Which payment processors are supported?

While it includes specific examples for Stripe, the logic and patterns for tokenization, data sanitization, and audit logging are applicable to all major payment processors.

Does it provide encryption code examples?

Yes, the skill includes production-ready Python examples for encrypting data at rest using AES-256-GCM and securing data in transit via TLS 1.2+.

How does this skill help reduce PCI compliance scope?

It provides implementation patterns for tokenization and hosted payment fields, ensuring sensitive card data never touches your server, which helps you qualify for simpler SAQs like SAQ A.

Can I store CVV or PIN data using this skill?

No. This skill strictly enforces PCI DSS guidelines which prohibit the storage of CVV, CVV2, PIN, or full magnetic track data under any circumstances.

PCI Compliance Security

Name: PCI Compliance Security
Author: HermeticOrmus

byHermeticOrmus

安全与测试

Implements PCI DSS requirements to ensure the secure handling, storage, and transmission of payment card data.

关于

The PCI Compliance skill provides comprehensive guidance and implementation patterns for securing payment processing systems according to the Payment Card Industry Data Security Standard (PCI DSS). It assists developers in building secure payment flows, implementing robust tokenization and encryption, and maintaining audit logs to protect sensitive cardholder data. Whether you are building a custom e-commerce backend or integrating with third-party processors like Stripe, this skill helps reduce compliance scope and ensures adherence to the 12 core security requirements of the payment industry.

主要功能

0 GitHub stars
Automated PCI-compliant audit logging and access control systems
Guidance for Self-Assessment Questionnaires (SAQ) and compliance levels
Implementation of tokenization and AES-256-GCM encrypted storage
Luhn algorithm validation and secure input handling for payment forms
Secure data minimization and sanitization patterns for cardholder data

使用场景

Implementing secure vaulting and encryption for recurring billing systems
Reducing PCI DSS compliance scope through third-party tokenization integration
Building secure checkout systems for e-commerce platforms

关于

主要功能

0 GitHub stars
Automated PCI-compliant audit logging and access control systems
Guidance for Self-Assessment Questionnaires (SAQ) and compliance levels
Implementation of tokenization and AES-256-GCM encrypted storage
Luhn algorithm validation and secure input handling for payment forms
Secure data minimization and sanitization patterns for cardholder data

使用场景

Implementing secure vaulting and encryption for recurring billing systems
Reducing PCI DSS compliance scope through third-party tokenization integration
Building secure checkout systems for e-commerce platforms