PCI-DSS compliance with Sonomos
The Payment Card Industry Data Security Standard (PCI-DSS) governs the handling of cardholder data (CHD) — primary account numbers (PANs), expiration dates, service codes, and related elements. The standard is maintained by the PCI Security Standards Council and its blast radius is large: any system that stores, processes, or transmits CHD is in scope and subject to its 12 high-level requirements. AI tools are a new and unmanaged path for CHD to leave a cardholder data environment (CDE), and that is exactly the surface Sonomos addresses.
Why AI is suddenly in scope
Most PCI-DSS programs were designed around payment processing systems, not employee browsers. But cardholder data routinely shows up in workflows that wander into AI tools:
- A support agent pastes a chat transcript into an AI summarizer; it includes a PAN the cardholder shared.
- A finance analyst asks an AI tool to “explain this transaction” and pastes a row that includes the full PAN.
- A developer asks Claude to debug code that has a test card number that turns out to be a real one.
- A fraud team builds a Slack workflow that pipes customer chats through an LLM, including incidental CHD.
None of these systems were architected as part of the CDE, yet each becomes one the moment cardholder data lands in it.
What Sonomos detects relevant to PCI-DSS
Sonomos’s PCI-related detectors are the ones with the strongest validation, because CHD has well-defined structure:
| Detector | Validation | PCI-DSS relevance |
|---|---|---|
| Credit card number | Luhn checksum | Primary PAN — Requirements 3, 4 |
| IBAN | MOD-97 | International account number |
| SWIFT/BIC | Format | Bank routing |
| US bank routing number | ABA validation | Linked account context |
| Email + phone + name | — | Often required by PCI-DSS in conjunction |
Cloak masks these out of outgoing prompts on Claude.ai, Gemini, and Grok automatically. Send Guard’s blocking modal triggers on credit card detections on every other site by default.
How Sonomos supports each control objective
Requirement 3 — Protect stored cardholder data
PCI-DSS Requirement 3 mandates that stored PANs be rendered unreadable (truncation, hashing, tokenization, strong cryptography). Sonomos extends the same principle to the transmission boundary at AI tools: a PAN that’s masked before leaving the browser was never readably transmitted in the first place. Compliance reports document that this control operated during a given period.
Requirement 4 — Encrypt transmission of cardholder data across open public networks
Cloak’s pseudonymization is a strong complement to TLS. TLS protects the wire; Cloak removes the CHD from the payload before it enters the wire. Together they cover both “in transit confidentiality” and “minimization at the boundary.”
Requirement 7 — Restrict access to cardholder data by business need to know
The Teams plan’s admin policy controls let you enforce a minimum protection posture: Cloak mandatory on supported AI platforms, Send Guard modal mandatory on uncovered sites. Members cannot drop below the minimum.
Requirement 10 — Track and monitor all access to network resources and cardholder data
Compliance reports surface when CHD-category detections occurred, on which platform, and what was done about them (masked, blocked, acknowledged). The text is never stored — only the metadata required to demonstrate the control operated.
Requirement 12 — Maintain a policy that addresses information security
Sonomos plugs into the technology side of an information security policy as a specific control for AI-tool usage. The recommended configuration below is something you can paste straight into your acceptable-use policy.
Recommended configuration for PCI-DSS
- Enable Cloak on every supported AI platform. Today: Claude.ai, Gemini, Grok.
- Set Send Guard to “Modal always” on the Teams plan, or at minimum “Banner + Modal” with modal pinned for credit card detections.
- Pin admin policy so members on a Teams plan can’t disable Cloak or downgrade Send Guard.
- Schedule compliance reports to your QSA’s inbox or your internal compliance officer at least monthly.
- Acceptable-use policy — document that submitting cardholder data to any AI tool, even masked, is not authorized. Cloak is a safety net for accidental disclosure, not a license.
- Out-of-scope acknowledgement — your scoping documentation should note that native AI desktop apps, IDE assistants, and local LLMs are outside the extension’s reach until Sonomos Desktop ships, and what compensating controls (e.g. application allowlists, training, network egress filtering) cover them in the meantime.
Scope considerations
Whether using Sonomos changes your PCI-DSS scope is a judgement call best made with your QSA. Useful inputs:
- Sonomos does not store, process, or transmit CHD in its servers. Detection is local; masking is local; compliance metadata is counts and categories, not PANs.
- Sonomos does inject content into browser pages that may contain CHD, so the extension’s runtime environment (the browser itself, the employee endpoint) is the relevant scoping question — not Sonomos as a vendor.
- Teams analytics data is aggregated counts only. It does not include PAN text.
If you need a vendor security assessment or attestation, contact info@sonomos.ai.
Coming in Sonomos Desktop
PCI-DSS-relevant additions in the upcoming desktop app:
- System-wide clipboard guard — catches CHD before it’s pasted into any application, not just the browser. This closes the most common path for accidental CHD leakage in card-handling environments.
- Screenshot scanning — detects CHD in screenshots before they’re shared with AI tools.
- Tamper-evident audit log — append-only event log suitable for QSA review of control effectiveness.
- MDM-managed deployment — Jamf / Intune / Workspace ONE deployment with managed configuration, so the agent and its policy are deployed consistently across the cardholder data environment.
See the Sonomos Desktop overview.