Does this skill store card data?

No, the skill provides code patterns specifically designed to prevent the accidental storage of prohibited sensitive authentication data like CVV codes or full magnetic stripe information.

Is the encryption provided industry-standard?

Yes, the implementation patterns utilize AES-256-GCM for data at rest and enforce TLS 1.2 or higher for data in transit, adhering to modern security benchmarks.

Does this skill help reduce PCI compliance scope?

Yes, it emphasizes tokenization and data minimization techniques that can move your system toward SAQ A or SAQ A-EP, significantly reducing the number of compliance requirements you must meet.

Can I use this with any payment provider?

While the skill includes specific examples for popular providers like Stripe, the general security patterns, encryption standards, and audit logging practices are applicable to any payment processor.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

0•

Security & Testing

Implements PCI DSS requirements to secure payment card data and maintain industry-standard payment processing security.

This skill provides specialized guidance and implementation patterns for meeting PCI DSS (Payment Card Industry Data Security Standard) requirements within your codebase. It helps developers build secure payment processing systems by enforcing data minimization strategies, implementing tokenization via providers like Stripe, and establishing robust encryption and access control protocols. Whether you are building an e-commerce platform or a custom payment gateway, this skill ensures your architecture adheres to the 12 core security requirements, helping to reduce compliance scope and protect sensitive cardholder data from potential breaches.

Key Features

01Production-grade AES-256-GCM encryption for data at rest and TLS enforcement

02Secure tokenization and data minimization patterns for cardholder data

03Role-based access control and automated audit logging for compliance tracking

04Standardized PCI DSS 12-core requirement implementation guidance

05Input validation using the Luhn algorithm and sanitization for payment fields

060 GitHub stars

Use Cases

01Securing a custom e-commerce checkout flow to minimize PCI compliance scope

02Preparing application architecture for a PCI DSS Self-Assessment Questionnaire (SAQ)

03Implementing a secure token vault and encryption for recurring payment processing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/after-the-third-cup pci-compliance

For use in Claude.ai and ChatGPT

Download Skill