PCI validation for in-person payments is handled differently than for online payments.

For in-person payments such as those collected through Stripe Terminal, merchants often choose to validate PCI compliance for these transactions via separate documentation – typically form SAQ C or form SAQ P2PE – that asks your organisation to attest to controls unique to in-person payments.

Details for businesses using end-to-end encryption (E2EE)

Stripe Terminal provides E2EE by default. Users leveraging this solution can access a pre-filled SAQ C document, for transactions processed through Terminal, directly in your Dashboard under Compliance settings.

Details for businesses using point-to-point encryption (P2PE)

For users who have signed up for Stripe Terminal P2PE, Stripe provides a pre-filled SAQ P2PE document for those transactions processed through Terminal directly in your Dashboard under Compliance settings.

You can also find more details about our point-to-point encryption (P2PE) solution here.

---

Stripe monitors your transaction volume and will notify you ahead of time if you need to validate PCI compliance another way, such as a Report on Compliance (required in place of an SAQ for businesses processing more than six million transactions per year).

If you integrate with Stripe using additional methods, you must illustrate compliance for them separately. Depending on your integration, you may qualify for our pre-completed SAQ A (if you use Elements, Checkout or our mobile SDKs).