Does this skill support third-party processors like Stripe?

Yes, it includes specific code patterns for using payment processor tokens to ensure sensitive card details never touch your server, minimizing your compliance scope.

How does this skill help with PCI DSS compliance?

It provides standardized implementation patterns for all 12 PCI DSS requirements, ensuring your code handles cardholder data securely and follows industry best practices.

Can it detect if I am storing prohibited data?

The skill includes validation and sanitization logic designed to identify and prevent the storage of prohibited data like CVVs, PINs, and magnetic stripe data.

Is this skill suitable for high-transaction environments?

Yes, it covers requirements for all compliance levels (1 through 4), including guidance for Self-Assessment Questionnaires (SAQ) and Report on Compliance (ROC) preparation.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: gwickman

bygwickman

0•

E-commerce Solutions

Implements PCI DSS requirements and secure payment handling patterns to protect sensitive cardholder data within your applications.

This skill equips Claude with specialized knowledge to build, audit, and secure payment processing systems according to the Payment Card Industry Data Security Standard (PCI DSS). It provides implementation patterns for the 12 core PCI requirements, including data minimization, secure tokenization, AES-256-GCM encryption at rest, and TLS-enforced transmission. By guiding developers through sanitization logic and access control, the skill helps reduce compliance scope and ensures that prohibited data—such as CVVs and PIN blocks—are never stored or logged, facilitating smoother SAQ assessments and audits.

Key Features

01Role-based access control and PCI-compliant audit logging

02Comprehensive guidance for all 12 PCI DSS core security requirements

03Secure tokenization patterns for Stripe and custom data vaults

04Automated data sanitization to prevent sensitive info in logs

05AES-256-GCM encryption templates for protecting data at rest

060 GitHub stars

Use Cases

01Developing secure e-commerce backends that handle credit card information

02Auditing existing payment flows for security vulnerabilities or prohibited data storage

03Reducing PCI compliance scope through frontend-only tokenization

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gwickman/auto-dev-test-target-1 pci-compliance

For use in Claude.ai and ChatGPT

Download Skill