What encryption standards does it recommend?

The skill includes implementation examples for industry-standard AES-256-GCM for data at rest and enforces TLS 1.2 or higher for all data in transit.

Which SAQ types are covered?

The skill provides guidance for various Self-Assessment Questionnaires, ranging from SAQ A (hosted payment pages) to SAQ D (full storage/processing environments).

How does this skill help reduce PCI compliance scope?

It provides best-practice patterns for client-side tokenization (such as Stripe.js) which ensure sensitive card data never touches your server, qualifying you for simpler SAQs.

Can this skill store CVV or PIN data?

Absolutely not. A core principle of this skill is data minimization; it provides specific logic to ensure CVV, PIN, and full magnetic stripe data are never stored on your servers.

Does this skill handle actual payment processing?

No, this skill provides implementation patterns, security standards, and code structures to help you build compliant systems using third-party processors or your own infrastructure.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

•

E-commerce Solutions

Implements PCI DSS requirements to ensure secure handling of payment card data and payment systems.

This skill provides a comprehensive framework for developers to navigate and implement the complex requirements of the Payment Card Industry Data Security Standard (PCI DSS). It offers practical guidance on securing cardholder data through tokenization, encryption, and strict access controls, while also helping teams identify the correct Self-Assessment Questionnaire (SAQ) levels. By integrating best practices for audit logging, input validation, and secure network configurations, this skill enables Claude to assist in building robust, compliant payment architectures that reduce security risks and simplify the certification process.

Key Features

01Standardized audit logging and role-based access control templates

02Comprehensive guidance for all 12 core PCI DSS requirements

03Automated card number validation using the Luhn algorithm

04Secure tokenization patterns for major providers like Stripe

051 GitHub stars

06Implementation of AES-256-GCM encryption for data at rest

Use Cases

01Preparing for annual PCI DSS assessments and SAQ submissions

02Building a custom payment gateway while minimizing compliance scope

03Securing legacy applications that handle sensitive cardholder information

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floraheritage pci-compliance

For use in Claude.ai and ChatGPT

Download Skill