Point-to-point encryption provides an additional layer of protection for cardholder data beyond SSL. There is debate around the best encryption algorithm to use, with options including triple-DES, PGP, and symmetric or asymmetric keys. Proper implementation of encryption and decryption logic is important, with decryption occurring either through software or hardware security modules that prevent exposure of encryption keys. Encryption can happen at different points like card entry, within payment terminals, or outside via libraries. While security is a key driver, point-to-point encryption also allows some merchants to avoid PCI compliance requirements.