• Payments and Transfers
  • Disputes and Limitations
  • My Account
  • My Wallet
  • Login & Security
  • Seller Tools

How can data be migrated using the PayPal Credit Card Vault tool?

Use the PayPal Credit Card Vault to import or export sensitive customer data such as credit card data to or from a PayPal payment gateway while maintaining PCI compliance.


  • Admin - The PayPal account executive, account manager, or integration engineer.
  • Merchant - The merchant who wants to move their existing consumer profile data to and from PayPal.
  • Payment processor - The external payment processor where the merchant's consumer profile data is currently present or needs to be migrated to.
  • PayPal - The new or current payment processor for the merchant.
  • Import report - The merchant report that contains the consumer identity and new payment token generated as part of the migration process.
  • Export report - The merchant report that contains the card details as part of the export migration process.

Vetting process

The merchant must contact the PayPal sales team to initiate the migration process. The merchant will have to go through the PayPal vetting process (business model review, risk and PayPal compliance process). A dedicated technical integration resource (i.e., a PayPal integration engineer) will be assigned to each merchant once the vetting process has been completed.

Note: Getting Risk approval is a mandatory process. The merchant is advised not to initiate the migration process without vetting their business model and getting necessary approval from PayPal.


Time frame
1-2 weeks.

Data Import Process


  • PayPal requires that all files be encrypted with our PGP public key before being transmitted to us.
  • PayPal only accepts files in encrypted CSV format (.csv.gpg).
  • PayPal only accepts encrypted credit card files from PCI-compliant SFTP servers.

The easiest way for us to import your data from a payment processor is for you to work with your payment processor to provide us with an encrypted CSV file that includes at least the following fields:

  • Consumer ID: Unique number to identify the consumer.
  • First name: Consumer first name.
  • Middle name: Consumer middle name (optional).
  • Last name: Consumer last name.
  • Email: Consumer email address.
  • Card ID: Unique number to identify the credit card in case there are multiple cards for a single consumer.
  • Credit card number: Full credit card number.
  • Expiration date month: Two-digit month format (MM).
  • Expiration date year: Two-digit year format (YY).
  • Address street1: Consumer billing address street.
  • Address street2: Consumer billing address street (optional).
  • Address city: Consumer billing address city.
  • Address state: Two-digit consumer billing address state.
  • Address zip code: Consumer billing address zip code.
  • Country code: Valid country code (2-digit or 3-digit).

Additional fields required for Recurring Billing:

  • Profile name: A valid profile name.
  • AMT: The dollar amount to be billed (use 34.00, not 34 and 1199.95, not 1,199.95).
  • Start: The beginning date for the recurring billing cycle (use tomorrow's date or a date in the future).
  • Term: The number of payments to be made over the life of the agreement (use 0 if payments should continue until the profile is deactivated).
  • Pay period: How often the payment occurs, e.g. DAYS, WEEK, BIWK, SMMO, FRWK, MONT, QTER, SMYR, YEAR (use with the Frequency field).
  • Frequency: If the pay period = DAYS and the frequency = 100, then a payment is collected once every 100 days.
  • Max fail payments: Payment periods for which the transaction is allowed to fail before PayPal cancels a profile (optional).
  • Retry num days: The number of consecutive days that PayPal should retry a failed transaction until it's approved (optional).
  • Company name: The company name associated with this profile (optional).

​Note: The first line of the CSV file should be the header.


Sample CSV credit card file for credit card data import process:  

1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US

Sample CSV credit card file for credit card recurring profile import process:  

1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US,"magazine subscription",122.30,09092018,WEEK,52,0,2,2,"ABC Ltd."

Note: These examples don't cover every type of import. If you need to deviate from this standard approach, please contact the dedicated technical integration resource to discuss your options. Once the import is complete, we will provide you with a report containing the customer IDs, card IDs, and new payment tokens that we created in PayPal gateway. We ask that no more than two imports be required: one initial load of customer information, and another load of the delta while your processing was switched over. We import data Monday through Friday, 10:00 am to 4:00 pm PST (US), excluding holidays.

Data portability process

  • The merchant should provide the email address of the payment processor contact. The admin will set up a DropZone folder for the merchant and payment processor.
  • The merchant should send an official email to the payment processor to initiate the consumer credit card file export process.
  • The payment processor should use the PayPal PGP public key, given below, to encrypt the exported credit card file and upload it to the DropZone folder shared by the admin.
  • The payment processor should send an email to the merchant (or admin) with the name of the uploaded file.
  • The admin should start the migration process on the Credit Card Vault (Rogue) tool.
  • The admin should generate the report with the new payment token generated and upload it to the DropZone folder shared with the merchant.
  • The merchant should download the new report and update their system, replacing their old payment token with the new PayPal payment token.
  • The merchant should inform the admin once they are live with PayPal as the payment processor.
  • The merchant should revoke any third-party permissions given to the tool.
  • The admin should delete/deactivate any account created on behalf of the user in PayPal for the data import process and inform the merchant.

PayPal PGP public key for encrypting Credit Card files

When you send us your sensitive customer data, you'll need to use our public key below to encrypt all files.

Version: BCPG v1.67



PayPal PGP public key for encrypting SFTP credentials

When you send us your sensitive SFTP credentials, you'll need to use our public key below to encrypt your SFTP credentials.

Version: BCPG v1.67



Data Export Process

To initiate an export process, send a request via email to dl-paypal-payflow-data-migration@paypal.com with the following information:
Company Name: 
Service: (i.e., Payflow/PayPal integration)
Login Name: (if Payflow)
3rd party vendor they are moving to:
A representative will reach out to discuss the migration.

Requirements to Initiate an Export

  • Contract - PayPal will countersign the contract last.
    • List the gateway/vendor/third-party information at the bottom where the file will be delivered via SFTP.
    • On the top of page one, enter your company name and business address.
  • Certificate - The third-party vendor that is receiving the credit card information must provide their most recent PCI-Compliance Attestation of Compliance (AoC) certificate. 
    • This PCI-scan will be validated with our PCI-compliance team.
  • SFTP (Port 22) - URL, Username, and public key.
    • PayPal will deliver the information after it's pulled on our end via SFTP to the vendor that supplied the valid PCI AoC certificate (not to the merchant directly). To do this, we will need to know the SFTP location to deliver to and appropriate information (username/password, etc.). SFTP must be on Port 22.
    • The public key must be in pgp format, with the extension *.asc. Or you can send your PGP Block and we can save it accordingly in the correct format.

There are four types of payment identifiers for an Export Migration:

PayPal Transaction

1.PayPal Transaction IDs

  • We will need all the PayPal Transaction IDs.
  • The list must be in new line-separated Notepad.txt format.
Sample Input Transaction File for PayPal Transaction IDs:

Sample export file for PayPal Transaction IDs:
3WF269588Y247415G,Success,PayPal,MTS,4716123113346438,12,2021,,12312 Port Grace Blv,La Vista,NE,US,68128,USD

2.PayPal Recurring Profiles

  • We will need all the PayPal Profiles IDs.
  • The list must be in new line-separated Notepad.txt format.
 Sample Input File for PayPal Recurring Profiles:

Sample export file for PayPal Recurring Profiles:
I-66HLJ9WHR3K4,2121412,Success,Global Test Tool,4556969247882919,01,2022,,,,,,,,,A,Fri Jul 31 2020 16:00:00 GMT-0700 (Pacific Daylight Time),0,0,0,RPInvoice123,3122479,Sat Aug 01 2020 03:00:00 GMT-0700 (Pacific Daylight Time),0,0,,,1,T,D,1,4,0,200,2,2,Wed Dec 31 1969 16:00:00 GMT-0800 (Pacific Standard Time)


PayFlow Transactions

3.Payflow PNREFs

  • We will need all the Payflow Transaction IDs (PNREFs).
  • The Payflow PNREFs/Transaction IDs must be within the last 12 months.
  • We will need to know the Partner Name and Vendor Name of your Payflow account.
  • We will create a new User-role in your Payflow account to complete the export.
  • The list must be in new line-separated Notepad.txt format.
Sample Input File for Payflow PNREFs:

Sample export file for Payflow PNREFs:
B50P0C291FCB,0,John,Smith,6840,10,20,,123 Main St,,SanJose,CA,,US,68128,,USD


4.Payflow Recurring Profiles

  • We will need all the Payflow Recurring Profile IDs.  
  • We can only pull for “active profiles”.
  • We will need to know the Partner Name and Vendor Name of the account.
  • We will create a new User-role in your Payflow account to complete the export.
  • The list must be in new line separated Notepad.txt format.

The Sample Input File for Payflow Recurring Profiles :

Sample export file for Payflow Recurring Profiles:
RP0000001223,,0,,,4916XXXXXXXX6840,,,,123 Main St,,,,,,68128,customer@email.com,USD,GlobalTest Profile Creation,ACTIVE,04302020,0,08132020,,WEEK,04172020,08092020,,16,,1,C,0.01,,0.00,0.00,0,15,3

During the export process, an integration engineer will work with your new external payment processor to acquire their PGP key. The admin will share a PayPal DropZone folder with the member from the new payment processor. All the credit card details associated with the payment identifiers provided in the input files will be exported as an encrypted file (with the given PGP key). The encrypted file will be uploaded into the shared DropZone folder. Each card record will be on its own row.  
  • PayPal only exports files encrypted with the PGP public key acquired from the payment processor.
  • PayPal only sends encrypted credit card file to a PCI-compliant SFTP server.

PayPal DropZone Access

DropZone is PayPal's secure file transfer platform that securely sends files, receives files, and automates regular file transfers.

For more information about accessing DropZone, see What is DropZone and how do I use it to send files to PayPal?

Still Have Questions?

  • If you have questions about importing your customers' data into PayPal, email our Data Migration Support team.
  • If you have questions about exporting your customers' data out of PayPal, email our Support team.
Was this article helpful?

More ways we can help

How are we doing?
Take our survey