Can I use this for non-credit card sensitive data?

Yes, while specifically designed for PCI DSS, the encryption, audit logging, and access control patterns are highly effective for protecting any sensitive PII (Personally Identifiable Information).

Does this skill handle actual payment transactions?

No, it provides the security patterns, architecture guidance, and code templates required to implement PCI-compliant systems. You must still integrate with a merchant bank or payment processor.

How does this skill help reduce PCI compliance scope?

It provides patterns for tokenization and data minimization, such as using Stripe.js for client-side handling, which helps you qualify for simpler Self-Assessment Questionnaires (SAQ) like SAQ A.

Which encryption standards are used in these patterns?

The skill utilizes industry-standard AES-256-GCM for data at rest and mandates TLS 1.2 or higher for data in transit to ensure robust protection.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

•

보안 및 테스팅

Implements PCI DSS standards and secure payment handling patterns to protect sensitive cardholder data.

This skill provides specialized guidance and implementation patterns for meeting PCI DSS (Payment Card Industry Data Security Standard) requirements. It helps developers build secure payment processing systems by providing templates for data minimization, tokenization (including Stripe integration), AES-256-GCM encryption, role-based access control, and comprehensive audit logging. It is an essential tool for engineers architecting financial applications, reducing compliance scope, or preparing for formal security assessments.

주요 기능

01Secure Tokenization and Vaulting Patterns

022 GitHub stars

03PCI-Compliant Audit Logging and Access Control

0412 Core PCI DSS Requirement Mapping

05AES-256-GCM Encryption for Data at Rest

06Data Minimization and Card Data Masking

사용 사례

01Building custom payment processing systems or gateways

02Integrating Stripe or third-party processors while minimizing PCI scope

03Conducting internal security audits for payment card data handling

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/libreuiux-claude-code pci-compliance

For use in Claude.ai and ChatGPT

Download Skill