How does this skill help reduce PCI compliance scope?

It provides patterns for tokenization and hosted payment pages that prevent cardholder data from ever touching your servers, often qualifying you for simpler SAQs like SAQ A.

Does this skill support specific payment processors?

Yes, it includes implementation patterns for popular processors like Stripe as well as general-purpose custom tokenization vault logic.

Is this suitable for all PCI compliance levels?

Yes, it covers the fundamental security requirements applicable to all levels, from Level 4 e-commerce startups to Level 1 enterprise systems.

Can this skill detect prohibited data storage?

It includes data minimization logic and sanitization functions to ensure sensitive data like CVV, PINs, and full track data are never stored or logged.

PCI Compliance Manager

Name: PCI Compliance Manager
Author: Tahir-yamin

byTahir-yamin

•

Eコマースソリューション

Implements PCI DSS requirements to ensure secure handling of payment card data and maintain industry compliance.

概要

The PCI Compliance skill provides domain-specific guidance and implementation patterns for developers building secure payment systems. It helps navigate the complex 12 core requirements of PCI DSS, offering practical code examples for data minimization, tokenization (including Stripe integration), AES-256-GCM encryption at rest, and secure TLS configurations. Whether you are reducing compliance scope through tokenization or preparing for a Self-Assessment Questionnaire (SAQ), this skill ensures your payment processing workflows meet rigorous security standards.

主な機能

PCI-Compliant Audit Logging and Access Controls
AES-256-GCM Encryption for Data at Rest
Sensitive Data Sanitization and Masking
Secure Tokenization and Vaulting Patterns
3 GitHub stars
12 Core PCI DSS Requirement Checklists

ユースケース

Reducing PCI compliance scope through client-side tokenization
Auditing existing codebases for prohibited data storage (CVV/PIN)
Building secure payment gateways and processor integrations

概要

主な機能

PCI-Compliant Audit Logging and Access Controls
AES-256-GCM Encryption for Data at Rest
Sensitive Data Sanitization and Masking
Secure Tokenization and Vaulting Patterns
3 GitHub stars
12 Core PCI DSS Requirement Checklists

ユースケース

Reducing PCI compliance scope through client-side tokenization
Auditing existing codebases for prohibited data storage (CVV/PIN)
Building secure payment gateways and processor integrations