Prompt Injection and Training Data Poisoning as Emerging Threats to PCI DSS–Protected Financial Data
Suleiman S. Abba
*
University of the Cumberlands, 6178 College Station Drive, Williamsburg, KY 40769, United States of America.
Temitope Ibrahim Lawal
Pace University, 78 N Broadway, White Plains, NY 10603, United States of America.
Pelumi Damola Adeyinka
Obafemi Awolowo University, Ile Ife, Osun State, Nigeria.
Akinde Michael Ogunmolu
Texas A&M University, 700 University Blvd, Kingsville, TX 78363, United States.
Abayomi Titilola Olutimehin
Royal Holloway University of London, Egham, Surrey, United Kingdom.
*Author to whom correspondence should be addressed.
Abstract
This study examines how prompt injection and training data poisoning compromise artificial intelligence (AI) systems operating within PCI DSS–protected financial environments and evaluates the adequacy of existing compliance controls in addressing these emerging threats. A multi-phase quantitative research design was employed, integrating controlled convolutional neural network (CNN)–based poisoning simulation, logistic regression modeling using categorized breach variables, PCI DSS v4.0 compliance gap index construction, and Structural Equation Modeling (SEM) to validate a proposed AI security governance framework. Experimental results indicate that even minimal poisoning can produce substantial latent compromise: at a 5% poisoning rate, attack success reached 78.6% despite only a 4.6% decline in overall model accuracy. Logistic regression analysis further revealed that logging failures significantly reduce breach detection likelihood by 76% (OR = 0.24, p < .001), highlighting the central role of monitoring controls in compliance-based security architectures. Compliance coverage analysis identified a substantial governance gap, with only 33.3% of PCI DSS domains explicitly addressing prompt injection risks, producing an explicit coverage deficit of 66.7%. The largest control deficiencies were observed in domains related to transmission encryption, authentication, anti-malware protections, and secure model governance, which provide limited safeguards against AI-specific manipulation. Structural modeling results demonstrated strong explanatory power (R² = 0.74), with preventive lifecycle controls exerting the strongest influence on AI risk reduction (γ = 0.61). These findings highlight that financial institutions may remain technically compliant with PCI DSS while AI-driven systems remain vulnerable to adversarial manipulation. The study therefore recommends incorporating explicit AI lifecycle governance, continuous model integrity monitoring, and strengthened third-party AI oversight into PCI DSS revisions to improve resilience of AI-enabled financial infrastructures.
Keywords: Prompt injection attacks, training data poisoning, PCI DSS compliance gap, adversarial machine learning in finance, AI governance controls