diff --git a/src/BTCPayServer.NTag424/AESKey.cs b/src/BTCPayServer.NTag424/AESKey.cs
index 7040d4d..598d567 100644
--- a/src/BTCPayServer.NTag424/AESKey.cs
+++ b/src/BTCPayServer.NTag424/AESKey.cs
@@ -68,9 +68,9 @@ public class AESKey
     }
     public bool CheckSunMac([NotNullWhen(true)] string? mac, PICCData piccData, byte[]? payload = null)
     {
-        if (mac is null || !Regex.IsMatch(mac, "[a-f0-9A-F]{16}"))
+        if (!PICCData.ValidateC(mac))
             return false;
-        return CheckSunMac(mac.HexToBytes(), piccData, payload);
+        return CheckSunMac(mac[0..16].HexToBytes(), piccData, payload);
     }
 
     public byte[] GetSunMac(PICCData piccData, byte[]? payload = null)
diff --git a/src/BTCPayServer.NTag424/BTCPayServer.NTag424.csproj b/src/BTCPayServer.NTag424/BTCPayServer.NTag424.csproj
index fb4003c..7ca65c1 100644
--- a/src/BTCPayServer.NTag424/BTCPayServer.NTag424.csproj
+++ b/src/BTCPayServer.NTag424/BTCPayServer.NTag424.csproj
@@ -5,7 +5,7 @@
     <TargetFramework>net8.0</TargetFramework>
     <LangVersion>10.0</LangVersion>
     <Nullable>enable</Nullable>
-    <Version>1.0.22</Version>
+    <Version>1.0.23</Version>
   </PropertyGroup>
 
   <PropertyGroup>
diff --git a/src/BTCPayServer.NTag424/PICCData.cs b/src/BTCPayServer.NTag424/PICCData.cs
index 9d4d4a9..bccfb2b 100644
--- a/src/BTCPayServer.NTag424/PICCData.cs
+++ b/src/BTCPayServer.NTag424/PICCData.cs
@@ -58,7 +58,7 @@ public record BoltcardPICCData : PICCData
     {
         if (!ValidateP(p))
             return null;
-        var bytes = encryptionKey.Decrypt(p.HexToBytes());
+        var bytes = encryptionKey.Decrypt(p[0..32].HexToBytes());
         if (!ValidateBoltcardPICCData(bytes))
             return null;
         return new BoltcardPICCData(PICCData.Create(bytes));
@@ -120,8 +120,8 @@ public record PICCData(byte[]? Uid, int? Counter)
             return null;
         return TryBoltcardDecryptCheck(encryptionKey, authenticationKey, p, c, payload);
     }
-    internal static bool ValidateP(string p) => p != null && Regex.IsMatch(p, "[a-f0-9A-F]{32}");
-    internal static bool ValidateC(string c) => c != null && Regex.IsMatch(c, "[a-f0-9A-F]{16}");
+    internal static bool ValidateP([NotNullWhen(true)] string? p) => p is not null && Regex.IsMatch(p, "^[a-f0-9A-F]{32}");
+    internal static bool ValidateC([NotNullWhen(true)] string? c) => c is not null && Regex.IsMatch(c, "^[a-f0-9A-F]{16}");
 
     /// <summary>
     /// Decrypt the PICCData from the Boltcard and check the checksum.
@@ -137,7 +137,7 @@ public record PICCData(byte[]? Uid, int? Counter)
         if (!ValidateP(p) || !ValidateC(c))
             return null;
 
-        var bytes = encryptionKey.Decrypt(p.HexToBytes());
+        var bytes = encryptionKey.Decrypt(p[0..32].HexToBytes());
         PICCData piccData;
         try
         {