Can this skill help reduce my compliance scope?

Yes, it emphasizes tokenization and data minimization patterns that can help your business qualify for simpler self-assessment questionnaires (SAQ) like SAQ A or SAQ A-EP.

Which payment processors are supported?

The skill includes specific implementation patterns for Stripe tokenization and general architectural patterns compatible with any major payment gateway or custom vaulting solution.

How does this skill help with PCI DSS compliance?

It provides code patterns and best practices for all 12 core PCI DSS requirements, including data encryption, access control, and prohibiting the storage of sensitive authentication data like CVVs.

Does it handle both data at rest and data in transit?

Yes, it includes implementations for AES-256-GCM encryption for stored data and configuration best practices for enforcing TLS 1.2+ for data in transit.

PCI Compliance & Security

Name: PCI Compliance & Security
Author: HermeticOrmus

byHermeticOrmus

0•

安全与测试

Implements PCI DSS standards and secure payment handling practices to protect sensitive cardholder data and maintain regulatory compliance.

This skill equips Claude with the domain-specific knowledge required to implement and audit Payment Card Industry Data Security Standard (PCI DSS) requirements within your applications. It provides standardized patterns for secure data minimization, encryption at rest using AES-256-GCM, and tokenization strategies designed to reduce compliance scope. Whether you are building a new payment flow, auditing existing infrastructure for prohibited data storage, or implementing robust access control and audit logging, this skill ensures your payment processing systems meet rigorous security benchmarks.

主要功能

01Tokenization strategies for major providers like Stripe and custom vaults

02Encrypted storage at rest (AES-256-GCM) and TLS transit enforcement

03Secure data minimization and cardholder data masking patterns

04PCI-compliant audit logging and role-based access control decorators

05PCI DSS 12-requirement framework implementation guidance

060 GitHub stars

使用场景

01Architecting e-commerce payment flows that minimize PCI compliance scope

02Auditing codebases for prohibited storage of CVVs or magnetic stripe data

03Implementing secure tokenization and encryption for recurring billing systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floraheritage pci-compliance

For use in Claude.ai and ChatGPT

Download Skill