Does this skill help with PCI DSS SAQ levels?

Yes, it provides logic and guidance for various Self-Assessment Questionnaire types, including SAQ A, A-EP, and D, depending on your architecture.

How does it handle data logging?

The skill provides patterns for audit logging that include automated sanitization, ensuring Primary Account Numbers (PANs) are masked and sensitive data is not leaked into logs.

Can I store CVV data using this skill?

No, the skill strictly adheres to PCI standards which prohibit the storage of sensitive authentication data like CVV, PINs, or full track data.

Does it support specific payment gateways like Stripe?

Yes, it includes implementation patterns for common processors using tokenization to ensure card data never touches your local server.

What encryption methods are recommended?

It implements industry-standard AES-256-GCM for data at rest and provides configuration templates for TLS 1.2+ for data in transit.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: carloscroc

bycarloscroc

0•

E-commerce Solutions

Implements PCI DSS security standards for safe payment processing and sensitive cardholder data management.

This skill provides specialized guidance for developers building payment systems that must adhere to Payment Card Industry Data Security Standards (PCI DSS). It offers production-ready patterns for data minimization, tokenization, and AES-256 encryption, while ensuring that sensitive elements like CVV or full track data are never stored. Whether you are using a third-party processor like Stripe or building a custom vault, this skill helps reduce compliance scope and prepares applications for security audits by enforcing best practices in access control, logging, and network security.

Key Features

01Implementation of 12 core PCI DSS requirements

02Automated data sanitization and log masking

03AES-256-GCM encryption for sensitive data at rest

04PCI-compliant audit logging and RBAC enforcement

05Secure tokenization patterns for payment processors

060 GitHub stars

Use Cases

01Developing an e-commerce checkout flow with integrated payment processing

02Reducing PCI compliance scope using tokenization strategies

03Hardening existing payment systems ahead of a security audit

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add carloscroc/fitness pci-compliance

For use in Claude.ai and ChatGPT

Download Skill