Your suggested change has been received. Thank you.


Suggest A Change….


payShield Cloud Services

Point-to-Point Encryption


Point-to-Point Encryption

Point-to-Point Encryption


The Point-to-Point Encryption service is currently available as a free Technology Preview. The P2PE service will be a chargeable service in the future. Please subscribe to the DPoD Changelog for the latest updates to DPoD Platform and services.

Point-to-Point Encryption is a cloud native service that provides access to a Thales DPoD Luna Cloud HSM and a set of utilities for secure storage and generation of Base Derivation Keys (BDKs) and Derived Keys. The DPoD P2PE service provides the HSM capabilities required to decrypt electronic payment transactions first encrypted by a point-of-sale terminal. P2PE service keys can initialize point-of-sales terminals and decrypt data originating from point-of-sales terminals.

The P2PE service is configured inside of a Docker Container. The Docker Container uses TLS to communicate with the Thales DPoD Luna Cloud HSM and a P2PE CLI to generate and manage P2PE encryption keys. We recommend you review the CIS Guidelines for Docker for security guidelines for running a Docker Image before using your P2PE service in a non-test environment. The P2PE Docker Image is supported on Linux operating systems using Docker version 19.03 and greater.

The provisioned P2PE service can support up to 40 concurrent client application connections. For example, a single service can encrypt/decrypt operations on up to 40 payment terminals. The service may experience a reduction in available transactions per second if performing cryptographic operations for more than 40 applications.