Stripe Terminal encrypts sensitive card information the moment it is presented to the card reader. The reader sends sensitive data to Stripe via end-to-end encryption and tokenizes the card data. The Terminal SDKs, and by extension the merchant’s point of sale application, only receive the Stripe payment token, never any sensitive card information. As a result, the point of sale application using Stripe Terminal cannot handle card data and is thus out of scope for PCI compliance.
All payments using Terminal are securely encrypted using end-to-end encryption (E2EE) by default. You can find more details about our point-to-point encryption (P2PE) solution here.