What level of PCI compliance does this cover?

The skill provides guidance for all levels, from SAQ A (simplest e-commerce implementations) to SAQ D (merchants who store or process cardholder data themselves).

Does this skill help me pass a PCI audit?

Yes, it provides the technical implementation patterns and checklists required for PCI DSS compliance, though official certification still requires review by a Qualified Security Assessor (QSA).

Can I use this with Stripe or Braintree?

Absolutely. The skill includes specific patterns for client-side tokenization and server-side processing which are compatible with major payment gateways like Stripe.

How does it handle sensitive information in logs?

It includes specialized sanitization utilities that automatically mask Primary Account Numbers (PANs) and strip prohibited data like CVVs and PINs from application logs.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

0•

Seguridad y Pruebas

Implements PCI DSS requirements to secure payment card data and ensure compliant, production-ready transaction processing.

This skill provides comprehensive guidance and implementation patterns for meeting Payment Card Industry Data Security Standard (PCI DSS) requirements within your codebase. It helps developers build secure payment flows by enforcing data minimization (never storing CVV or track data), implementing robust tokenization via providers like Stripe, and configuring enterprise-grade encryption for data at rest and in transit. Whether you are reducing compliance scope through SAQ A/A-EP or building a full PCI-compliant environment, this skill ensures best practices for network security, access control, and detailed audit logging.

Características Principales

01Automated data sanitization and masking to prevent sensitive info from leaking into logs.

02Audit logging and role-based access control (RBAC) templates for compliance monitoring.

030 GitHub stars

04Secure tokenization patterns for reducing compliance scope using third-party processors.

05Implementation of 12 core PCI DSS requirements for secure networks and data protection.

06Standardized AES-256-GCM encryption patterns for protecting cardholder data at rest.

Casos de Uso

01Building a secure e-commerce checkout flow using Stripe tokenization.

02Reducing PCI compliance scope for existing payment systems to meet SAQ A-EP standards.

03Auditing and securing legacy payment systems to prevent prohibited data storage.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floreserlife pci-compliance

For use in Claude.ai and ChatGPT

Download Skill