Skill

compliance-pci

Guides PCI DSS compliance for payment systems: SAQ A vs D scoping, Stripe Elements tokenization, CDE network segmentation, encryption, audit logging. Use to implement/review card handling and reduce scope.

Stripe

security

npx claudepluginhub rnavarych/alpha-engineer --plugin billy-milligan

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/billy-milligan:compliance-pci

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGrepGlob

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

- Implementing payment card processing

Supporting Files

references/cardholder-data.mdreferences/network-segmentation.mdreferences/saq-selection.md

SKILL.md

31 lines · ~397 tokens

Similar Skills

domain-ecommerce:pci-compliance

Guides PCI DSS compliance for e-commerce checkouts: SAQ A/A-EP/D selection, cardholder data handling, Stripe/Braintree/Adyen tokenization, secure forms (iframes/hosted fields), network segmentation, scans, pentests, and audit prep.

2 files4 tools

domain-ecommerce

pci-compliance

37.9k

Guides PCI DSS compliance for secure payment processing and cardholder data handling, covering 12 requirements, data minimization, encryption, tokenization, and audits.

antigravity-bundle-security-developer

pci-dss-compliance

Guides PCI DSS compliance planning for payment card handling, covering cardholder data rules, the 12 requirements, scope reduction via tokenization, SAQ selection, and security controls. For e-commerce and payment gateways.

6 tools

compliance-planning

Stats

LanguageShell

Parent stars13

Parent forks1

MaintenanceExcellent

Last CommitMar 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

PCI DSS Compliance

When to use

Implementing payment card processing

Reducing PCI scope with hosted fields / Elements

Reviewing what data can/cannot be stored

Designing network segmentation for CDE

Choosing SAQ level for annual assessment

Core principles

Never store raw card data — full PAN, CVV, magnetic stripe data must never touch your servers

Reduce scope, don't solve scope — use Stripe Elements / Braintree Hosted Fields to push scope to the processor

Tokenize, never transmit — use processor tokens (pm_xxx, tok_xxx); your app never sees raw card numbers

CVV must never be stored — not even transiently in logs; PCI Req 3.3 is absolute

SAQ A is achievable for most SaaS — if you use hosted card collection, you avoid SAQ D's 300+ controls

References available

references/saq-selection.md — SAQ A vs SAQ A-EP vs SAQ D decision tree, control counts, scope criteria

references/cardholder-data.md — what to store vs what to forbid, tokenization schema, webhook security patterns

references/network-segmentation.md — CDE boundary design, firewall rules, segmentation testing

PCI DSS Compliance

When to use

Implementing payment card processing
Reducing PCI scope with hosted fields / Elements
Reviewing what data can/cannot be stored
Designing network segmentation for CDE
Choosing SAQ level for annual assessment

Core principles

Never store raw card data — full PAN, CVV, magnetic stripe data must never touch your servers
Reduce scope, don't solve scope — use Stripe Elements / Braintree Hosted Fields to push scope to the processor
Tokenize, never transmit — use processor tokens (pm_xxx, tok_xxx); your app never sees raw card numbers
CVV must never be stored — not even transiently in logs; PCI Req 3.3 is absolute
SAQ A is achievable for most SaaS — if you use hosted card collection, you avoid SAQ D's 300+ controls

References available

references/saq-selection.md — SAQ A vs SAQ A-EP vs SAQ D decision tree, control counts, scope criteria
references/cardholder-data.md — what to store vs what to forbid, tokenization schema, webhook security patterns
references/network-segmentation.md — CDE boundary design, firewall rules, segmentation testing

compliance-pci

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

compliance-pci

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

PCI DSS Compliance

When to use

Core principles

References available

Similar Skills

Help us improve

PCI DSS Compliance

When to use

Core principles

References available