Fähigkeiten pci-compliance
đź”’

pci-compliance

Sicher

Implement PCI DSS compliance for payment security

Auch verfĂĽgbar von: wshobson

Secure payment processing requires meeting PCI DSS standards. This skill provides comprehensive guidance on encryption, tokenization, access controls, and audit logging to protect cardholder data.

UnterstĂĽtzt: Claude Codex Code(CC)
🥉 75 Bronze
1

Die Skill-ZIP herunterladen

2

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

3

Einschalten und loslegen

Teste es

Verwendung von "pci-compliance". What data can I legally store after a payment is processed?

Erwartetes Ergebnis:

  • You CAN store (if encrypted): Primary Account Number (PAN), cardholder name, expiration date, service code.
  • You CANNOT store: Full magnetic stripe track data, CVV/CVC codes, PIN or PIN blocks.
  • Best practice: Use tokenization to avoid storing PAN entirely - let your payment processor handle sensitive data storage.

Verwendung von "pci-compliance". How do I reduce my PCI compliance scope?

Erwartetes Ergebnis:

  • Use hosted payment pages (SAQ A - minimal requirements)
  • Implement client-side tokenization with Stripe.js or similar
  • Never transmit card data through your servers
  • Segment your network to isolate any systems that touch card data
  • Outsource payment processing to PCI-certified providers

Sicherheitsaudit

Sicher
v1 • 2/24/2026

All static analysis findings are false positives. The detected 'backtick execution' patterns are markdown code fence syntax (```), not shell commands. The 'env_access' and 'sensitive' detections reference placeholder values in educational code examples. This skill is documentation teaching secure payment handling practices including encryption, tokenization, and access control - promoting security rather than introducing risks.

1
Gescannte Dateien
481
Analysierte Zeilen
0
befunde
1
Gesamtzahl Audits
Keine Sicherheitsprobleme gefunden
Auditiert von: claude

Qualitätsbewertung

38
Architektur
100
Wartbarkeit
87
Inhalt
50
Community
100
Sicherheit
100
Spezifikationskonformität

Was du bauen kannst

Payment System Development

Developers building payment processing systems can use this skill to implement PCI-compliant data handling, encryption, and tokenization from the start.

Compliance Audit Preparation

Security teams preparing for PCI DSS assessments can use the checklists and requirements documentation to identify gaps and remediation needs.

E-commerce Integration

Teams integrating payment gateways can learn how to minimize PCI scope using hosted payment pages and tokenization strategies.

Probiere diese Prompts

Basic PCI Requirements Overview 
Explain the 12 PCI DSS requirements and which ones apply to my e-commerce store that uses Stripe Checkout.
Encryption Implementation 
Show me how to encrypt cardholder data at rest using AES-256 in Python, including key management best practices.
Tokenization Strategy 
Compare Stripe tokenization versus building a custom token vault. What are the PCI scope implications of each approach?
Audit Logging Setup 
Create a PCI-compliant audit logging system that tracks all access to payment data, including the required fields and log retention policies.

Bewährte Verfahren

  • Never store CVV, PIN, or full track data under any circumstances
  • Use TLS 1.2 or higher for all data transmission involving cardholder information
  • Implement role-based access control and log all access to payment data

Vermeiden

  • Logging full card numbers or CVV codes in application logs
  • Using weak encryption algorithms like DES or RC4 for cardholder data
  • Sending card data to your own server instead of directly to the payment processor

Häufig gestellte Fragen

What is the difference between PCI DSS compliance levels?
Level 1 handles over 6 million transactions annually and requires an annual Report on Compliance (ROC). Level 2 handles 1-6 million transactions with annual Self-Assessment Questionnaire (SAQ). Level 3 covers 20,000-1 million e-commerce transactions. Level 4 is under 20,000 e-commerce or 1 million total transactions. Higher levels have stricter validation requirements.
Do I need PCI compliance if I use Stripe or PayPal?
Yes, but using hosted payment pages significantly reduces your scope. With Stripe Checkout or PayPal buttons, you typically qualify for SAQ A (simplest form) since card data never touches your servers. You still must complete annual validation and maintain basic security practices.
How long must I retain PCI audit logs?
PCI DSS requires retaining audit logs for at least one year, with a minimum of three months immediately available for analysis. Logs must include user identification, timestamp, event type, success/failure, and resource accessed.
Can I email customers their full credit card numbers?
No. Email is not encrypted and cannot meet PCI DSS transmission requirements. Never send full PAN, CVV, or any cardholder data via email, SMS, or chat. If customers need card information, provide secure access through authenticated portals only.
What encryption standard does PCI DSS require?
PCI DSS requires strong cryptography such as AES-256, RSA-2048 or higher, or equivalent. Weak algorithms like DES, RC4, and SSL/TLS below version 1.2 are prohibited. Encryption keys must be managed securely with proper rotation policies.
Do I need a firewall for PCI compliance?
Yes. Requirement 1 mandates firewall installation and maintenance to protect cardholder data environments. Firewalls must restrict connections between untrusted networks and systems handling payment data, with documented configuration standards and regular reviews.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/pci-compliance

Ref

main

Dateistruktur

đź“„ SKILL.md