- This slick Linux browser is like a tricked-out Opera - and it's faster than Firefox
- The Google Pixel Tablet has been my smart home display for almost a year (and it's on sale)
- Tech leaders sound alarm over DOGE's AI firings, impact on American talent pipeline
- This robot and handheld vacuum combo is an absolute bargain at 33% off
- The most underrated robot vacuum I've tested just hit its lowest price ever
New Guidance: Integrating Artificial Intelligence into PCI Assessments
Artificial intelligence (AI) is transforming industries, and the PCI Security Standards Council (PCI SSC) has introduced new guidance to support the responsible use of AI in PCI assessments. The guidance provides a balance between leveraging the benefits of AI while maintaining the high standards of security that protect payment card data worldwide.
AI has the potential to enhance the efficiency, accuracy, and consistency of PCI assessments. When properly implemented, AI can automate key aspects of the assessment process, from document reviews, to creating work papers and PCI reports. By reducing manual effort and minimizing human error, AI can streamline workflows. However, AI can also introduce false positives, incorrect assumptions, and biases, requiring additional considerations and human oversight to prevent these issues.
The new guidance emphasizes that AI is a tool, not an assessor. Human assessors remain responsible for all findings and final decisions, ensuring that AI’s role is to enhance expertise, rather than replace it.
The new guidance document, “Integrating Artificial Intelligence in PCI Assessments – Guidelines, Version 1.0,” provides a framework for payment security assessors on best practices for using AI responsibly during assessments. The document covers key points, including:
- Informing clients of AI involvement, obtaining their consent, and providing assurances about the security of client data and the accuracy of assessment results.
- Using AI in reviewing artifacts, creating work papers, conducting remote interviews, and generating final assessment reports.
- The importance of data handling protocols, AI system validation, ethical use, and regular updates to ensure the security and accuracy of outputs.
As AI technologies continue to evolve, these guidelines provide a strong foundation for their responsible integration into PCI assessments. These guidelines will support assessors as they modernize assessment processes while maintaining rigorous standards that protect payment card data worldwide.
