Can this skill help reduce my PCI compliance scope?

Yes, it includes specific implementations for tokenization and hosted payment patterns which are key strategies for minimizing the amount of cardholder data that touches your servers.

How does this skill assist with auditing?

It includes a standardized PCIAuditLogger class designed to track access attempts, authentication events, and resource usage in a format that meets PCI DSS logging requirements.

What data should I never store according to this skill?

The skill enforces 'Data Minimization' principles, explicitly preventing the storage of prohibited sensitive authentication data like CVV/CVC codes, PINs, and full magnetic stripe data.

What is the main benefit of using this skill?

It provides pre-built, security-focused code patterns and guidance to help developers implement PCI DSS requirements correctly, reducing the risk of data breaches and compliance failures.

Does this handle encryption for data at rest?

Yes, the skill provides production-ready examples for encrypting sensitive Primary Account Numbers (PANs) using industry-standard AES-256-GCM encryption.

PCI Compliance Manager

Name: PCI Compliance Manager
Author: HermeticOrmus

byHermeticOrmus

0•

セキュリティとテスト

Implements and maintains PCI DSS compliance standards for secure payment card processing and sensitive data handling.

The PCI Compliance skill provides developers with essential tools, patterns, and guidance to build systems that safely handle payment card information. It covers the 12 core PCI DSS requirements, offering robust implementations for cardholder data encryption, tokenization strategies to reduce compliance scope, and secure audit logging. By providing standardized code for tasks like PAN masking, Luhn algorithm validation, and access control decorators, this skill helps teams navigate the complexities of financial security standards while ensuring data integrity and regulatory adherence.

主な機能

01Secure tokenization and encryption patterns for cardholder data

02Automated data sanitization and PAN masking for logs and storage

03Audit logging and monitoring implementations for compliance tracking

04Input validation using the Luhn algorithm and security decorators

05Guidance on PCI DSS requirements and Self-Assessment Questionnaires (SAQs)

060 GitHub stars

ユースケース

01Conducting security audits and implementing scope-reduction techniques

02Building secure payment gateways or checkout processing pipelines

03Developing internal encrypted vaults for sensitive payment data storage

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/hermetic-line pci-compliance

For use in Claude.ai and ChatGPT

Download Skill