What would you do to keep your website PCI compliant if you were unable to upgrade to Magento 2? One of my clients uses a credit card processor that will only work with a particular extension. They are non-compliant since the author of the M1 extension no longer supports it. The only workaround I can think of is to have M1 checkout process the credit card information on the merchant account website before redirecting back to the Magento website, much like certain websites do when they want to go to Paypal.
You may read https://security.stackexchange.com/questions/140939/does-unpatched-software-comply-with-pci-dss-3-1 It may be helpful for you.
There are vendors supplying patches for the core Magento 1 platform. Mage-One has a paid solution. OpenMage has an open-source solution.
However, from what you've shared, the issue isn't Magento 1 itself, but rather, a payment gateway extension that's no longer supported by the company that developed it.
In that case, your options are to find another gateway extension that's compatible with the same payment gateway or to switch to another gateway entirely.
Can you specify which gateway you're trying to use, and which extension you're using that will no longer be supported?
If there isn't another extension available that is supported, from what you've described, your best bet would be to consider switching payment processors.
Do you have any unique requirements for a new payment processor? (ex. serving specific countries, supporting high-risk products, vaulting/tokenizing credit cards, etc.)