Can I use this for non-credit card sensitive data?

Yes, while specifically designed for PCI DSS, the encryption, audit logging, and access control patterns are highly effective for protecting any sensitive PII (Personally Identifiable Information).

Does this skill handle actual payment transactions?

No, it provides the security patterns, architecture guidance, and code templates required to implement PCI-compliant systems. You must still integrate with a merchant bank or payment processor.

How does this skill help reduce PCI compliance scope?

It provides patterns for tokenization and data minimization, such as using Stripe.js for client-side handling, which helps you qualify for simpler Self-Assessment Questionnaires (SAQ) like SAQ A.

Which encryption standards are used in these patterns?

The skill utilizes industry-standard AES-256-GCM for data at rest and mandates TLS 1.2 or higher for data in transit to ensure robust protection.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

•

보안 및 테스팅

Implements PCI DSS standards and secure payment handling patterns to protect sensitive cardholder data.

소개

This skill provides specialized guidance and implementation patterns for meeting PCI DSS (Payment Card Industry Data Security Standard) requirements. It helps developers build secure payment processing systems by providing templates for data minimization, tokenization (including Stripe integration), AES-256-GCM encryption, role-based access control, and comprehensive audit logging. It is an essential tool for engineers architecting financial applications, reducing compliance scope, or preparing for formal security assessments.

주요 기능

Secure Tokenization and Vaulting Patterns
2 GitHub stars
PCI-Compliant Audit Logging and Access Control
12 Core PCI DSS Requirement Mapping
AES-256-GCM Encryption for Data at Rest
Data Minimization and Card Data Masking

사용 사례

Building custom payment processing systems or gateways
Integrating Stripe or third-party processors while minimizing PCI scope
Conducting internal security audits for payment card data handling

소개

주요 기능

Secure Tokenization and Vaulting Patterns
2 GitHub stars
PCI-Compliant Audit Logging and Access Control
12 Core PCI DSS Requirement Mapping
AES-256-GCM Encryption for Data at Rest
Data Minimization and Card Data Masking

사용 사례

Building custom payment processing systems or gateways
Integrating Stripe or third-party processors while minimizing PCI scope
Conducting internal security audits for payment card data handling