How can data be migrated using the PayPal Credit Card Vault tool?
Use the PayPal Credit Card Vault to import or export sensitive customer data such as credit card data to or from a PayPal payment gateway while maintaining PCI compliance.
Legend
- Admin - The PayPal account executive, account manager, or integration engineer.
- Merchant - The merchant who wants to move their existing consumer profile data to and from PayPal.
- Payment processor - The external payment processor where the merchant's consumer profile data is currently present or needs to be migrated to.
- PayPal - The new or current payment processor for the merchant.
- Import report - The merchant report that contains the consumer identity and new payment token generated as part of the migration process.
- Export report - The merchant report that contains the card details as part of the export migration process.
Vetting process
The merchant must contact the PayPal sales team to initiate the migration process. The merchant will have to go through the PayPal vetting process (business model review, risk and PayPal compliance process). A dedicated technical integration resource (i.e., a PayPal integration engineer) will be assigned to each merchant once the vetting process has been completed.
Note: Getting Risk approval is a mandatory process. The merchant is advised not to initiate the migration process without vetting their business model and getting necessary approval from PayPal.
Fees
None.
Time frame
1-2 weeks.
Data Import Process
Note:
- PayPal requires that all files be encrypted with our PGP public key before being transmitted to us.
- PayPal only accepts files in encrypted CSV format (.csv.gpg).
- PayPal only accepts encrypted credit card files from PCI-compliant SFTP servers.
The easiest way for us to import your data from a payment processor is for you to work with your payment processor to provide us with an encrypted CSV file that includes at least the following fields:
- Consumer ID: Unique number to identify the consumer.
- First name: Consumer first name.
- Middle name: Consumer middle name (optional).
- Last name: Consumer last name.
- Email: Consumer email address.
- Card ID: Unique number to identify the credit card in case there are multiple cards for a single consumer.
- Credit card number: Full credit card number.
- Expiration date month: Two-digit month format (MM).
- Expiration date year: Two-digit year format (YY).
- Address street1: Consumer billing address street.
- Address street2: Consumer billing address street (optional).
- Address city: Consumer billing address city.
- Address state: Two-digit consumer billing address state.
- Address zip code: Consumer billing address zip code.
- Country code: Valid country code (2-digit or 3-digit).
Additional fields required for Recurring Billing:
- Profile name: A valid profile name.
- AMT: The dollar amount to be billed (use 34.00, not 34 and 1199.95, not 1,199.95).
- Start: The beginning date for the recurring billing cycle (use tomorrow's date or a date in the future).
- Term: The number of payments to be made over the life of the agreement (use 0 if payments should continue until the profile is deactivated).
- Pay period: How often the payment occurs, e.g. DAYS, WEEK, BIWK, SMMO, FRWK, MONT, QTER, SMYR, YEAR (use with the Frequency field).
- Frequency: If the pay period = DAYS and the frequency = 100, then a payment is collected once every 100 days.
- Max fail payments: Payment periods for which the transaction is allowed to fail before PayPal cancels a profile (optional).
- Retry num days: The number of consecutive days that PayPal should retry a failed transaction until it's approved (optional).
- Company name: The company name associated with this profile (optional).
Note: The first line of the CSV file should be the header.
Samples
Sample CSV credit card file for credit card data import process:
#customer_id,first_name,middle_name,last_name,email,card_id,acct,exp_month,exp_year,street1,street2,city,state,zipcode,country
1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US
Sample CSV credit card file for credit card recurring profile import process:
#customer_id,first_name,middle_name,last_name,email,card_id,acct,exp_month,exp_year,street1,street2,city,state,zipcode,country,profile_name,amount,start,pay_period,frequency,term,max_fail_payments,retry_num_days,company_name
1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US,"magazine subscription",122.30,09092018,WEEK,52,0,2,2,"ABC Ltd."
Note: These examples don't cover every type of import. If you need to deviate from this standard approach, please contact the dedicated technical integration resource to discuss your options. Once the import is complete, we will provide you with a report containing the customer IDs, card IDs, and new payment tokens that we created in PayPal gateway. We ask that no more than two imports be required: one initial load of customer information, and another load of the delta while your processing was switched over. We import data Monday through Friday, 10:00 am to 4:00 pm PST (US), excluding holidays.
Data portability process
- The merchant should provide the email address of the payment processor contact. The admin will set up a DropZone folder for the merchant and payment processor.
- The merchant should send an official email to the payment processor to initiate the consumer credit card file export process.
- The payment processor should use the PayPal PGP public key, given below, to encrypt the exported credit card file and upload it to the DropZone folder shared by the admin.
- The payment processor should send an email to the merchant (or admin) with the name of the uploaded file.
- The admin should start the migration process on the Credit Card Vault (Rogue) tool.
- The admin should generate the report with the new payment token generated and upload it to the DropZone folder shared with the merchant.
- The merchant should download the new report and update their system, replacing their old payment token with the new PayPal payment token.
- The merchant should inform the admin once they are live with PayPal as the payment processor.
- The merchant should revoke any third-party permissions given to the tool.
- The admin should delete/deactivate any account created on behalf of the user in PayPal for the data import process and inform the merchant.
PayPal PGP public key for encrypting Credit Card files
When you send us your sensitive customer data, you'll need to use our public key below to encrypt all files.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.67
mQENBGQO7FwBCACvlss+eQxRZ7FmLsK4v/Fim3btVeR6JeeOOPv8XcQ7Q0d5cnPT
kVt2CmvKsu/RKljRP/x/AiCDD91pO827CPL+0zKn6d+uHiPDrUCzeIHAzrScq6SG
PcfJphy5B3cgVkKIDLGtsEi5nE6NRBSbn8OpBML7B9WnzVgvaAM43xhQzuPcsZ2g
xI0UdhTGGlRS0SMP+uYUn61Z9p3k1Q3/qBmLvkH9mW7YclG1DWgzTbiEaSBsTOdN
SE1GKvW+pJ3STEYcpsLB75xtnZ8cwtimdX00sNUO0xiSWbQMrSajjy1XB+nTM0ie
pfVaOHi+L52Zw68wv5cQd3WVjTHG9y+Dcv3TABEBAAG0F3BheXBhbF9jcmVkaXR2
YXVsdF80MDk2iQE4BBMBAgAiBQJkDuxcAhsDBAsJCAcGFQgCCQoLAh4BBQkDwmcA
A4UB/wAKCRCBFfleETQW4+W3B/9PzMvhs2LsWP5b7DUn1EUOK3QhEKwcyEairWhH
Mznd8EIB1EOcZNe7lyqHXQNJmTNxk49Mn40pYdrwRrD17HEEIyE/AJMsdbB0CF3J
AzlvWRxrzjAw+dDHFSGvYy73M4h3IXZgOE5UW7bXSwLBWRDOc2LxjNG4OgmA4f+F
RvMSohn07t3aduo1kP84Es3RvqLVucgF4CBWB6W8xuNvmsO7RnErnL6xmOMKZYPY
wEDlBn3m/URNxPo69S8C0enJzPvAv20Nd2Jb7bOx4vCHW1FJfbmg9agHrYYkKzEl
8SKDk27hReIMWwx6tZFMxaYYdOeEjrk6DXVekkrZDuSCLVGquQENBGQO7FwBCAC0
fTMxWI5Uhnct1z43GVHkBJs79nagn+Y9L3kPq6yBKehGDmSOm9+eFpCTEku5Abz/
8sNXI2LgVG57RRoIy+DjJjwYaMpAWYGNlX0NuwQRoYbZu54G4yw5QxLZ+quYr5Xx
HJJtPXxnOiGnWfXYECYTaXYJg+mdbkiTcVcWDD44LoJiakoURWgP6dqRi7Qx1eZC
hIqTToautNZVccXk0V5SP7FGZckNEeRWXRti57Id4fP0hqmB3eeLrNQbHPf54EGC
/rTzL+s+mkL8hKBNkGaZXz5IIXBn9oh0EvqwIIS4kWceCrmTZC8U8z/wRYA4p6Xp
h7EDGHz0r/+1EzwaQqlbABEBAAGJASkEGAECABMFAmQO7F0CGwwFCQPCZwADhQH/
AAoJEIEV+V4RNBbjtNAH/1hxj6qJI9jaCb40SkPt2xivzQhyZjVmXwObSCbLfkpH
GxgQMPU0LWYqOPLfMZKNsdY26ZmOcBGCLreO/nOr90KSGpA2XVW0vjvqz5xgQW0t
HxyMrsJwt2cNvCigpA+lEBa2n99MVCGtPLOnZ4PnkWDha479g6Uq5/E2i7aVvaBW
eoxCji1d4oVVQ62aznpSkY2vRUUnN7rcfAjbe0+c2YcNwdA5XSYc72SxYULVra59
iwlWplsH62BBQtWVetPsoFgAzfLFw2drR7qYY24sBMrOeTpIhY70pDUafS6cKdyx
UH4GirnLxV8WaSBBAhs5eQ+gCeFwS+eZjFJGKl0RTNg=
=teqY
-----END PGP PUBLIC KEY BLOCK-----
PayPal PGP public key for encrypting SFTP credentials
When you send us your sensitive SFTP credentials, you'll need to use our public key below to encrypt your SFTP credentials.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.67
mQENBGQO+dABCAC1Aa6I+HwCSzWliRWeGu0Ps6nXCJFv2qxgTHrJU+9mcfoLDrRo
uowXopXFKA+sAlnkv+bp7AFM0tvapP8pqeFaXNwi8HcYla0vjJRO36a5exPFNEwN
fo3ljTHbxYnW07GSKK0FhuVFd9msneeFv/nYepzOH1K177BHUulI5hemZkyBXKFj
ubd4NX/3fnL2CypCaqNrfLXNk2r4aeNJSYbHIlK8TNOYuwL5ibRRERR5D2rAdyT3
R6PWHpfhEtI1S6jAs1MzdOJngbA9Xo9/I1mVJ1SCjGB/NXxzqoLNN5RONOHe8wFd
y1TTzsUaTEPn3nUgpDDmh+3gKJYfY0/RKCRJABEBAAG0FXBheXBhbF9wcm9jZXNz
b3JfNDA5NokBOAQTAQIAIgUCZA750AIbAwQLCQgHBhUIAgkKCwIeAQUJA8JnAAOF
Af8ACgkQXOXxXTLJc9iaWgf/XrOkI8Ii34jxXGHF7a9JTWrrKW+dnd8FBd6o+vTL
Ie/VnZ689METhACChr1NxwAOTwsgNqKwWWCVBqt+dC5aqr3XOAFBOBvSPWNWMK8Y
uhtD3qU1qlQNy74okZagJS79LkhC8Cmi8RSR9ACgpLCxIR24FZ9PAM7GhgoMI1K6
kl9ssZJqhwaevgAbPupDm8rhCl/yYlQflQysEzk44moLR3+7Kgir4ptev8HhJQ/K
NfpXU8lRrnCCbpD5+RmKxaFsk6nRC1l1Jh2iX6n7NJcyTfo71Ge6wI85+Mg+NmtC
N36iPzIZnmvc2UTEURTt9FmcJAZcv16URp9TcjdVmhADCLkBDQRkDvnQAQgAvyI1
IHdm2uOt1qGFKTPDf67wyQyjWPR3btlTPHthjNugIpsWk0eh2KpiSLD6hwx6CzTs
ox+E2Ilg2nwDfaNI0VP+UeXJ/tLi+PlZz2c4RDomyPCG5pfEQ8q7/yDrcsuCWEK3
x21VZJtMYpvzFKJGQd8FIxtzjx+5lnPxqkVgjl2pWp/KJ8WVMiKrrbPM1gGxILEV
fjj64YdTBRVSTS4NIs1mbmbKiSGWmbeOUSqrkeGzn22ENIgt+/t/TCYcH5jfyYCO
Uh8kGMr2SivFyhav1ENgk4+5i7mCe9TQQY+ci7pFQS+SOig+RxdPkv9i2n3/p6qn
Ics5SB60t3M/HVG8+QARAQABiQEpBBgBAgATBQJkDvnQAhsMBQkDwmcAA4UB/wAK
CRBc5fFdMslz2FBDB/wNOvMUM2qHK2t5UN/NBQ12XBgFKO5MZPZe3iVT7c9MBjg5
v1N9YGiLgGA/60y6BxDkRVLpg02UFcesw8Hr+Ntc6c022ekDj2G0N5wb3RCFvQUQ
O1FPyVx4OyFe3zgtZjNW9CFGwaLo6tj49QwgUhr5vshHDR4Hx/HO0y0ShcUHTKkG
HLSMHfjw0SCUo7UTz8tXszunvtHYjntDPowj42LQ6ZM57FfncpSCiEYoWhzFwPOU
h6wSPhkb+lJohm++J9VlX23HvIIhrIH38b2u8ydE+qOcnAWs8b63F9I1QrbE3kH1
bYUB5/8nQ7xEuTtLEOGANsFcTNkv6046NKV65rZ6
=wPuI
-----END PGP PUBLIC KEY BLOCK-----
Data Export Process
To initiate an export process, send a request via email to dl-paypal-payflow-data-migration@paypal.com with the following information:
Name:
Phone:
email:
Company Name:
Service: (i.e., Payflow/PayPal integration)
Login Name: (if Payflow)
3rd party vendor they are moving to:
Phone:
email:
Company Name:
Service: (i.e., Payflow/PayPal integration)
Login Name: (if Payflow)
3rd party vendor they are moving to:
A representative will reach out to discuss the migration.
Requirements to Initiate an Export
- Contract - PayPal will countersign the contract last.
- List the gateway/vendor/third-party information at the bottom where the file will be delivered via SFTP.
- On the top of page one, enter your company name and business address.
- Certificate - The third-party vendor that is receiving the credit card information must provide their most recent PCI-Compliance Attestation of Compliance (AoC) certificate.
- This PCI-scan will be validated with our PCI-compliance team.
- SFTP (Port 22) - URL, Username, and public key.
- PayPal will deliver the information after it's pulled on our end via SFTP to the vendor that supplied the valid PCI AoC certificate (not to the merchant directly). To do this, we will need to know the SFTP location to deliver to and appropriate information (username/password, etc.). SFTP must be on Port 22.
- The public key must be in pgp format, with the extension *.asc. Or you can send your PGP Block and we can save it accordingly in the correct format.
There are four types of payment identifiers for an Export Migration:
PayPal Transaction
1.PayPal Transaction IDs
- We will need all the PayPal Transaction IDs.
- The list must be in new line-separated Notepad.txt format.
Sample Input Transaction File for PayPal Transaction IDs:
3WF269588Y247415G
0DJ26409TS592692KSample export file for PayPal Transaction IDs:
#transaction_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,address1,city,state,country_code,zip_code,currency_code
3WF269588Y247415G,Success,PayPal,MTS,4716123113346438,12,2021,,12312 Port Grace Blv,La Vista,NE,US,68128,USD2.PayPal Recurring Profiles
- We will need all the PayPal Profiles IDs.
- The list must be in new line-separated Notepad.txt format.
Sample Input File for PayPal Recurring Profiles:
I-66HLJ9WHR3K4 Sample export file for PayPal Recurring Profiles:
#profile_id,decrypted_profile_id,result,subscriber_name,credit_card_num,exp_month,exp_year,phone_number,address1,line2,city,state,country_code,postal_code,currency_code,status,start_date,initial_amount,amount_paid,delinquent_amount,profile_reference,current_period_id,next_billing_time,num_failed_payments,trial_amount_paid,outsanding_balance_paid,ipn_notify_url,period_number,period_type,bill_period,bill_frequency,total_bill_cycles,bill_cycles_used,amount,ship_amount,tax_amount,period_start_time
I-66HLJ9WHR3K4,2121412,Success,Global Test Tool,4556969247882919,01,2022,,,,,,,,,A,Fri Jul 31 2020 16:00:00 GMT-0700 (Pacific Daylight Time),0,0,0,RPInvoice123,3122479,Sat Aug 01 2020 03:00:00 GMT-0700 (Pacific Daylight Time),0,0,,,1,T,D,1,4,0,200,2,2,Wed Dec 31 1969 16:00:00 GMT-0800 (Pacific Standard Time)
PayFlow Transactions
3.Payflow PNREFs
- We will need all the Payflow Transaction IDs (PNREFs).
- The Payflow PNREFs/Transaction IDs must be within the last 12 months.
- We will need to know the Partner Name and Vendor Name of your Payflow account.
- We will create a new User-role in your Payflow account to complete the export.
- The list must be in new line-separated Notepad.txt format.
Sample Input File for Payflow PNREFs:
B50P0C291FCB Sample export file for Payflow PNREFs:
#transaction_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,line1,line2,city,state,company,country,postal_code,email,currency_code
B50P0C291FCB,0,John,Smith,6840,10,20,,123 Main St,,SanJose,CA,,US,68128,,USD
4.Payflow Recurring Profiles
- We will need all the Payflow Recurring Profile IDs.
- We can only pull for “active profiles”.
- We will need to know the Partner Name and Vendor Name of the account.
- We will create a new User-role in your Payflow account to complete the export.
- The list must be in new line separated Notepad.txt format.
The Sample Input File for Payflow Recurring Profiles :
RP0000001223Sample export file for Payflow Recurring Profiles:
#profile_id,decrypted_profile_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,line1,line2,city,state,company,country,postal_code,email,currency_code,subscriber_name,status,start,term,next_payment,end,pay_period,creation_date,last_changed,cancel_date,next_payment_num,comment1,frequency,tender,amt,payments_left,aggregate_amt,aggregate_optional_amt,max_fail_payments,num_fail_payments,retry_num_days
RP0000001223,,0,,,4916XXXXXXXX6840,,,,123 Main St,,,,,,68128,customer@email.com,USD,GlobalTest Profile Creation,ACTIVE,04302020,0,08132020,,WEEK,04172020,08092020,,16,,1,C,0.01,,0.00,0.00,0,15,3During the export process, an integration engineer will work with your new external payment processor to acquire their PGP key. The admin will share a PayPal DropZone folder with the member from the new payment processor. All the credit card details associated with the payment identifiers provided in the input files will be exported as an encrypted file (with the given PGP key). The encrypted file will be uploaded into the shared DropZone folder. Each card record will be on its own row.
Note:
- PayPal only exports files encrypted with the PGP public key acquired from the payment processor.
- PayPal only sends encrypted credit card file to a PCI-compliant SFTP server.
PayPal DropZone Access
DropZone is PayPal's secure file transfer platform that securely sends files, receives files, and automates regular file transfers.
For more information about accessing DropZone, see What is DropZone and how do I use it to send files to PayPal?
Still Have Questions?
- If you have questions about importing your customers' data into PayPal, email our Data Migration Support team.
- If you have questions about exporting your customers' data out of PayPal, email our Support team.
Was this article helpful?