Can I store CVV or PIN data using this skill?

No. Storing sensitive authentication data like CVV, CVV2, or PIN blocks is strictly prohibited by PCI DSS regulations, even if encrypted. This skill provides sanitization tools to prevent accidental storage.

What is PCI DSS compliance?

PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

How does this skill help reduce PCI audit scope?

It provides implementation patterns for tokenization which allows you to process payments using tokens from providers like Stripe. This ensures sensitive card data never hits your servers, qualifying you for simpler SAQs.

Does this skill include encryption methods?

Yes, it includes ready-to-use patterns for AES-256-GCM encryption for data at rest and configurations for enforcing TLS 1.2+ for data in transit.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: wshobson

bywshobson

•

23,194

Eコマースソリューション

Implements PCI DSS standards and secure payment handling practices for applications processing cardholder data.

概要

This skill provides comprehensive guidance and implementation patterns for meeting Payment Card Industry Data Security Standard (PCI DSS) requirements within Claude Code. It enables developers to build secure payment flows by implementing data minimization, tokenization, and AES-256-GCM encryption for data at rest, while ensuring strict access controls and audit logging. By providing standardized code snippets for Luhn algorithm validation, log sanitization, and secure storage, the skill helps reduce compliance scope and prepares systems for PCI DSS assessments and Self-Assessment Questionnaires (SAQ).

主な機能

23,194 GitHub stars
Standardized audit logging and access control decorators
Core PCI DSS 12-requirement implementation guidance
Automated card data sanitization and log masking
Secure tokenization patterns for Stripe and custom vaults
Luhn algorithm validation for credit card numbers

ユースケース

Implementing encrypted storage for non-prohibited cardholder information
Building a secure e-commerce checkout flow using hosted or embedded forms
Preparing applications for PCI DSS Self-Assessment Questionnaires (SAQ)

概要

主な機能

23,194 GitHub stars
Standardized audit logging and access control decorators
Core PCI DSS 12-requirement implementation guidance
Automated card data sanitization and log masking
Secure tokenization patterns for Stripe and custom vaults
Luhn algorithm validation for credit card numbers

ユースケース

Implementing encrypted storage for non-prohibited cardholder information
Building a secure e-commerce checkout flow using hosted or embedded forms
Preparing applications for PCI DSS Self-Assessment Questionnaires (SAQ)