惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
C
Check Point Blog
博客园 - Franky
V
Visual Studio Blog
云风的 BLOG
云风的 BLOG
aimingoo的专栏
aimingoo的专栏
Microsoft Security Blog
Microsoft Security Blog
V2EX - 技术
V2EX - 技术
AI
AI
Hacker News - Newest:
Hacker News - Newest: "LLM"
Jina AI
Jina AI
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
H
Hackread – Cybersecurity News, Data Breaches, AI and More
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
爱范儿
爱范儿
H
Heimdal Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
Google Developers Blog
G
GRAHAM CLULEY
V
V2EX
The Register - Security
The Register - Security
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
Schneier on Security
Schneier on Security
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
Help Net Security
Help Net Security
大猫的无限游戏
大猫的无限游戏
C
CERT Recently Published Vulnerability Notes
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
The Last Watchdog
The Last Watchdog
J
Java Code Geeks
S
Secure Thoughts
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
量子位
NISL@THU
NISL@THU
K
Kaspersky official blog
Engineering at Meta
Engineering at Meta
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
宝玉的分享
宝玉的分享
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
博客园_首页
A
Arctic Wolf

PCI Perspectives

Meet the Council’s New Head of Business Operations and Risk Management The AI Exchange: Innovators in Payment Security Featuring PCA Cyber Security Enhance Your Community Meeting Experience with Interactive Workshops The AI Exchange: Innovators in Payment Security Featuring PROSA Bring PCI SSC Training to Your Organization with the New Training Venue Host Program The AI Exchange: Innovators in Payment Security Featuring Utimaco Coffee with the Council Podcast: Meet This Year’s North America Community Meeting Keynote Speaker, Sharon Gai Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring SecurityMetrics PCI SSC Publishes New Guidance on Compensating Controls and the Customized Approach Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1 Coffee with the Council Podcast: Nominate Now for the Global Executive Assessor Roundtable (GEAR) PCI SSC Publishes PCI PTS HSM v5.0 Request for Comments: PCI Secure Software Lifecycle Standard v2.0 Spotlight On: Worldline, a New Principal Participating Organization Coffee with the Council Podcast: Stronger Together – The Value of Participating with PCI SSC The AI Exchange: Innovators in Payment Security Featuring Dreamplug Technologies Private Limited (CRED) Level Up Your Payment Security Expertise with PCI SSC Knowledge Training PCI SSC Launches Enhanced Language Microsites for Global Audience Exhibit at or Sponsor the 2026 Community Meetings Spotlight On: Stripe, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Toast, Inc. Coffee with the Council Podcast: A Panel Discussion on Cryptography The AI Exchange: Innovators in Payment Security Featuring Flywire Spotlight On: Amazon, a New Principal Participating Organization Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring Checkout.com Coffee with the Council Podcast: PCI SSC Publishes First-Ever Annual Report The AI Exchange: Innovators in Payment Security Featuring Bank of America Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1 Spotlight On: Futurex, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Soft Space PCI Security Standards Council Publishes First-Ever Annual Report Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard PCI SSC 2025 Community Meetings Now Available on Global Content Library PCI SSC Releases Version 2.0 of the PCI Secure Software Standard 2026 PCI SSC Training Schedule Announced Spotlight On: Reflectiz, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Jscrambler Meet the Council’s New Client Engagement Operations Director The AI Exchange: Innovators in Payment Security Featuring SISA Meet the Council’s New Director, Training Programs Request for Comments: PCI Key Management Operations (KMO) v1.0 Standard PCI SSC Publishes Mobile Payments on COTS (MPoC) Guidance Document The AI Exchange: Innovators in Payment Security Featuring Block, Inc. Request for Comments: PCI PTS HSM v5.0 Coffee with the Council Podcast: Nominate Your Company for the Council’s Next Brazil Regional Engagement Board 2025 Asia-Pacific Community Meeting Agenda Highlights The AI Exchange: Innovators in Payment Security Featuring Elavon Inc. Coffee with the Council Podcast: Meet the New Regional Director of Japan and South Korea, Junichi Tsuboi Internal Security Assessor (ISA) Training Case Study: WestJet Sneak Peek: 2025 Europe Community Meeting Speakers AI Principles: Securing the Use of AI in Payment Environments The AI Exchange: Innovators in Payment Security Featuring Cloud Security Alliance Beware of PCI DSS Compliance Certificates Meet the Council’s New Regional Director, Europe PCI SSC Releases New Guidance on Authentication and Cryptography Welcome Our Newest Associate Participating Organizations Sneak Peek: 2025 North America Community Meeting Speakers Coffee with the Council Podcast: Meet This Year’s Asia-Pacific Community Meeting Keynote Speaker, Sharon Gai The AI Exchange: Innovators in Payment Security Featuring Salesforce
The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd
Alicia Malone · 2026-06-02 · via PCI Perspectives

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.

In this edition of The AI Exchange, In-Solutions Global Ltd Managing Director, Adelia Castelino, offers insight into how her company is using AI, and how this rapidly growing technology is shaping the future of payment security.

How have you most recently incorporated artificial intelligence within your organization? 

AI is no longer a future consideration; it is the operational backbone of secure, scalable, and intelligent payment infrastructure. We have integrated AI across multiple enterprise functions:

Payments risk & financial crime controls

  • Within our payments risk and financial crime controls, AI operates continuously in the background, flagging suspicious customers/merchants as they are onboarded, learning from emerging patterns.
  • Instead of relying only on static rules, we use anomaly monitoring across channels to spot subtle deviations—whether they appear in customer or merchant behaviour, or operational flows—before they escalate into loss events.
  • For Anti-Money Laundering (AML) investigations, adaptive risk scoring helps us prioritise what matters most, pushing higher-risk cases to the top of the queue while reducing noise and enabling investigators to spend time where it has the greatest impact.

Software engineering & delivery productivity

  • In software engineering, AI-assisted development supports teams with contextual code suggestions and refactoring, helping engineers move from idea to implementation faster while maintaining quality and consistency across the codebase.
  • Code review agents utilized for coding, security and compliance standards using shift left approach, help develop maintainable, secure and compliant code.
  • By augmenting reviews with automated checks, we detect defects earlier in the delivery cycle, reducing rework and giving teams clearer visibility into risk before changes reach production.
  • We are also using automation to generate test cases and strengthen regression coverage, so releases remain stable even as product scope expands and delivery cadence increases.
  • Guard rails hook in place to block user prompts having sensitive Personally Identifiable Information (PII), sensitive data and risky tool commands. 

Product design & internal operations

  • For product design, generative AI accelerates early-stage exploration, turning rough concepts into User Interface and User Experience (UI/UX) options and prototypes quickly so stakeholders can align sooner and iterate with clearer direction leads to faster product shipping.
  • Internally, we use AI to support workflow ideation and process documentation, capturing how work is actually done and making it easier to standardise, improve, and scale operations across teams.
  • We also apply summarisation and knowledge-reuse capabilities to reduce time spent searching through internal material, helping teams extract key decisions and insights from documents and communicate them more effectively.

What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent? 

The most significant change has been a shift from reactive operations to predictive, policy-led execution. AI is now embedded in day-to-day risk and delivery processes reducing manual load, improving decision consistency, and accelerating how quickly we can ship improvements without compromising controls.

  • Operational efficiency (less manual work, faster throughput): AI has reduced hands-on effort across fraud triage, reconciliation, and routine documentation by automating first-pass review and summarisation. Teams spend less time on repetitive sorting and data gathering, and more time on higher-value investigation, exception handling, and control tuning.
  • Data-driven decisioning (earlier signals, more consistent actions): Instead of relying primarily on static rules and hindsight reporting, predictive alerts and risk scoring surface emerging issues sooner and help standardise how we respond. This makes decisions more explainable and repeatable—especially during peak volumes—because actions and escalations are triggered by defined risk signals rather than individual judgement alone.
  • Innovation velocity (faster delivery with stronger guardrails): AI-assisted software development has improved engineering productivity across design, coding, review, and testing. We move from idea to implementation faster through better drafting and refactoring support, earlier defect detection, and more automated test generation while retaining human oversight and security checks for high-impact changes.
  • Higher Cross Functional Collaboration: Giving the right amount of visibility to the relevant stakeholders in the hierarchy, has resulted in greater and efficient collaboration, across verticals such as Business, Operations, Product, Technology, Finance, Cybersecurity & Compliance.

Taken together, these changes mean we operate with higher signal-to-noise, shorter cycle times, and more scalable controls. The result is a more resilient organisation; teams can respond quickly when risk increases and still keep delivery and compliance disciplines intact.

How do you see AI evolving or impacting payment security in the future? 

AI is set to become the primary shield for payment security, taking charge of real-time fraud detection and policy enforcement. By leveraging advanced machine learning algorithms, AI systems can continuously monitor transactions, swiftly identify unusual patterns, and automatically flag suspicious activities. This automation not only enhances the speed and accuracy of fraud detection but also ensures that security policies are consistently applied without manual intervention. As cyber threats evolve, AI will adapt and improve its responses, offering proactive protection against increasingly sophisticated attacks. Predicted adoption: by 2026, 60% of banking and payments institutions will use AI-augmented decision engines for core risk operations.

  • Real-time defence and automated enforcement: AI will increasingly act as the first line of defence, monitoring transactions continuously, detecting fraud patterns in real time, and automatically applying security policies with consistent outcomes.
  • Agentic orchestration with compliance built in: Agentic AI will coordinate multi-step payment workflows (authentication, validation, exception handling, settlement) while embedding compliance controls aligned to PCI DSS and the PCI SSC AI Principles—reducing manual handoffs and human error.

What potential risks should organizations consider as AI becomes more integrated into payment security? 

As AI becomes more embedded in payment security workflows, organisations should manage a set of interrelated risks spanning data protection, model integrity, operational resilience, and third party dependency:

  • Data leakage & confidentiality: Large Language Models (LLMs) and AI agents can expose sensitive information through prompts, outputs, logs, or unintended training retention. Controls should include strong data minimisation, redaction, access boundaries, and clear rules on what data can be sent to models.
  • Prompt injection, jailbreaks & data poisoning: Adversarial inputs (or compromised upstream data) can steer the model to ignore safeguards, disclose restricted content, or make unsafe decisions. Mitigations include input validation, tool/permission gating for agents, retrieval hardening, and monitoring for anomalous prompts and outputs.
  • Bias, fairness & explainability: Models can amplify historical bias or produce outcomes that are hard to justify to customers, regulators, or auditors. Ongoing evaluation, documented decision logic, and human review for high-impact cases help reduce discriminatory outcomes and improve accountability.
  • Over-automation & control failures: When too much authority is delegated to AI (especially agentic workflows), errors can propagate quickly and at scale. Define “human-in-the-loop” checkpoints, escalation paths, and kill-switches for edge cases, novel attack patterns, and high-stakes decisions.
  • Vendor & supply-chain risk: Third-party AI services may be opaque, change without notice, or introduce data residency, subcontractor, and availability risks. Contracts and due diligence should cover transparency, security controls, incident response, audit rights, and model/version change management.

What advice would you provide for an organization just starting their journey into using AI? 

  1. Start with strategy and use cases
        • Prioritise low-risk, high-value use cases (e.g., summarisation, internal search, assisted triage) to build confidence and demonstrate ROI.
        • Define success criteria up front (quality, latency, security, and operational impact) so pilots translate into scalable capability.
    1. Put governance and controls in place early
        • Maintain a model inventory (purpose, data sources, owners), versioning, and approval gates for changes.
        • Use human-in-the-loop checkpoints for high-impact decisions, plus monitoring, incident response, and rollback/kill-switch procedures.
        • Align controls to PCI DSS, the PCI SSC AI Principles, and applicable local regulations (including data residency and retention expectations).
    2. Build capability across people and partners
        • Train teams on secure prompting, data handling, model risk, and how to validate AI outputs in operational contexts.
        • Vet vendors for transparency, auditability, data handling commitments, and change-management discipline (model updates, subcontractors, and SLAs).

What AI trend (not limited to payments) are you most excited about? 

Agentic AI & autonomous workflow orchestration: AI systems that can plan and execute multi-step business processes end to end while staying within defined rules, approvals, and compliance boundaries. 

  • Shorter cycle times through fewer manual handoffs and faster exception resolution
  • More consistent outcomes by enforcing policy and controls in every step of the workflow
  • Better auditability when actions, inputs, and decisions are logged as part of the orchestration

Responsible AI operationalisation: The shift from AI experimentation to production-grade governance where models are measurable, controllable, and safe to run at scale using frameworks such as NIST AI RMF and the PCI SSC AI Principles.

  • Clear ownership, risk assessment, and approval gates for models and updates
  • Ongoing monitoring for drift, security threats, and unintended outcomes
  • Audit-ready evidence (testing, controls, and documentation) that builds trust with customers and regulators

View More Content on Artificial Intelligence

Learn More About In-Solutions Global Ltd