Stripe Terminal payments and PCI compliance

PCI Validation for in-person payments is handled differently than for online payments.

For in-person payments such as those collected through Stripe Terminal, merchants often choose to validate PCI compliance for these transactions via separate documentation -- typically form SAQ C or SAQ P2PE-- that asks your organization to attest to controls unique to in-person payments.

Details for businesses using end-to-end encryption (E2EE)

Stripe Terminal by default provides E2EE. Users leveraging this solution have access to a pre-filled SAQ C document, for those transactions processed through Terminal, directly in your Dashboard under Compliance Settings.

Details for businesses using point-to-point encryption (P2PE)

For users who have signed up for Stripe Terminal P2PE, Stripe provides a pre-filled SAQ P2PE document for those transactions processed through Terminal directly in your Dashboard under Compliance Settings.

You can also find more details about our point-to-point encryption (P2PE) solution here.

Stripe monitors your transaction volume and will notify you ahead of time if you need to validate PCI compliance another way, such as a Report on Compliance (required in place of an SAQ for businesses processing more than 6 million transactions per year).

If you integrate with Stripe using additional methods, you must illustrate compliance for them separately. Depending on your integration, you may qualify for our pre-completed SAQ A (if you use Elements, Checkout, or our mobile SDKs).