap: card patterns are the easiest PII category to catch reliably.
Frequently asked
What about tokenised cards?+
A tokenised card outside the token vault is out of scope. A raw PAN in an LLM prompt is not tokenised in the PCI sense.
Does this apply to test cards?+
Test cards specifically issued for testing (4111...) are out of scope. Real cards in test environments are not.