Skill

domain-fintech:fintech-security

Guides fintech security: HSM integration (key generation, signing, encryption), key management (BYOK, rotation, ceremony), PCI DSS, data encryption/tokenization, SMPC/ZKP, SOC 2 Type II. Use for financial system security controls.

security

npx claudepluginhub rnavarych/alpha-engineer --plugin domain-fintech

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/domain-fintech:fintech-security

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGrepGlobBash

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

- Implementing HSM-backed signing or envelope encryption

Supporting Files

references/advanced-crypto-compliance.mdreferences/hsm-key-management.mdreferences/pci-dss-encryption.md

SKILL.md

28 lines · ~493 tokens

Similar Skills

configuring-hsm-for-key-storage

Configures HSMs via PKCS#11 for secure key storage, generation, management, and crypto operations like signing/encryption. Covers SoftHSM2 dev setup and AWS/Azure CloudHSM.

asi

configuring-hsm-for-key-storage

12.3k

Configures HSMs via PKCS#11 for key generation, signing, encryption, and key management using SoftHSM2 or cloud HSMs (AWS, Azure).

7 files

cybersecurity-skills

pci-compliance

39.2k

Guides PCI DSS compliance for secure payment processing and cardholder data handling, covering 12 requirements, data minimization, encryption, tokenization, and audits.

antigravity-awesome-skills

Stats

LanguageShell

Parent stars13

Parent forks1

MaintenanceGood

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Fintech Security

When to use

Implementing HSM-backed signing or envelope encryption

Managing cryptographic key lifecycle (rotation, BYOK, key ceremony)

Scoping and implementing PCI DSS controls

Designing tokenization for card data or PII

Evaluating SMPC or ZKP for privacy-preserving financial computations

Preparing for SOC 2 Type II audit evidence collection

Core principles

Keys never leave the HSM boundary in plaintext — envelope encryption; DEKs protect data, HSM protects DEKs

Tokenize at the earliest point — reduce PCI scope before data touches your systems

Defense-in-depth encryption — TDE at rest + FLE at application layer, not one or the other

Rotate on a schedule, not on breach — 90-day symmetric rotation with zero-downtime dual-key period

Automate SOC 2 evidence — continuous control monitoring beats point-in-time manual checks every time

Reference Files

references/hsm-key-management.md — HSM key generation, signing, envelope encryption, cloud HSM options, key lifecycle, BYOK, rotation policy, and key ceremony procedure

references/pci-dss-encryption.md — PCI DSS scope reduction, key requirements (3/4/6/7/8/10/11), tokenization architecture, field-level encryption, encryption at rest and in transit

references/advanced-crypto-compliance.md — SMPC use cases and implementation approaches, ZKP protocols (zk-SNARKs, zk-STARKs, Bulletproofs), SOC 2 Type II trust service criteria and fintech-specific evidence automation

Fintech Security

When to use

Implementing HSM-backed signing or envelope encryption
Managing cryptographic key lifecycle (rotation, BYOK, key ceremony)
Scoping and implementing PCI DSS controls
Designing tokenization for card data or PII
Evaluating SMPC or ZKP for privacy-preserving financial computations
Preparing for SOC 2 Type II audit evidence collection

Core principles

Keys never leave the HSM boundary in plaintext — envelope encryption; DEKs protect data, HSM protects DEKs
Tokenize at the earliest point — reduce PCI scope before data touches your systems
Defense-in-depth encryption — TDE at rest + FLE at application layer, not one or the other
Rotate on a schedule, not on breach — 90-day symmetric rotation with zero-downtime dual-key period
Automate SOC 2 evidence — continuous control monitoring beats point-in-time manual checks every time

Reference Files

references/hsm-key-management.md — HSM key generation, signing, envelope encryption, cloud HSM options, key lifecycle, BYOK, rotation policy, and key ceremony procedure
references/pci-dss-encryption.md — PCI DSS scope reduction, key requirements (3/4/6/7/8/10/11), tokenization architecture, field-level encryption, encryption at rest and in transit
references/advanced-crypto-compliance.md — SMPC use cases and implementation approaches, ZKP protocols (zk-SNARKs, zk-STARKs, Bulletproofs), SOC 2 Type II trust service criteria and fintech-specific evidence automation

domain-fintech:fintech-security

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

domain-fintech:fintech-security

Popularity

Invocation

Tool Access

Context Preview

Supporting Files

SKILL.md

Fintech Security

When to use

Core principles

Reference Files

Similar Skills

Help us improve

Fintech Security

When to use

Core principles

Reference Files