Stripe Terminal encrypts sensitive card information as soon as it is presented to the card reader. The reader sends sensitive data to Stripe via end-to-end encryption and tokenises the card data. The Terminal SDKs, and by extension the merchant's point-of-sale application, only receive the Stripe payment token, never any sensitive card information. As a result, the point-of-sale application using Stripe Terminal cannot handle card data and is thus out of scope for PCI compliance.

By default, all payments using Terminal are securely encrypted using end-to-end encryption (E2EE). You can find more details about our point-to-point encryption (P2PE) solution here.