PCI Compliance Intelligence API
7 REST endpoints exposing PCI DSS benchmark data: maturity scores, audit hours, compliance cost, remediation delays, automation adoption, and framework comparisons.
Code Examples
curl -H "Accept: application/json" \ "https://grctrack.io/api/intelligence/industry-benchmarks?industry=fintech"
const res = await fetch('https://grctrack.io/api/intelligence/industry-benchmarks?industry=fintech');
const data = await res.json();
console.log(data);import requests
data = requests.get('https://grctrack.io/api/intelligence/industry-benchmarks?industry=fintech').json()
print(data)Endpoint Reference
Base URL: https://grctrack.io
/api/intelligence/maturity-indexCross-industry PCI DSS maturity index with percentile distribution (P25/P75/P90), YoY delta, and tier classification per industry.
{
"generatedAt": "2026-03-08T00:00:00.000Z",
"crossIndustryAvg": 58,
"industries": [
{ "industry": "fintech", "maturityScore": 68,
"percentile25": 55, "percentile75": 78,
"yoyDelta": 3, "tier": "Developing",
"sampleSize": 810 }
]
}/api/intelligence/industry-benchmarks?industry=fintechFull industry benchmark table: maturity, audit hours, cost, automation rate, and remediation days. Supports optional industry filter.
?industry=fintech{
"crossIndustryAverages": {
"maturityScore": 58, "auditHours": 953,
"costUSD": 169143, "automationRate": 55,
"remediationDays": 8.0
},
"industries": [ ... ]
}/api/intelligence/audit-hours?industry=saasAverage audit hours by industry and framework, with year-over-year trend (% change). Lower values indicate improving programme efficiency.
?industry=saas{
"crossIndustryAvg": 953,
"byIndustry": [
{ "industry": "saas", "hours": 650, "trend": -10 }
],
"byFramework": [
{ "framework": "PCI DSS v4.0.1", "avgHours": 953 }
]
}/api/intelligence/remediation-delays?industry=retailRemediation delay benchmarks in calendar days. Includes best-in-class, worst-in-class, and trend direction per industry.
?industry=retail{
"crossIndustryAvg": 8.0,
"bestInClass": { "industry": "saas", "days": 5.4 },
"worstInClass": { "industry": "hospitality","days": 10.4 },
"byIndustry": [ ... ]
}/api/intelligence/automation-adoption?industry=healthcareEvidence automation adoption rate by industry, YoY growth, and 2020–2026 cross-industry trend series.
?industry=healthcare{
"crossIndustryAvg": 55,
"yearOverYearGrowth": 10,
"byIndustry": [
{ "industry": "healthcare", "rate": 42, "trend": 10 }
],
"trend2020to2026": [
{ "year": 2020, "avg": 28 }, ... , { "year": 2026, "avg": 55 }
]
}/api/intelligence/compliance-cost?industry=fintechCompliance cost benchmarks in USD. Includes industry breakdown, YoY cost trend, and three-component cost breakdown (QSA fees, remediation/tooling, internal labour).
?industry=fintech{
"crossIndustryAvgUSD": 169143,
"byIndustry": [
{ "industry": "fintech", "costUSD": 120000, "trend": -5 }
],
"breakdown": [
{ "component": "QSA / Audit Fees", "pct": 40 },
{ "component": "Remediation / Tooling", "pct": 35 },
{ "component": "Internal Labour", "pct": 25 }
]
}/api/intelligence/framework-benchmarks?framework=PCI_DSS_v4Side-by-side framework comparison: PCI DSS v4.0.1, ISO 27001:2022, and SOC 2 Type II. Maturity, cost, hours, remediation, and automation per framework.
?framework=PCI_DSS_v4{
"frameworks": [
{ "framework": "PCI_DSS_v4",
"displayName": "PCI DSS v4.0.1",
"avgMaturity": 58, "avgCostUSD": 169143,
"avgAuditHours": 953, "sampleSize": 4721,
"certificationBody": "PCI SSC (QSA/ISA)" }
]
}