Point-to-Point Encryption and PCI P2PE

Our Payment Terminals ensure Point-to-Point Encryption for all your transactions. It complies with the highest standard for securing cardholder data. A35, A920Pro and IM30 are also certified PCI P2PE (reference: 2025-01644.001).


1. What is Point-to-Point Encryption (P2PE)?

Point-to-Point Encryption (P2PE) is a powerful security standard designed to protect payment card data from the moment a card is read until the data is securely sent to our server.

In simple terms:

  1. The Point of Interaction (POI): As soon as a customer’s card data is entered into our Payment Terminal, the data is immediately encrypted within the device.

  2. The Point of Decryption: The data remains encrypted until being securely received onto our servers, in a secure environment.

This process ensures that sensitive cardholder data, such as the card number (PAN), never exists in a clear, readable format within merchant's environment. This prevent a frauder to collect sensitive data during an operation.

All our Payment Terminals use Point-to-Point Encryption by default.


2. How PCI P2PE Simplifies Your Security and Compliance

Implementing our PCI P2PE certified solution can offer three significant advantages for merchants:

  • PCI DSS Scope Reduction: This is the primary benefit. Because cardholder data is encrypted, the number of applicable requirements you need to comply with is significantly reduced (PCI DSS). You may be eligible to complete the Self-Assessment Questionnaire (SAQ P2PE), instead of a full audit.

  • Superior Data Breach Protection: P2PE is specifically designed to neutralize modern threats, that attempts to steal card data. By encrypting the data all the time in the Payment Terminal, this risk is eliminated.

  • PCI SSC Validation: P2PE certification is an independent validation organized by PCI SSC. This provides an external audit, confirming that our solution meets the highest industry standards to protect payment data.

Currently, only A35, A920Pro and IM30 have been certified with PCI P2PE standard. If you wish to use other devices under this certification, please reach out to your sale representative.


3. Merchant's role

While P2PE significantly reduces merchant's compliance burden, it does not eliminate it completely. Merchants, must follow specific operational requirements described in the P2PE Instruction Manual (PIM), attach at the end of this page. 

The key constraint involves operational due diligence:

  • Increased Operational Effort: You must implement and maintain security procedures. This includes performing periodic physical inspections of your terminals, confirming devices have not been tampered.

  • Follow terminal lifecycle: You must follow the full lifecycle of each of your device, knowing where they are during their full lifespan, maintaining an up-to-date inventory of all devices.

The compliance with PCI P2PE standards relies solely on the Merchant. Market Pay provides a PCI P2PE compliant solution, ensuring encryption of the sensitive data and secure processes.

Related to