Can this skill help prepare for a PCI DSS audit?

Yes, it includes a comprehensive checklist of the 12 core requirements and provides standardized audit logging patterns necessary for meeting compliance assessments.

Does this skill work with specific payment processors?

While it includes specific examples for popular providers like Stripe, the underlying encryption principles, input validation, and security protocols are applicable to any payment gateway.

How does it handle prohibited data like CVV or PIN numbers?

The skill includes logic for data minimization that identifies prohibited fields and ensures they are sanitized from logs and prevented from entering your storage systems.

How does this skill help reduce PCI compliance scope?

It provides implementation patterns for tokenization and hosted payment pages that ensure sensitive card data never touches your servers, allowing you to qualify for simpler assessments like SAQ A.

PCI Compliance & Payment Security

Name: PCI Compliance & Payment Security
Author: HermeticOrmus

byHermeticOrmus

0•

セキュリティとテスト

Implements PCI DSS standards and secure payment processing workflows to protect sensitive cardholder data and ensure regulatory compliance.

This skill provides Claude with the specialized knowledge and implementation patterns required to achieve and maintain PCI DSS compliance in modern web applications. It covers the twelve core requirements, including data minimization, tokenization, and encryption at rest and in transit. By guiding developers through secure coding practices, audit logging, and role-based access control, this skill helps reduce compliance scope and ensures that sensitive payment information is handled according to industry gold standards, making it essential for any project involving financial transactions.

主な機能

01Implementation of the 12 PCI DSS core security requirements and compliance levels.

02Tokenization patterns for major providers like Stripe and custom secure vault solutions.

03Secure encryption standards for data at rest using AES-256-GCM and data in transit via TLS.

04Automated audit logging and role-based access control decorators for cardholder data.

05Data minimization logic to identify and prevent the storage of prohibited fields like CVV and PIN.

060 GitHub stars

ユースケース

01Implementing secure tokenization and encryption for recurring billing systems.

02Building a custom payment gateway integration while minimizing PCI compliance scope.

03Auditing an existing codebase for insecure storage or logging of credit card information.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/hermetic-academy pci-compliance

For use in Claude.ai and ChatGPT

Download Skill