المهارات pci-compliance
🔒

pci-compliance

آمن

Implement PCI DSS compliance for payment security

متاح أيضًا من: wshobson

Secure payment processing requires meeting PCI DSS standards. This skill provides comprehensive guidance on encryption, tokenization, access controls, and audit logging to protect cardholder data.

يدعم: Claude Codex Code(CC)
🥉 75 برونزي
1

تنزيل ZIP المهارة

2

رفع في Claude

اذهب إلى Settings → Capabilities → Skills → Upload skill

3

فعّل وابدأ الاستخدام

اختبرها

استخدام "pci-compliance". What data can I legally store after a payment is processed?

النتيجة المتوقعة:

  • You CAN store (if encrypted): Primary Account Number (PAN), cardholder name, expiration date, service code.
  • You CANNOT store: Full magnetic stripe track data, CVV/CVC codes, PIN or PIN blocks.
  • Best practice: Use tokenization to avoid storing PAN entirely - let your payment processor handle sensitive data storage.

استخدام "pci-compliance". How do I reduce my PCI compliance scope?

النتيجة المتوقعة:

  • Use hosted payment pages (SAQ A - minimal requirements)
  • Implement client-side tokenization with Stripe.js or similar
  • Never transmit card data through your servers
  • Segment your network to isolate any systems that touch card data
  • Outsource payment processing to PCI-certified providers

التدقيق الأمني

آمن
v1 • 2/24/2026

All static analysis findings are false positives. The detected 'backtick execution' patterns are markdown code fence syntax (```), not shell commands. The 'env_access' and 'sensitive' detections reference placeholder values in educational code examples. This skill is documentation teaching secure payment handling practices including encryption, tokenization, and access control - promoting security rather than introducing risks.

1
الملفات التي تم فحصها
481
الأسطر التي تم تحليلها
0
النتائج
1
إجمالي عمليات التدقيق
لا توجد مشكلات أمنية
تم تدقيقه بواسطة: claude

درجة الجودة

38
الهندسة المعمارية
100
قابلية الصيانة
87
المحتوى
50
المجتمع
100
الأمان
100
الامتثال للمواصفات

ماذا يمكنك بناءه

Payment System Development

Developers building payment processing systems can use this skill to implement PCI-compliant data handling, encryption, and tokenization from the start.

Compliance Audit Preparation

Security teams preparing for PCI DSS assessments can use the checklists and requirements documentation to identify gaps and remediation needs.

E-commerce Integration

Teams integrating payment gateways can learn how to minimize PCI scope using hosted payment pages and tokenization strategies.

جرّب هذه الموجهات

Basic PCI Requirements Overview 
Explain the 12 PCI DSS requirements and which ones apply to my e-commerce store that uses Stripe Checkout.
Encryption Implementation 
Show me how to encrypt cardholder data at rest using AES-256 in Python, including key management best practices.
Tokenization Strategy 
Compare Stripe tokenization versus building a custom token vault. What are the PCI scope implications of each approach?
Audit Logging Setup 
Create a PCI-compliant audit logging system that tracks all access to payment data, including the required fields and log retention policies.

أفضل الممارسات

  • Never store CVV, PIN, or full track data under any circumstances
  • Use TLS 1.2 or higher for all data transmission involving cardholder information
  • Implement role-based access control and log all access to payment data

تجنب

  • Logging full card numbers or CVV codes in application logs
  • Using weak encryption algorithms like DES or RC4 for cardholder data
  • Sending card data to your own server instead of directly to the payment processor

الأسئلة المتكررة

What is the difference between PCI DSS compliance levels?
Level 1 handles over 6 million transactions annually and requires an annual Report on Compliance (ROC). Level 2 handles 1-6 million transactions with annual Self-Assessment Questionnaire (SAQ). Level 3 covers 20,000-1 million e-commerce transactions. Level 4 is under 20,000 e-commerce or 1 million total transactions. Higher levels have stricter validation requirements.
Do I need PCI compliance if I use Stripe or PayPal?
Yes, but using hosted payment pages significantly reduces your scope. With Stripe Checkout or PayPal buttons, you typically qualify for SAQ A (simplest form) since card data never touches your servers. You still must complete annual validation and maintain basic security practices.
How long must I retain PCI audit logs?
PCI DSS requires retaining audit logs for at least one year, with a minimum of three months immediately available for analysis. Logs must include user identification, timestamp, event type, success/failure, and resource accessed.
Can I email customers their full credit card numbers?
No. Email is not encrypted and cannot meet PCI DSS transmission requirements. Never send full PAN, CVV, or any cardholder data via email, SMS, or chat. If customers need card information, provide secure access through authenticated portals only.
What encryption standard does PCI DSS require?
PCI DSS requires strong cryptography such as AES-256, RSA-2048 or higher, or equivalent. Weak algorithms like DES, RC4, and SSL/TLS below version 1.2 are prohibited. Encryption keys must be managed securely with proper rotation policies.
Do I need a firewall for PCI compliance?
Yes. Requirement 1 mandates firewall installation and maintenance to protect cardholder data environments. Firewalls must restrict connections between untrusted networks and systems handling payment data, with documented configuration standards and regular reviews.

تفاصيل المطور

المؤلف

sickn33

الترخيص

MIT

المستودع

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/pci-compliance

مرجع

main

بنية الملفات

📄 SKILL.md