Short answer: PCI DSS v4.0 does not address generative AI tools explicitly, but its existing requirements apply to any system or process that touches cardholder data (CHD) or that is used by personnel who handle CHD. Pasting a card number, a primary account number (PAN), or a transaction record into ChatGPT, Claude, or Gemini is almost certainly a violation of multiple PCI DSS requirements — and potentially a breach reportable to your acquiring bank. This guide explains which PCI requirements are implicated, how AI tools fit into the PCI scope determination, and the workflow patterns that let organizations use AI in payments contexts without expanding scope or creating reportable events.

PCI DSS v4.0: what changed and why AI makes it more relevant

PCI DSS v4.0 became the only active standard on April 1, 2024. Its core framework remains the same — protect cardholder data, maintain a vulnerability management program, implement access controls, monitor networks — but v4.0 adds:

Customized approach: Organizations can now design their own controls to meet stated objectives, rather than following prescriptive requirements. This flexibility matters for AI governance because organizations can design AI-specific controls that satisfy PCI objectives.
Targeted risk analyses (TRAs): Many requirements now call for a formal TRA to determine appropriate frequency and implementation. AI tool usage can be included in these analyses.
Requirements 6.3.3 (software security) and 12.3.4 (technology usage policies): Requirement 12.3.4 specifically requires that organizations review all hardware and software technologies every 12 months to confirm they continue to receive security fixes. "Software technologies" includes AI tools deployed in cardholder data environments (CDEs).

Is using ChatGPT a PCI scope issue?

PCI scope is determined by the cardholder data environment — the people, processes, and technology that store, process, or transmit CHD, plus connected and security-impacting systems. Three questions determine whether an AI tool is in scope:

1. Does the AI tool store, process, or transmit CHD?

If a developer pastes a PAN, a test card number from production logs, or a transaction record into ChatGPT, the answer is yes. ChatGPT's servers have received CHD. That system is now either in scope as a service provider or has triggered a reportable data transmission.

2. Is the AI tool connected to in-scope systems?

An AI coding assistant that has codebase indexing enabled and indexes code that interacts with the CDE is potentially "connected" to in-scope systems. Most QSAs will ask whether AI tools have network connectivity to systems that store or transmit CHD.

3. Could a compromise of the AI tool affect the security of CHD?

This is the security-impacting system test. An AI tool that generates code deployed in the CDE, or whose output (code, configurations) is applied to in-scope systems without code review, could affect CDE security even if CHD never passes through the AI tool directly.

The requirements most commonly implicated by AI tool use

Requirement 3 — Protect stored account data

Requirement 3.3 prohibits storing sensitive authentication data (SAD) after authorization. Requirement 3.4 requires PANs to be rendered unreadable anywhere they are stored. If a developer pastes a PAN into ChatGPT to test regex logic, that PAN is now stored in ChatGPT's conversation history — in violation of the principle that PANs should not exist outside the CDE in readable form.

Requirement 7 — Restrict access to system components and cardholder data

Requirement 7.2 requires access to CHD to be restricted on a need-to-know basis. If AI tools make it easy to share CHD across teams informally (e.g., pasting transaction data into a shared AI workspace), this control is degraded.

Requirement 12.3 — Technology usage policies

Requirement 12.3.4 mandates annual reviews of all hardware/software technologies. AI tools — including ChatGPT, Cursor, GitHub Copilot, and any other AI product used by staff with CDE access — should appear on the technology inventory and be reviewed annually.

Requirement 12.8 extends PCI obligations to service providers. If an AI tool receives CHD, it may be a service provider under PCI DSS, requiring a written agreement, compliance acknowledgment, and ongoing monitoring.

Requirement 6.3 — Security vulnerabilities and patches

AI-generated code must go through the same security review as manually written code. Requirement 6.3.2 requires a software inventory that includes all bespoke and custom software; AI-assisted code is not exempt. Requirement 6.4 requires all public-facing web applications to be protected against known attacks — including, now, prompt injection attacks against AI features in applications.

What counts as cardholder data in an AI prompt

CHD under PCI DSS includes:

Primary account number (PAN) — the 13-19 digit card number.
Cardholder name when stored with PAN.
Expiration date when stored with PAN.
Service code when stored with PAN.

Sensitive authentication data (SAD), which must never be retained post-authorization even in encrypted form:

Full track data (magnetic stripe data).
CAV2/CVC2/CVV2/CID.
PIN/PIN blocks.

Any of these values appearing in an AI prompt sends regulated data outside the CDE.

Gray areas developers often overlook:

Test card numbers from production systems. Test cards generated from real card ranges (e.g., filtered from actual transactions, or extracted from test environments that share a database with production) may be real PANs. A test card number that was once a real card number is still a PAN.
Transaction IDs and references. Transaction reference numbers are not themselves CHD, but if they are used in a prompt that also includes the associated PAN (even in truncated form), the combination may be in scope.
Error logs. Payment gateway error logs sometimes include truncated PANs, first-6/last-4 combinations, and timestamps that could narrow the cardholder population. Truncated PANs are not CHD under PCI DSS, but logs pasted into AI tools should be reviewed before sending.

The right technical controls

De-identify before AI processes

Replace real PANs with test values or algorithmically generated synthetic card numbers that satisfy the Luhn check but are not real cards before any AI-assisted development, analysis, or debugging workflow. Luhn-valid synthetic card generators are widely available.

For transaction records, remove or replace CHD fields before pasting into AI tools. Structure your data transformation pipeline so that analytics and AI tools receive de-identified extracts by default, not raw transaction data.

Use AI tools that are not in scope

An AI tool used exclusively for work that has no connection to CHD — drafting marketing copy, writing HR documentation, researching non-payments topics — is out of PCI scope by definition. Segment your AI tool usage so that staff with CDE access use separate, approved workflows for anything touching payment systems.

Adopt a local-first privacy layer for the CDE-adjacent workflow

For staff who work at the boundary of the CDE — developers who write payments code, fraud analysts who review transactions, compliance teams who audit logs — a local-first tool that detects and masks PANs before they reach any external service is the technical control that makes the policy durable. The tool detects Luhn-valid card numbers (the PCI-relevant pattern), replaces them with tokens, and allows the prompt to proceed with useful structure but no real CHD.

Apply the Customized Approach for AI-specific controls

PCI DSS v4.0's Customized Approach allows organizations to design controls that meet the stated objective of a requirement without following the prescriptive implementation. For Requirement 3, the objective is "account data is protected." A QSA-reviewed control that intercepts PANs before external AI transmission satisfies that objective through a novel mechanism — and gives the organization credit rather than a finding.

Working with your QSA on AI tool governance

Qualified Security Assessors (QSAs) are increasingly being asked about AI tools during assessments. What they typically want to see:

Technology inventory that includes AI tools used by staff with CDE access or in adjacent workflows.
Acceptable-use policy that explicitly addresses AI tools: prohibited data types (PANs, SAD), approved tools, required configurations.
Evidence of controls: either that AI tools are not permitted to receive CHD, or that technical controls prevent CHD from reaching AI tools.
Service provider agreements: if any AI tool does receive CHD (e.g., a specialized fraud-detection AI), a written agreement with a compliance acknowledgment per Requirement 12.8.

QSAs vary in how they handle AI tool questions at the moment; some are more conservative than others. Getting ahead of the question with a documented policy is better than having to explain an ad-hoc practice during an assessment.

Frequently asked questions

Does PCI DSS v4.0 mention ChatGPT or AI tools?

Not explicitly. PCI DSS v4.0 was finalized before generative AI became mainstream. The PCI Security Standards Council (PCI SSC) has published guidance documents noting that existing requirements apply to AI tools, but has not released a dedicated AI supplement as of May 2026. Requirements 12.3.4 (technology review) and 12.8 (service provider management) are the most directly applicable.

What if the PAN is truncated — is it still CHD?

Truncated PANs (first-6/last-4, or PAN with middle digits masked) are not considered CHD under PCI DSS v4.0, and organizations may display them to cardholders or use them in logs without triggering CHD requirements. However, if an AI prompt contains multiple data elements that together could reconstruct the full PAN, QSAs may take a conservative view. The safest practice is to treat any partial PAN combined with other CHD as in-scope.

Can our fraud team use AI to analyze transaction patterns without violating PCI?

Yes, if the data sent to the AI tool does not include CHD. Fraud analysis on de-identified transaction records — with PANs replaced by tokens or pseudonymized values — is a legitimate AI use case that keeps the analysis outside PCI scope. Many fraud analytics platforms do exactly this: they tokenize at ingest and expose only non-CHD attributes to analytics models.

Does our AI vendor need to be a PCI-compliant service provider?

If the AI vendor receives CHD as part of the workflow, yes — they must acknowledge that they are a service provider and either be PCI-DSS compliant themselves or have a contractual framework that satisfies Requirement 12.8. Most major AI providers (OpenAI Enterprise, Anthropic, Google Cloud) have SOC 2 and other security certifications, but PCI DSS compliance as a service provider is a separate and more specific attestation. Confirm with the vendor whether they have an Attestation of Compliance (AOC) as a service provider before routing CHD to them.

What should we include in our AI acceptable-use policy for payments staff?

At minimum: (1) definition of CHD and SAD as prohibited data types for AI prompts, (2) list of approved AI tools and configurations for payments-adjacent work, (3) requirement to use synthetic or de-identified data for AI-assisted development and testing, (4) incident-response steps if a staff member believes they have sent real CHD to an AI tool, (5) annual acknowledgment as part of PCI-related training.

The bottom line

PCI DSS and AI tools are not inherently incompatible. The conflict arises when real cardholder data enters an AI tool's context — which happens most often in developer and analyst workflows through copy-paste and log attachment. The solution is the same as for other PCI controls: ensure CHD cannot exit the CDE through the AI pathway, either by organizational controls (synthetic data requirements, acceptable-use policies) or technical controls (local-first redaction that masks PANs before transmission). Add AI tools to your technology inventory, brief your QSA, and design your controls under the v4.0 Customized Approach if the prescriptive requirements do not fit your workflow. Getting this right now is easier than explaining an AI-related data event to your acquiring bank.

For the broader financial services compliance picture — including GLBA, FFIEC, FINRA, and SEC requirements — see Financial Services + AI: GLBA, FFIEC, and Securities Compliance. For building the AI policy document that gives your QSA the evidence they need, see the AI Acceptable Use Policy template.

PCI DSS and AI: Can You Use ChatGPT With Cardholder Data? (2026 Guide)