Abstract

The increasing reliance on third-party vendors for payment processing, cloud services, and digital operations has significantly expanded organizational exposure to cyber, financial, and regulatory risks. This study presents an Automated Third-Party Risk Management (TPRM) platform that integrates artificial intelligence–driven vendor scoring with dynamic Payment Card Industry Data Security Standard (PCI DSS) compliance mapping to enhance risk visibility, assessment accuracy, and governance efficiency. The platform is designed to replace manual, questionnaire-heavy vendor reviews with continuous, data-driven risk intelligence across the vendor lifecycle. The proposed system employs machine learning algorithms to aggregate and analyze multi-source vendor data, including security posture indicators, historical incidents, compliance attestations, financial stability signals, and operational dependencies. These inputs are processed through weighted risk models to generate real-time vendor risk scores that adapt as conditions change. Natural language processing is applied to vendor documentation, audit reports, and contractual clauses to identify latent control gaps and emerging compliance concerns. Explainable AI techniques are incorporated to ensure transparency and regulatory defensibility of scoring outcomes. A core innovation of the platform is automated PCI DSS compliance mapping, which aligns vendor controls and evidence directly to applicable PCI DSS requirements. The system continuously tracks compliance status, highlights deviations, and quantifies residual risk associated with each vendor’s role in the cardholder data environment. This enables organizations to prioritize remediation efforts, enforce proportionate controls, and demonstrate compliance readiness during audits. The platform architecture supports workflow automation, risk escalation triggers, and executive-level dashboards, enabling informed decision-making by risk, compliance, and procurement stakeholders. By unifying vendor risk scoring and PCI DSS control mapping within a single intelligent platform, the solution reduces assessment fatigue, improves response times, and strengthens organizational resilience. The study concludes that AI-enabled TPRM platforms represent a scalable and proactive approach to managing third-party risk in increasingly complex and regulated digital ecosystems. The findings provide practical implications for financial institutions, merchants, and service providers seeking to operationalize continuous compliance, reduce audit costs, and align third-party governance with evolving cybersecurity regulations while maintaining trust, transparency, and accountability across interconnected payment and digital service ecosystems across regulated industries and global supply chains worldwide in practice today.