Get Started

PCI DSS Compliance and Private AI

Private AI’s robust de-identification solution safeguards sensitive cardholder data, ensuring PCI DSS compliance and peace of mind.

Get started today

Navigating the PCI DSS Landscape

PCI DSS is a set of regulations that mandate stringent security measures to safeguard payment card industry (PCI) data. 

Private AI’s industry-leading technology identifies the presence and location of PCI data, revealing potential compliance vulnerabilities. It also accurately de-identifies over 50 entities of personal data in 50+ languages to help mitigate these compliance gaps.

Edit Content

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard established by the Payment Card Industry Security Standards Council (PCI SSC), an independent body created by major credit card companies. Its goal is to ensure the protection of cardholder and sensitive authentication data at every stage during the payment process.

The PCI DSS protects cardholder data and sensitive authentication data. 

Edit Content

Cardholder data under PCI DSS includes:

  • Cardholder Name
  • Expiration Date
  • Service Code
  • Primary Account Number (PAN), including the Bank Identification Number (BIN)
Edit Content

Sensitive Authentication Data protected under PCI DSS includes:

  • Card verification code
  • PINs/PIN blocks
  • Full track data (magnetic-stripe data or equivalent on a chip)

How Private AI Can Help with PCI DSS 4.0 Compliance

  • Requirement 3.2.1 - Storage of account data is kept to a minimum, for ex. by rendering account data unrecoverable when no longer needed. As an alternative to deletion, Private AI can help anonymize PCI data by redacting the entities protected under the PCI DSS.
  • Requirement 7 - Restrict Access to System Components and Cardholder Data by Business Need to Know: Using Private AI’s de-identification solution can mask PCI data from individuals who need access to some, but not all data contained in an institution’s system to perform their job function.
  • Requirement A3.2.5.1 - Methods are able to discover cleartext Primary Account Number on all types of system components and file formats in use: Private AI can identify the Primary Account Number on all its supported file formats. Our models are platform agnostic.
  • Requirement 8.6.2 - Passwords/passphrases are not hard coded in scripts, configuration/property files, or bespoke and custom source code: Private AI can automate the Defined Approach Testing Procedure 8.6.2.b by scanning sources and identifying any passwords or passphrases.
  • Requirement 12.5.2 – PCI DSS scoping validation, including identifying all locations where account data is stored, processed, and transmitted: Private AI’s PCI data identification solution can detect Primary Account Number in unexpected places, such as an error log or memory dump file.
  • Requirement 12.10.1 - An incident response plan exists and is ready to be activated in the event of a suspected or confirmed security incident: Private AI’s models can be used to measure exposure through accurate data classification. Identify impacted PCI, data subjects, and compromised data in the event of a security incident for reporting under the GDPR.
  • Requirement 9.4.2 - All media with cardholder data is classified in accordance with the sensitivity of the data: Private AI identifies all PCI data entities and can generate a report specifying which entity type has been located in the data, including BANK_ACCOUNT, CREDIT_CARD, CREDIT_CARD_EXPIRATION, CVV, ROUTING_NUMBER, PASSWORD, NAME, and other NUMERICAL_PII.

See our Redaction Capabilities in Real-Time

Type your text into the demo or select a pre-populated example from the list on the left to see our AI-powered solution in action:

Additional Resources

pci
What is PCI?
Read more
Personal Identifiers
Direct and Indirect Personal Identifiers: What are they?
Read more
The Cost of a Data Breach
Read more

Download the Free Report

Close Window

Request an API Key

Fill out the form below and we’ll send you a free API key for 500 calls (approx. 50k words). No commitment, no credit card required!

Close Window

Language Packs

Expand the categories below to see which languages are included within each language pack.
Note: English capabilities are automatically included within the Enterprise pricing tier. 

French
Spanish
Portuguese

Arabic
Hebrew
Persian (Farsi)
Swahili

French
German
Italian
Portuguese
Russian
Spanish
Ukrainian
Belarusian
Bulgarian
Catalan
Croatian
Czech
Danish
Dutch
Estonian
Finnish
Greek
Hungarian
Icelandic
Latvian
Lithuanian
Luxembourgish
Polish
Romanian
Slovak
Slovenian
Swedish
Turkish

Hindi
Korean
Tagalog
Bengali
Burmese
Indonesian
Khmer
Japanese
Malay
Moldovan
Norwegian (Bokmål)
Punjabi
Tamil
Thai
Vietnamese
Mandarin (simplified)

Arabic
Belarusian
Bengali
Bulgarian
Burmese
Catalan
Croatian
Czech
Danish
Dutch
Estonian
Finnish
French
German
Greek
Hebrew
Hindi
Hungarian
Icelandic
Indonesian
Italian
Japanese
Khmer
Korean
Latvian
Lithuanian
Luxembourgish
Malay
Mandarin (simplified)
Moldovan
Norwegian (Bokmål)
Persian (Farsi)
Polish
Portuguese
Punjabi
Romanian
Russian
Slovak
Slovenian
Spanish
Swahili
Swedish
Tagalog
Tamil
Thai
Turkish
Ukrainian
Vietnamese

Rappel

Testé sur un ensemble de données composé de données conversationnelles désordonnées contenant des informations de santé sensibles. Téléchargez notre livre blanc pour plus de détails, ainsi que nos performances en termes d’exactitude et de score F1, ou contactez-nous pour obtenir une copie du code d’évaluation.

99.5%+ Accuracy

Number quoted is the number of PII words missed as a fraction of total number of words. Computed on a 268 thousand word internal test dataset, comprising data from over 50 different sources, including web scrapes, emails and ASR transcripts.

Please contact us for a copy of the code used to compute these metrics, try it yourself here, or download our whitepaper.

Close Window