Does this skill provide code for specific payment processors?

Yes, it includes implementation patterns for popular processors like Stripe, emphasizing secure client-side tokenization to minimize server-side risk.

How does it handle sensitive data in logs?

It includes specific 'sanitize_log' functions designed to mask Primary Account Numbers (PANs) and remove prohibited data like CVV or PINs from system logs automatically.

Can this skill help me determine my compliance level?

The skill provides a breakdown of PCI DSS compliance levels (1 through 4) and Self-Assessment Questionnaires (SAQs) to help you identify your specific reporting requirements.

What is the primary goal of the PCI Compliance skill?

The skill helps developers implement the 12 core requirements of PCI DSS, ensuring secure handling of payment card data to prevent breaches and maintain regulatory compliance.

PCI Compliance & Secure Payments

Name: PCI Compliance & Secure Payments
Author: HermeticOrmus

byHermeticOrmus

0•

E-commerce Solutions

Implements PCI DSS security standards for cardholder data protection and secure payment processing.

The PCI Compliance skill provides developers with a robust framework for building and auditing payment systems that adhere to the Payment Card Industry Data Security Standard (PCI DSS). It offers specialized guidance on data minimization, secure tokenization, and industry-standard encryption at rest and in transit. By providing structured code examples for access control, audit logging, and input validation, this skill helps development teams reduce their compliance scope, prepare for SAQ assessments, and ensure that sensitive financial data is never stored or transmitted insecurely.

Key Features

010 GitHub stars

02Step-by-step PCI DSS compliance checklists and SAQ guidance

03Secure tokenization patterns for both third-party and custom implementations

04Prohibited data identification and automatic sanitization logic

05AES-256-GCM encryption templates for data at rest

06Audit logging and role-based access control decorators

Use Cases

01Building a PCI-compliant checkout flow for an e-commerce platform

02Developing a secure vault for handling sensitive payment tokens

03Auditing existing codebases for insecure storage of prohibited card data

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/after-the-third-cup pci-compliance

For use in Claude.ai and ChatGPT

Download Skill