Can this skill help reduce my compliance scope?

Yes, it emphasizes tokenization and data minimization patterns that can help your business qualify for simpler self-assessment questionnaires (SAQ) like SAQ A or SAQ A-EP.

Which payment processors are supported?

The skill includes specific implementation patterns for Stripe tokenization and general architectural patterns compatible with any major payment gateway or custom vaulting solution.

How does this skill help with PCI DSS compliance?

It provides code patterns and best practices for all 12 core PCI DSS requirements, including data encryption, access control, and prohibiting the storage of sensitive authentication data like CVVs.

Does it handle both data at rest and data in transit?

Yes, it includes implementations for AES-256-GCM encryption for stored data and configuration best practices for enforcing TLS 1.2+ for data in transit.

PCI Compliance & Security

Name: PCI Compliance & Security
Author: HermeticOrmus

byHermeticOrmus

보안 및 테스팅

Implements PCI DSS standards and secure payment handling practices to protect sensitive cardholder data and maintain regulatory compliance.

소개

This skill equips Claude with the domain-specific knowledge required to implement and audit Payment Card Industry Data Security Standard (PCI DSS) requirements within your applications. It provides standardized patterns for secure data minimization, encryption at rest using AES-256-GCM, and tokenization strategies designed to reduce compliance scope. Whether you are building a new payment flow, auditing existing infrastructure for prohibited data storage, or implementing robust access control and audit logging, this skill ensures your payment processing systems meet rigorous security benchmarks.

주요 기능

Tokenization strategies for major providers like Stripe and custom vaults
Encrypted storage at rest (AES-256-GCM) and TLS transit enforcement
Secure data minimization and cardholder data masking patterns
PCI-compliant audit logging and role-based access control decorators
PCI DSS 12-requirement framework implementation guidance
0 GitHub stars

사용 사례

Architecting e-commerce payment flows that minimize PCI compliance scope
Auditing codebases for prohibited storage of CVVs or magnetic stripe data
Implementing secure tokenization and encryption for recurring billing systems

소개

주요 기능

Tokenization strategies for major providers like Stripe and custom vaults
Encrypted storage at rest (AES-256-GCM) and TLS transit enforcement
Secure data minimization and cardholder data masking patterns
PCI-compliant audit logging and role-based access control decorators
PCI DSS 12-requirement framework implementation guidance
0 GitHub stars

사용 사례

Architecting e-commerce payment flows that minimize PCI compliance scope
Auditing codebases for prohibited storage of CVVs or magnetic stripe data
Implementing secure tokenization and encryption for recurring billing systems